With the General Data protection Regulation (GDPR) implemented and the likes of California’s Consumer Privacy Act (CCPA) to follow, organisations are beginning to show signs of improvement when it comes to information security practices.
A new report published by information technology firm Wipro, the State of Cybersecurity Report 2019, has found that 65% of organisations globally are now tracking and reporting regulatory compliance to ensure that their data protection practices match up to the European Union’s strict guidelines.
The report, based on surveys completed by security leaders and analysts at 221 global organisations across 27 countries, found that 15% of organisations are now spending more than 10% of their IT budget on cybersecurity.
In 2017, the majority of organisations were spending between 2-4% of their budget on security. However, businesses are now most likely to be spending between 4-6%. And according to Wipro, the average security budget is bound to increase over the next few years.
Less data breaches, more lost data
The implementation of GDPR, and the increased focus on information security, has led to a decline in the number of publicly disclosed breaches. According to Wipro, breach reports have dropped by 25% in the past year.
Despite that, the amount of data lost to breaches has increased in the same period by 164% to 232 records exposed per second.
According to Wipro, this is a sign that cybercriminals are changing their approach, turning away from mass attacks on smaller organisations in order to breach bigger targets in search of rewards with a higher monetary value.
Some 38% of the data breached during the last months were a combination of personally identifiable information and security credentials such as passwords, which can be used to commit further offences.
Overcoming cybercriminals requires collaboration
Wipro’s findings suggest that organisations have become less willing to share information on security threats over the past year. The 2018 report found that 79% of organisations were willing to share details on indicators of compromise, such as malicious IP addresses and domains. However, that has fallen to 67% in 2019.
Likewise, just 33% of organisations said they were willing to share details on the tactics and techniques used by attackers during a breach. This is mainly due to fear of reputational risk, which has only increased following GDPR.
However, Wipro believes that increased information sharing between organisations can be a “critical enabler in anticipating and mitigating new and developing attacks”.
“With organisations riding the digital wave, security strategies need to be enhanced to address the changing landscape and enable a smooth and safe transition,” Raja Ukil, Global Head of Cybersecurity & Risk Services for Wipro, said.