Corporate cybersecurity concerns and spend continue to rise, but so do breaches

More than 50 percent of security and IT leaders agree that they are very concerned about the security of corporate endpoints given the prevalence of sophisticated attack vectors like ransomware, disruptionware, phishing and more, according to a survey from RSA Conference 2020 by Absolute.

Cybersecurity spending on the rise

According to recent industry reports, 2019 saw a record number of more than 5,000 breaches as well “an unprecedented and unrelenting barrage of ransomware attacks” in the U.S. that impacted at least 966 businesses, government agencies, educational establishments and healthcare providers at a potential cost of more than $7.5 billion.

It’s no surprise, then, that global cybersecurity spending continues its steep incline – estimated to reach $174 billion by 2022 – as organizations work to thwart attackers and mitigate breaches with additional layers of security controls.

When it comes to how organizations are spending these dollars to protect sensitive data and devices, more than 80 percent of respondents reported the use of endpoint security tools and multi-factor authentication.

Prevention is essential

More than half of the respondents also relayed that prevention remains the core area of security focus and investment, even though a recent study shows that 60 percent of data breaches are the result of vulnerabilities that the enterprise already knew about but failed to address.

“The reality is that cybersecurity concerns and spend continue to rise, and yet so do breaches,” said Christy Wyatt, CEO of Absolute.

“To best prepare for the inevitable, companies need to look for capabilities that allow their endpoints to quickly heal and bounce back if they should become compromised or removed during an attack. The organizations that adopt a resilience-based strategy will be the ones who are able to respond, recover, and minimize the impact of a breach.”

Other key findings

• Nearly three in four respondents were familiar with the concepts of ‘cyber resilience‘ and ‘endpoint resilience.’
• A significant population – more than one in three – noted incident response, recovery, or resilience as the most important element of their organization’s strategy, while 55 percent said prevention was key.
• More than three in four respondents reported their organizations are using endpoint security tools, multi-factor authentication, and employee training and education to protect data, devices, and users, while less than half noted the use of tools focused on tracking missing, lost, or stolen devices or ensuring vendor / partner security.