Almost half of enterprise security practitioners said they would invest more in current cybersecurity spending priorities if given additional budget, even though those investments have "not significantly deterred regular and ongoing breaches," according to a new report from Accenture.
Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries.
Between 44% and 54% of respondents said they would "double down" on their current cybersecurity spending priorities rather than invest in new approaches.
Cybersecurity awareness and spending may be up, but that doesn’t mean enterprise security staff are investing in the new types of technology needed to thwart today’s increasingly sophisticated attacks. Instead, most said they would invest in more of the same, despite the fact that cybercriminals are clearly getting around those common defenses. Accenture also found about one-third of targeted cyberattacks over the last year was successful.
The survey revealed few companies would invest any extra funds they received in efforts that could "directly affect their bottom line," such as protecting against financial losses (28%) or investing in cybersecurity training (17%).
"The survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain," said Kevin Richards, managing director of Accenture Security in North America.