When you quantify security, the numbers are big and plentiful. The reality of data being compromised is staggering, but we have immense opportunity to fight against the ever-evolving and rapidly expanding threat landscape. We must take these times seriously and move quickly, together, to help our customers stay protected.
- Data compromises increased by 28% in 2014, according to the Identity Theft Resource Center. 2015 is tracking equally significant increases.
- According to the Verizon 2015 Data Breach Investigations report, the total loss to security breaches in 2014 topped $700 million. However, other estimates claim $600 billion annually. No one knows for sure, but the reality is this: Many businesses are feeling pain related to security-breach losses.
- The average cost of remediating a security breach is $217 for each record, according to the Ponemon Institute.
- Tens of millions of data records were compromised in 2014, but a breach of just 10 million could upwards of $2.2 billion in remediation costs when we look at Ponemon’s estimates.
These statistics are what we face today, but they can’t even come close to adequately reflecting the damage to a company’s reputation and loss of potential business that occurs with a breach.
It’s little wonder, then, that security is one of the few bright spots on the technology landscape when it comes to spending. Analyst firm Gartner says Worldwide IT Spending to Decline 5.5 Percent in 2015*. We believe this is one of the most significant contractions in technology spending since the recession of 2007-2009. Security spending will increase a whopping 8.4 percent this year and is forecasted to increase annually by 9 percent over the next three years. This is a pivotal time for us to help.
Bank of America Merrill Lynch estimates that the total security market is valued at $75 billion and is expected to top $170 billion by 2020. Part of the reason security spending is going to more than double over the next four years is unbounded availability of security technologies. Businesses are keep spending on ineffective products with few results in return.
All of these numbers point to a problem, but not necessarily the solution. At our annual Partner Summit and Focus Conference, McAfee unveiled its strategy for addressing the ever-increasing volume of threats and mounting costs. The strategy rests on three pillars.
- Protect. Applying appropriate levels of protection to IT assets and data. As McAfee CTO Steve Grobman said at Focus, there’s no shortage of security products; there’s a death of effective technologies and deployments. We must deliver effective security, not just “security theater.”
- Detect. Quickly identifying threats and breaches, and remediating security incidents to minimize damage. According to Ponemon, it takes 256 days to detect an external security breach and 158 days to find an internal incident. We must find and eradicate threats and breaches as fast as we can; the longer a breach goes undetected, the greater the damage.
- Correct. Take corrective action to ensure security breaches aren’t repeated. According to the Verizon report, 90 percent of all security breaches target known vulnerabilities, so dating back to 2002 when Windows NT was the dominant operating system. Systematic improvements and change management will reduce the number of vulnerabilities and reduce the attack surface. The result is an increasingly less vulnerable enterprise.
In practical terms, these three strategic pillars can be summarized in two words: “Do better.” We, McAfee, and you, our partners, must do a better job. We must understand the threat landscape, work with customers to identify and quantify their risk exposure, devise and design effective and evolving security systems, apply intelligence to security management processes, and continuously measure results.
We’re challenged to apply our considerable resources – efficiently and effectively – to ensure security spending isn’t just a black hole from which nothing comes back out. Our goal is to make every dollar spent on security products, services, and support equate to hundreds of dollars in savings on incidents that never happen.
Join me in rising to this challenge, committing to building sound security practices, and delivering superior value based on McAfee technology and your skill. Together, we can keep our customers safe and produce positive returns on security investments.
*Gartner Press Release, Gartner Says Worldwide IT Spending to Decline 5.5 Percent in 2015, June 30, 2015, http://www.gartner.com/newsroom/id/3084817.