Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
DEC 18 - JAN 19CIOAPPLICATIONS.COM 19What are you spending on information security? What percentage of your spending on cybersecurity tools is on legacy vendors, and what percentage is on newer technology?For us, our spending has continued to increase for information security over the past three years while our overall technology spending has remained flat. This area and the new data technologies have been the growth areas for us. In terms of legacy vendors versus newer technology, we have introduced a number of new technologies as the investment, and innovation in information security solutions has really provided an impressive list of new entrants. There continues to be strong investment and a significant amount of innovation, but the focus of tools has shifted from protection -- which was deemed insufficient -- to faster detection and remediation capabilities. These have become a priority, for them and for us.The vector is still up on spending. CEOs and boards have to give their tech leadership the notion and impression of carte blanche: "What can you trade off to make room in the budget?" It was a trend in the past -- that new vendors will lower your costs and that technology costs can go down. That's not the case with information security. There is much more capability, but the overall spend is going up.Have you quantified the cost if you lost data and/or IP to a cyber attack, and have you compared that to your cybersecurity spend?There are a number of reports available today that quantify the average cost of a cybercrime breach. For example, the latest report commissioned by IBM pegged the 2015 consolidated average cost at $3.8 million. There are a few law firms that specialize in supporting boards and companies that have been breached and they believe the number is higher than the number stated in IBM report. For example one law reported the average to be $7 million. I think understanding the costs up front and having a dialogue with your board will help prepare everyone to assess the right mixture of investment in the information security function, the amount of insurance needed and the business risk the firm is willing to take. The long-term brand or reputation costs from a breach seem to be the most difficult to quantify and model.How do you assess the company's risk? Do you know how many endpoints the network has and how do you control them?Orion is right, and in addition to knowing the number of endpoints, you have to have the tools to be able to understand what is happening on those endpoints. What software versions are Information Security Against Cyber AttackscIo insightsBRAD PETERSON, EVP & CIO, NASDAQ
< Page 9 | Page 11 >