Companies are cutting back on security spending as attacks are on the rise
Companies report that cyber-security attacks are on the rise — up 48% in 2013 but spending on information security down by 4% during the same period. Small companies have been cutting their security budgets according to the latest Global State of Information Security Survey.
This is the first drop in security spending in four years. Security spending in small companies (less than $100 million in revenue) fell by 20%, while at medium and large businesses they increased 5%.
Regardless of company size, security spending as a percentage of total IT budget has leveled off at 3.8% and shows no signs of increasing.
Recent high-profile hacker attacks on large and small corporations have highlighted their vulnerabilities. According to industry experts, in 2013 the number of reported security incidents increased 48% to 42.8 million, the equivalent of almost 120,000 attacks a day. The average cost of managing and mitigating breaches is now $2.7 million per incident.
At the same time, the average information security budget declined this year to $4.1 million, from $4.3 million in 2013.