Why cyber security will cost 40% more in 10 years’ time

Security tools aren’t matching hackers’ skills, warn RAND and Juniper Networks

A padlock against a golden background to represent cyber security

The costs of managing cyber security risks could rise by 40 per cent over the next decade as tools fail to keep pace with hackers, according to a new study.

Training, security tools, business disruption and network management all figure in the predicted cost rise, worked out by nonprofit think tank RAND, which conducted detailed research with CISOs from a variety of companies.

With the most severe security breaches costing big businesses 1.46 million, up from 600,000 last year according to PwC, such a rise means the financial impact could top 2 million by 2025.

RAND released its findings in a new report today, titled The Defender's Dilemma, undertaken in association with Juniper Networks.

In light of a rising number of cyber breaches experienced over the last two years, RAND warns that cyber criminals are becoming impervious to security tools that they can develop countermeasures against, making their attacks more successful.

"Half of all the tools used in any one year are subject to countermeasures as hackers adapt if and when such tools become popular," the report read. "This adaptation causes tools to lose effectiveness over subsequent years."

In fact, RAND predicted that the effectiveness of tools for which countermeasures can be developed will plunge by 65 per cent over the next 10 years.

Very large businesses have the most to lose from the factors outlined above, with the breaches themselves contributing to 47 per cent of the financial losses enterprises will suffer from such incidents, compared to just eight per cent for small companies.

However, buying new security tools to deal with the latest threats also offsets some of the potential savings by averting cyber attacks, pointed out RAND.

As much as 11 per cent of enterprises' cyber security costs come from deploying tools, its report found.

It said: "Small organisations benefit from circumstances and policies that reduce their attack surfaces (e.g., BYOD/smart device restrictions). Larger organizations need a panoply of instruments to keep costs under control.

"Roughly 40 per cent of the reduced losses are offset by increased costs associated with using such instruments."

Insider threat

Whatever they spend, large organisations are the most at threat from hackers thanks to their higher profiles.

While just 11 per cent of small firms have been penetrated by hackers, five per cent of very large firms have been, found the report.

"[This] supports the truism that CISOs must assume that the attackers are already inside their networks," warned RAND.

Rapid7 security expert, Trey Ford, said CISOs also suffer from not being able to share breach details with counterparts outside their firms.

"The lessons learned by those in this office are shrouded or entirely prevented from sharing due to external and internal NDAs and shareholder concerns," he said. "CISOs are still grasping at how best to report security programme performance to the board."

IoT

Both RAND and Juniper also found that the Internet of Things (IoT) will increase the losses resulting from cyber breaches by 30 per cent come 2025.

They warned that companies must strengthen training and BYOD/smart device policies, as well as focusing on tools without countermeasures, which are more powerful in the long run.

"As companies invest heavily in innovative connectivity technologies, giving rise to the IoT, they also need to consider smart security investments to mitigate complex, dynamic cyber threats," said Steve Jacques, consulting engineer in security at Juniper.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021