Enterprises that don’t want to pony up the cash to pay for a suitably-sized security staff may find they’re dishing out even more cash when a breach happens. Research released by security vendor Kaspersky Lab found a correlation between lack of full-time security experts on staff and increased costs of recovering from security breaches.
The “2016 Corporate IT Security Risks” report is the result of a survey of more than 4,000 people from a variety of industries and company sizes. During the survey, Kaspersky found a general shortage of full-time security staff.
Typically, only 15 per cent of employees in any given IT department are dedicated to security. According to Kaspersky, it’s a figure that needs to be reconsidered. There are approximately 315,000 malware threats detected every day, and sufficient staffing is required to proactively address such challenges.
When recovering from an incident, large businesses tend to find their outsourcing costs fall between US$1.2 million and US$1.45 million. Large businesses with an adequate security staff, though, see those figures drop drastically to between US$100,000 and US$500,000. The reason, according to Kaspersky, is because the extra costs go toward hiring external experts for help.
There’s no easy solution, though. Forty-eight per cent of the respondents indicated a security talent shortage and 46 per cent noted a growing demand for skilled specialists. Additionally, 68.5 per cent of businesses expect to add to their full-time security staff. Of those, 18.9 per cent indicated they expect to increase their security staff numbers significantly. Trying to find appropriately-skilled security experts may be difficult, though.
Another strategy for proactively dealing with potential security issues is to share intelligence with customers, Kaspersky noted in its announcement. That’s where the vendor and its partners come in.
“In this evolving industry the relationship with our customers already goes beyond the shipment of a technology or a product — to providing the skills and training necessary to identify on-going attacks,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab, in a statement.
With that in mind, the full report is available on Kasperky’s website.