Security experts at a recent panel held at MIT cited a lack of spending as the main reason why companies are vulnerable to cybersecurity breaches.
Security vendor Pwnie Express’s Paul Paget said that most companies spend between 4 percent and 10 percent of their IT budgets on security. That number is higher in financial services companies, and on the lower end in most retail companies.
Paget said one big problem is the tendency for companies to confuse compliancy with a robust security strategy.
“With the burden of compliance, you can easily get lulled into complacency around, ‘Well, we’re compliant,’ ” Paget said.
“Everyone here probably understands compliance is not security because it’s a lagging indicator of trying to keep up with what was decided three, four, five or 10 years ago,” he said.
Christopher Hart, an associate at Foley Hoag with expertise in data privacy and cybersecurity, said that despite efforts to educate companies on the best security strategies, they often default to the cheaper option.
Hart said companies tend to prefer not to spend the up-front costs, “when [they] think [they] might be able to get by with the systems that [they] have.”
However, Hart said, preventative training and technology is “the best kind of system to have in place on the front end to avoid the large costs on the back end.”
PUBLISHED JUNE 9, 2015