18 March 2019

New research has found that only five per cent of UK businesses spend £750,000- £999,999 on security testing.

The Cost of Security Testing, a report recently commissioned by security testing platform Avord, also found that only 1 per cent of companies spend over £1m annually on security testing. It said that businesses across the UK have criticised the security testing industry for being too expensive and this has resulted in companies spending more than £6.6bn annually protecting critical assets from cyber-attacks.

The research further found that companies are struggling to justify the costs of external consultancies. Avord said this data suggested there is a gap in knowledge of the true financial cost of a data breach and preventative security testing, but that this is based on misinformation and overpriced consultancy costs.

Brian Harrison, chief executive officer, Avord, told Networking+ that network managers and engineers were likely to have been directed by management to seek external assistance and have since been charged excessively for security testing by consultancies.

“Whatever the experience or expertise of technical staff, businesses are without sufficient time or the right technology to effectively protect their critical assets,” he said. “Huge consultancy firms have convinced them that in order to successfully test all of their vulnerabilities, they must spend large sums preventing cyber-attack, which is simply not true. Testing can and should be affordable for large and small businesses across the supply chain.

Harrison said if every cyber-attack costs £855,000 on average, according to Radware (provider of load balancing and cybersecurity services for data centres): ”Business simply can’t afford not to test, it is one of the fundamental ways you gain insight into your control environment and the level of protection it conveys.”

He added: “To get value for money when testing, I would advise any company to fully understand their environment and start by assessing the critical assets first. This can save a lot of time and money instead of using the scattergun approach. Security testing is your eyes and ears when it comes to understanding your vulnerabilities, and how to protect them.”