Spending on security for IT systems is set to grow substantially this year as almost half of organisations admitted they were not protected or even aware of threats.
According to a report from McAfee, there is an increasing focus on risk and compliance management as companies are under ever more pressure to protect customer and sensitive business information against a range of potential threats – such as cyber criminals.
It is said in the report, which can be found here, that increasingly tight compliance is demanded by national and regional government in the US around security of information.
McAfee claims that the results published show how it is imperative that companies improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls.
The research showed that 46 percent of organisations plan to fork out extra cash this year in order to adequately meet expectations, with spending expected to rise 21 percent.
However it is highlighted that 41 percent of organisations questioned were not conscious of security risks posed, or knowingly remained unprotected, while another 40 percent were unsure whether they would be able to fend off potential risks by using countermeasure products.
“Organisations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee.
75 percent of those asked were not confident that they would pass a regulatory compliance audit, while more than half admitted they have already failed.
A further nine percent have already failed an audit that has resulted in a fine from either the government or an industry, with 24 percent spending over $250,000 on auditors.
Over 40 percent of organisations, according to McAfee, get into “fire-fight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities
Databases were considered one of the biggest challenges in terms of infrastructure compliance with regulations.
It is also noted that approximately half of companies are having to patch systems every week, with a similar number over-protecting by patching everything.