A Rand Corporation study based on a survey of company chief information officers said rising concerns from high- profile incidents have made cybersecurity a priority for many organisations.
The authors cited prior research showing worldwide spending on cybersecurity is approaching USD 70 billion per year and growing at 10 to 15 per cent annually but said that "it would be an understatement to say organisations are dissatisfied with their security."
"Companies know what they spend on cybersecurity, but quantifying what they save by preventing malicious attacks is much harder to tally," said Lillian Ablon, a Rand researcher and co-author of the report.
The researchers found that the effect of a cyberattack on reputation -- rather than direct costs -- caused the most concern for chief information security officers.
More From This Section
The report in coordination with Juniper Networks said the cost of managing cybersecurity is set to increase 38 per cent over the next 10 years across all businesses -- largely from investment in tools and training, and dealing handling the use of personal devices such as smartphones which connect to corporate networks.
"Attackers are constantly developing countermeasures to new security technologies, which limits the relative effectiveness of those tools over time and requires companies to invest in new technologies to take their place."
The researchers said evaluating cybersecurity is difficult because so much is shrouded in secrecy. Despite the wave of attacks that have become public in recent months, the methods used by hackers use to infiltrate systems and countermeasures are often kept private.
The report noted that "cybersecurity is a hard sell, especially to chief executives" but that there is now greater focus on security measures.