In 2016, information security business expenses grew by an average of 67%. The increase in this item of expenditures occurs against the background of resonant hacking of security systems. Companies have to solve two complex tasks: attracting highly qualified specialists who are able to create unique IT products and implement them, as well as maintaining the results achieved through investments. Nevertheless, the vast majority of companies surveyed (90%) advocate more than one level of cybersecurity, taking into account high risks, despite the higher cost of investing in the creation of multi-level information security systems.
Securing payment channels
Many organizations pay special attention to improving the security of payment channels, and trading companies are no exception. Their customers are also concerned about the security and preservation of confidential data while paying for goods and services.
Employee and customer data remains the primary target of cyberattacks, the number of which continues to grow worldwide. Their number in 2015 year increased by 72%, experts say PwC. Last year, the number of detected incidents of hacking databases and stealing information from them soared by 154% compared to the 2014 year. The estimated financial losses of cyber-attacked companies increased by 159% compared to the 2014 year. Therefore, it is not surprising that after a small reduction in information security costs in 2014, most retailers and manufacturers increased their information security budgets in 2015 - an increase of 67%.
In terms of introducing specific security technologies, global trends are as follows. American companies have begun to actively implement the EMV standard (Europay, MasterCard and Visa) for payment cards. In addition to switching to EMV, retailers and consumer goods companies said they are exploring other technologies and processes for protecting customer data, including point-to-point encryption, the use of next-generation firewalls, and tokenization.
Business Partner Risk Management
The security assessment of third-party business partners (in particular, the cloud solution provider) has been given high priority in many companies in the retail and consumer goods sectors. Most respondents told experts that they carry out this assessment at least twice a year. There is nothing eternal in the world, and the latest technologies tend to quickly become obsolete, so this process must be clearly monitored and controlled.
Many companies have introduced risk-based security standards to improve their interaction with third parties. These guidelines can help companies simplify the process of exchanging information with third-party business partners and suppliers, as well as the process of exchanging expectations and concerns regarding the services provided.
Enhancing the role of Director of Information Security
Within companies, there is an increasing role for the director of information security and the board of directors to gain a deeper understanding of cyber threats and create reliable risk-based cybersecurity tools. In fact, the involvement of board members and senior management in security systems has increased, while in most aspects of information security the increase is a double-digit figure. This partly explains the tangible increase in the security budget in 2016.
This article was published in the 135 issue of the print version of the magazine.
Please rate the article |