lolloj - Fotolia
The good news is that IT security budgets have gone up for most customers. The bad news is that the money is not being spent in the areas where it might be needed most.
The channel has always played an educational role and it will need to do so again to back up chief security officers trying to convince their paymasters that money could be spent more effectively.
The Institute of Information Security Professionals (IISP) has surveyed its members and found that although two thirds of members have reported budgets rising a similar level felt that they were not keeping pace with threats. Only a small minority felt that they were ahead of the hackers.
“In times of financial pressure or instability as we have seen in recent years, security is often seen as a supporting function or an overhead,” said Piers Wilson, director at IISP.
“Security budgets are hard won because they are about protection against future issues, so are a good indication of the state of risk awareness in the wider business community. While it is good news that businesses are increasing investment, it is clear that spending on security is still not at a level that matches the changing threat landscape," he added.
The survey echoed some recent research, which had highlighted the increasing security skills, warning that getting the right people to support a cyber security strategy was increasingly difficult.
The advice was to make sure that staff training, development and retention were given a high priority to ensure the level of skills in the industry were kept up.
The level of threats continue to rise with Intel Security's latest quarterly McAfee Labs Threat Report revealing that there had been a surge in mobile malware and ransomware.
The IISP member survey found that two thirds have seen IT security budgets increase. A further 15% said that levels had been kept stable. Just shy of half said that they felt they were improving their response to security incidents.
“This latest Threats Report reveals huge leaps in both ransomware and mobile malware. To stay ahead of cyber criminals, companies must be able to rapidly detect threats and correct their systems," said Stuart Taylor, UKI regional director, channel, Intel Security.
"Customers are keen to invest in security solutions which can keep their data safe – both today and in future. Our own research into the rapidly expanding threat landscape keeps us informed, enabling us to share vital information with channel partners and continue to deliver innovative, effective and integrated security solutions," he added.
The message about the inevitability of being hit by an attack seems to have got through to customers but that does force them to think about what that means for them and how they should spend their budget.
“Organisations today understand that it’s now a question of ‘when’, not ‘if’, they suffer a breach. As a result, we are working closely with our channel partners to inform them about the shifting threat landscape and set them up to deliver solutions which not only protect assets but also focus on enabling rapid remediation,” said Taylor.