Skip to main content

Half of companies don't know if their security is working

(Image credit: Image source: Shutterstock/deepadesigns)

More than half of enterprises are clueless if their cybersecurity solutions are doing a good job or not. This is according to the Ponemon Institute and AttackIQ’s new report, called “The Cybersecurity Illusion: The Emperor Has No Clothes”.

Based on a poll of 577 IT security workers from US enterprises, the report says that cybersecurity budgets are rising, but overall awareness is not.

Every year, enterprises spend roughly $18 million on cybersecurity solutions, with more than half planning on increasing their budgets next year. Yet, once the setup is complete, they’re mostly in the dark about the actual performance of the solutions. Almost two thirds (63 per cent) experienced their cybersecurity solution reporting a threat as blocked, when in reality – it was not.

The report seems to suggest that one of the problems lies in enterprises having too many deployments. An enterprise has, on average, 47 cybersecurity solutions deployed.

Not being in the clear on the potential success (or lack thereof) of these tools also makes it harder for the procurement department to justify ROI. Around a third (39 per cent) believe their enterprise gets full value from their investment.

"When processes and solutions like this fail, many companies respond by throwing more money at the problem," Larry Ponemon, founder and chairman of the Ponemon Institute commented. "Further security spending needs to be put on hold until enterprise IT and security leaders understand why their current investments are not able to detect and block all known adversary techniques, tactics, and procedures."

AttackIQ full report can be found on this link.