Tweet This
- Since this evil has grown along with this otherwise marvelous structure, spending on cybersecurity has skyrocketed, bringing many legitimate business opportunities with it.
- Since this evil has grown along with this otherwise marvelous structure, spending on cybersecurity has skyrocketed, bringing many legitimate business opportunities with it.
Connectivity through the Internet has yielded businesses everywhere tremendous productivity and profitability opportunities. The hitch in this otherwise welcome world is great vulnerability to cyberattacks. The same electronic avenue that makes business more profitable and life so convenient and easy also enables those who would disrupt and frequently steal. Since this evil has grown along with this otherwise marvelous structure, spending on cybersecurity has skyrocketed, bringing many legitimate business opportunities with it.
Even without statistics, just the accumulated memories of headlines should convince anyone that cybersecurity incidents have exploded. Global business recorded almost 23 million significant security breaches in 2011. By 2013, the number approached 30 million, a 12.8% annualized growth. Since, the number of incidents has accelerated, growing over 33% a year on average. Though data are spotty for this year, the number of such incidents is on track to approach 100 million. Taking a broader measure that includes intrusions as well as actual breaches, business and government in the United States alone suffered 668 million during this year’s first half or 1.3 billion at an annualized rate, a 15% yearly rate of increase since 2013.
Business has a bigger problem than just how attacks have risen with IT applications. Its best means to IT productivity and so profitability -- cloud computing and outsourcing, including offshoring -- disproportionately increases the vulnerability to attacks. A survey by Gartner makes clear how these productivity-enhancing steps have allowed business IT to do more over the past couple of years even while keeping hiring and capital budgets essentially flat. Few want to give up these efficiencies, despite the vulnerabilities they bring. All know that bringing data management in house can reduce vulnerability but only at the cost of rising expenses, particularly for equipment and staffing. It is little wonder then that firms have turned enthusiastically toward spending on cybersecurity. As much as it can cost, it offers a bargain next to the alternative of cutting back on cloud computing and these other productivity-enhancing practices.
And such spending has grown markedly. In the United States, outlays for cybersecurity have jumped from $40 billion in 2013 to $66 billion in 2018, if, that is, the pace of spending in the first half holds up for the entire year. That amounts to a 10.5% yearly growth rate. Few lines of business can claim that kind of growth. Globally, the spending figure, according to Gartner, should approach $93 billion this year, though many industry executives suggest that this estimate is much too conservative. They put the likely final spending amount well over $100 billion.
It looks as though the spending has paid a return. Despite the continued growth of IT usage and cloud computing as well as outsourcing, the number of attempts and breaches in the United States this year seems to have abated from 2017’s high of 1.6 billion. The battle, however, is far from won. Figures for 2018 are still higher than any other year on record. What is more, hackers and other criminals have already begun to shift away from areas where the security efforts have focused. Past attacks occurred mostly on servers and workstations, but more recently the hackers have focused more on applications and people, where security efforts thus far have concentrated less. These new areas, then, would seem to offer the greatest return and the largest business opportunities going forward. Of course, if such efforts prove effective, the criminals and the needs for security will simply glide elsewhere. Following their efforts is then an endless game and it will give those competent in security, individuals and firms, good growth prospects for the foreseeable future.
The data say that these needs/opportunities are truly global. To be sure, the United States has suffered a plurality of such attacks, 43% of the global total. The Asia-Pacific region is next, suffering some 30% of the attacks, while Europe and Latin America trail with 24% and 4% respectively. But those differences say less about the nature of cybercrime in each region than about how far the firms there have come in IT development, including Internet use and cloud computing as well as outsourcing and offshoring. The criminals are certainly global. They have simply strived for efficiency, as does any business, and focused on those places with the most targets. The great bank robber, Willie Sutton, though far from an IT expert, summed up the phenomena when he advised: “Go where the money is . . . and go there often.” As firms in other regions reach the depth and breadth of IT penetration already present in the United States, their experience with cybercrime will almost certainly come up to this country’s.
When it comes to the industry distribution of attacks, the matter takes on greater complexity. In 2017, for example, some 65% of the incidents centered on the entertainment industry, far above the 9.4% in information and 7% on healthcare, not to mention the only 5.5% in finance. This pattern is certainly not going where the money is. It suggests that here the attacks have followed vulnerability. Entertainment has neither the security tradition of finance and healthcare nor the regulatory strictures. Both prompted these sectors, most especially finance, to seek cyber protection earlier than other industries. If 2017’s experience is any indication, these other industries will now step up their spending, too, if not to the extent that finance does, then certainly more than in the past.
Today’s picture does offer a measure of encouragement. Incidents and attempts have dropped. Cybersecurity spending has begun to do its job. But it also makes clear that the efforts at defense will have to broaden continually to cover each new area where the criminals find vulnerability. Those efforts will have to broaden geographically, too, as other regions of the world step up their use of IT applications and efficiencies on a par with North America. And security venders will find new markets as they develop defenses for industries that previously had little need for protection or thought they did. The dollars involved will rise in tandem.
