Cybersecurity spending is up but so are breaches

Dive Brief:

Cybersecurity spending reached $53 billion in 2020, but it still fell behind growth in other IT segment investments, according to research from Canalys. Cybersecurity spending increased 10% year over year, trailing a 33% increase in cloud infrastructure services and 20% in cloud software services.
Companies are gathering more data and unintentionally increasing their liabilities because of the storage and processing powers of the cloud. In 2020, a breach resulted in an average of 101 million compromised records, compared to 81 million in 2019 and 55 million in 2018.
Upwards of 55 billion data records have been compromised throughout 900 documented breaches since 2005, yet 77% of the breaches occurred between 2019 and 2020. In 2020, the number of compromised data records increased 171% year over year, with ransomware contributing to the trend, according to the report.

Dive Insight:

Cloud storage allowed companies to store and process data outside on-premise systems, but the controls that protected data became less visible. Data now sits in public clouds or, in the era of remote work, inside an employee's house, according to Canalys.

"Data visibility is so important … data discovery and classification of sensitive data is crucial to get a clear understanding of not only where the data resides, but also to assess risks so appropriate actions can be taken," Sol Cates, CTO and principal technologist at Thales's Cloud Protection & Licensing, told Cybersecurity Dive earlier this month. The process needs to address structured and unstructured data.

Companies are also collecting more personally identifiable information (PII) to craft a personalized experience for customers or provide data to third parties; with more data, the threat grows. As a result, the technology and data analytics sectors are the "the biggest contributors" to breaches since 2005, according to Canalys.

As a subgroup of the tech and data analysis sector, Facebook is "one of the worst repeat offenders" for data breaches. While the U.S. waits for more regulations on cyberattack and breach reporting, the EU's General Data Protection Regulation (GDPR) is taking notice of data transfers via cloud and making it harder for U.S. companies to transfer data.

Other industries experiencing an acceleration of the rate in breaches in 2020 include education, healthcare, media, entertainment and gaming, according to the report. The uptick in breaches coincides with the "big shift" toward digital transformation.

With more organizations becoming digital, governments are considering (and the EU is implementing) data administration safeguards, access management restrictions, or larger fines for infringements.

Organizations will have to better assess what data they house and how it's protected in largely digital environments. Though the cloud alleviates hardware and infrastructure security responsibility, there are gaps in controls and frameworks between providers.

"There is a noticeable lack of interoperability that needs to be addressed. What has become apparent is the fact that different philosophies and responsibilities have emerged based on the technology available," said Cates.