High-profile data breaches will lead two-thirds of companies to raise their budgets for cyber security by at least 5% over the next year.

Companies are increasingly allocating money to securing cloud computing and towards analytics software that can monitor their networks and detect unusual activity, the EY consultancy found in a survey of 1,400 executives and IT professionals.

Companies are spending more on training, as business activities move into the cloud and beyond company servers where they can be monitored by IT staff, said Gavin Cartwright, associate partner at EY. Careless or unaware employees were still considered the riskiest vulnerability, the research highlighted.

Sellers of analytics products include Cisco, RSA and the British cyber security start-up Darktrace, said Joseph Blankenship, an analyst at Forrester. “One of the things we struggle with in cyber security is that we have lots and lots and lots and lots of data,” he said. “So far, I don’t think we’ve effectively seen a system that can effectively cut the human out of the loop.”

GDPR has increased the pressure

New rules such as the EU’s General Data Protection Regulation, which came into force in May, have raised the stakes for companies. GDPR, which applies to all businesses with European customers, has increased the maximum penalty for failing to protect data to 4 per cent of global turnover or €20m, whichever is greater.

“Financially and reputationally there is a recognition that security needs to play a bigger role than it has,” Mr Cartwright said. “The mindset has shifted.”

Research published this week by Gemalto, the security consultancy, showed 4.5bn data records had been compromised in the first six months of 2018 – more than double the previous year – after major vulnerabilities were disclosed by Facebook and Twitter.

A big leak of biometric data in India also contributed to the figure for compromised data logs, highlighting the huge scale of data loss online.

“Everyone who is using or monetising data should be protecting it mandatorily,” said Jason Hart, chief technology officer of data protection at Gemalto.

Source: Financial Times