Earlier this year there were various predictions – including from the CEO of information-security technology vendor FireEye – that spending on cybersecurity would slow down in 2016. I was unconvinced when I initially heard the negative predictions, and, to this day, I remain skeptical; my feelings were recently reinforced by a conversation with Steve Morgan, the CEO and Founder of research firmCybersecurity Ventures. Morgan authored a report last month that noted that, in fact, cybersecurity spending appears to be growing, rather than shrinking. He even predicts that spending will increase to a total of over $1-Trillion over the next five years, up from $77-Billion annually in 2015.
How could CEOs in the industry be so far off? Why is information security spending so hard to track and predict? Morgan and I discussed several reasons:
1. A large portion of information security related spending it not accounted for as being information-security related. Consider, for example, that an organization developing a software package for internal use might spend money from its development budget on technology to scan code for vulnerabilities – the expenditure, however, may never be tracked back to an information-security budget.
2. Similarly, Value Added Resellers (VARs) and consultants doing security work don’t always define products and services as “security.” For example, a networking project may include the purchase of security components that are simply categorized as part of the overall project. Sometimes, even when the products are attributed to a security need and budget, the associated services are not. For example, if networking consultants install and configure firewall (not that doing so is recommended), their work may never be categorized as a security spend. For the full article click here
from cyber security caucus http://ift.tt/2as0r4Z
via IFTTT
No comments:
Post a Comment