Last year, CIO, CSO and PricewaterhouseCoopers released a new Global State of Information Security survey, which polled more than 10,000 executives from 127 countries about IT security. The results were a mixed bag, with security incidents up 38% over 2014 but corresponding budgets rising only 24%.
This finding reflects common corporate psychology that cybersecurity is a cost center and a drain on resources – a Cisco survey of over 1,000 executives also found that 74% of respondents in the U.S. said that the main purpose of cybersecurity is to reduce risk instead of enable growth. I’ve found that people tend to think of cybersecurity as costly, complex, inefficient, and a damper on productivity. Many people believe it may not actually work or mitigate risk. This can result in security measures being implemented piecemeal without any overarching policy, resulting in costly but poor integration.