InfoSec Pros Say Lack of Funding a Key Hurdle to Protecting Networks, According to Research by Tenable Network Security

Survey shows small budgets hold back cyber security efforts in 65 percent of UK organisations, despite increased confidence in ability to defend networks from cyberattacks

Newly released results from a survey conducted by Tenable Network Security®, Inc., the leader in continuous network monitoring, reveal that 65 percent of UK organisations do not spend enough on cyber security budgets to adequately protect their networks.

When IT and security professionals visiting this year’s Infosecurity Europe were asked if they believed their employers were doing enough to protect their networks from cyber threats, 47 percent said they didn’t believe they were. Even for the 53 percent that said they are doing everything they can to protect their networks, lack of funding is still a major limiting factor, as 48 percent of this subset point to inadequate budgets as a key hurdle.

Eighteen percent of respondents only spend money “when something happens,” indicating a reactive response to network security, instead of a proactive and strategic approach.

Just 17 percent of survey respondents report they have the proper budget and company buy-in to “spend whatever is necessary” to protect themselves.

"The time between the discovery and announcement of a vulnerability and the subsequent release of exploit code that takes advantage of that vulnerability is rapidly decreasing," said Cris Thomas, strategist, Tenable Network Security. "People used to think they had weeks or even months before they had to remediate a newly discovered vulnerability. Now that time has shrunk to hours or even minutes in some cases before someone is actively exploiting a new zero-day.”

“According to our survey results, the reality for 83 percent of UK organisations is that budgets are not bottomless and security teams have to balance the risk of being breached with the expense of deploying a properly secured network,” said Thomas. “This, unfortunately, can force some organisations to skip basic things like maintaining a complete inventory of all network assets and continuously monitoring for and removing vulnerabilities and misconfigurations.”

Those who participated in the survey did report one bright spot for UK cyber security. Tenable’s survey results show that 59 percent believe they are better able to defend their networks from cyberattacks now than they were 12 months ago. Forty percent said their ability to defend their networks remained unchanged, and no one reported feeling less confident in their ability compared to last year.

Tenable surveyed nearly 300 IT and information security professionals over three days during Infosecurity Europe 2015. The results are valid within a six-percent margin of error.