The recent epidemic of cyberattacks has led to greater investment and spending on security, but fears are rising that hackers are gaining the upper hand, a study showed today.
A Rand Corporation study based on a survey of company chief information officers said rising concerns from high- profile incidents have made cybersecurity a priority for many organisations.
The authors cited prior research showing worldwide spending on cybersecurity is approaching USD 70 billion per year and growing at 10 to 15 per cent annually but said that "it would be an understatement to say organisations are dissatisfied with their security."
More From This Section
"Cybersecurity is a continual cycle of trying to eliminate weaknesses and out-think an attacker. Currently, the best that defenders can do is to make it expensive for the attackers in terms of money, time, resources and research."
The researchers found that the effect of a cyberattack on reputation -- rather than direct costs -- caused the most concern for chief information security officers.
The report in coordination with Juniper Networks said the cost of managing cybersecurity is set to increase 38 per cent over the next 10 years across all businesses -- largely from investment in tools and training, and dealing handling the use of personal devices such as smartphones which connect to corporate networks.
"One of the most challenging issues facing companies is the countermeasures attackers use to evade defenses," the report said.
"Attackers are constantly developing countermeasures to new security technologies, which limits the relative effectiveness of those tools over time and requires companies to invest in new technologies to take their place."
The researchers said evaluating cybersecurity is difficult because so much is shrouded in secrecy. Despite the wave of attacks that have become public in recent months, the methods used by hackers use to infiltrate systems and countermeasures are often kept private.
The report noted that "cybersecurity is a hard sell, especially to chief executives" but that there is now greater focus on security measures.