Subscribe to Email Updates

Subscribe

16203259800_3caa6ca20a_b.jpg

Most Companies Willing to Spend More on App Security Only After a Breach, Ponemon Study Shows

By Filip Truta on May 16, 2018 | 0 Comments

Most companies admit they don't invest enough in application security until after they've suffered a breach, and almost half lack clear visibility into their business-critical apps, according to new data sourced by Ponemon Institute.

Ponemon ran a poll for Arxan Technologies, who wanted to better understand the risk applications pose to businesses when running in unsecured environments, as well as to see if IT and IT security practitioners are addressing this risk. Some 43,000 respondents in more than a dozen industries across the US, EU and APAC were surveyed.

Nearly 75% of organizations were likely to or definitely experienced a cyber-attack or data breach within the last year due to a vulnerable or otherwise compromised application, the study revealed. 63% said they were very concerned they will be hacked through a flawed application, and 54% said they expected threats to grow more severe in 2018.

Given these numbers, one would expect these same organizations to invest heavily in cyber-resilience, yet only 25% of respondents said their organization is making “a significant investment in solutions to prevent application attacks.”

“The results indicated a predominant global issue: application breaches are rising and so are the security risks of running business critical apps in zero-trust environments. However, companies are not adequately investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue,” according to the press release.

According to Arxan, the average data breach costs around $4 million, after factoring in lost customers, impact on operations, and increased insurance costs.

48% believe app performance and speed are more important than security. However, 56% of IT managers ranked performance and security as equally important. Worryingly, 65% admitted they’d be spurred to increase application protection only after customers are negatively affected.

The study further uncovered that, without visibility of the application threat landscape, businesses do not have the necessary intelligence to secure customer-facing applications and protect their business. In a similar survey by Oyutpost24, 16% of IT security professionals said they ignore critical security issues if they don’t know how to fix them.

Share This Post On

Author: Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as software, hardware, cyber-security and gaming, and has worked in various B2B and B2C marketing roles.