Breaches worsened despite higher spending on cybersecurity

Despite a 24% average increase in spending on prevention, detection and remediation in 2019, compared with 2018, it takes an average of 12 days longer to patch due to data silos and poor organisational coordination, according to ServiceNow.

Based on a study conducted with the Ponemon Institute, the average timeline to patch is 16 days, looking specifically at the most critical vulnerabilities.

At the same time, the risk is increasing. In Singapore there, was an 18% increase in cyberattacks over the past year, and 58% of breaches were linked to a vulnerability where a patch was available, but not applied.

The study surveyed 3,000 security professionals in nine countries to understand how organisations are responding to vulnerabilities.

The survey results reinforce the need for organisations to prioritise more effective and efficient security vulnerability management.

Of all respondents globally, 34% increase in weekly costs spent on patching compared to 2018.

About nine in 10 (88%) of respondents said they must engage with other departments across their organisations, which results in coordination issues that delay patching by an average of 12 days.

In Singapore, there was  27% more downtime vs. 2018, due to delays in patching vulnerabilities.

Seven in 10 (72%) of respondents plan to hire an average of five staff members dedicated to patching in the next year.

On average, 10 days are lost coordinating with the responsible team before a patch is applied.

The findings also indicate a relentless cybercriminal environment, with a 17% increase in the volume of cyberattacks in the last 12 months compared to the same timeframe in 2018. There was a 27% increase in cyberattack severity compared to 2018.

Although 88% of Singapore respondents believe they do not have enough resources to keep up with the volume of patches, the report points to other factors beyond staffing that contribute to delays in vulnerability patching.

Two-thirds (67%) of respondents noted the lack of a common view of applications and assets across security and IT teams.

According to the findings, automation delivers a significant payoff in terms of being able to respond quickly and effectively to vulnerabilities. Four in five (80%) of respondents who employ automation techniques say they respond to vulnerabilities in a shorter timeframe through automation.