Executive Briefings

By Comparison to Other Types of Companies, Retailers Fall Short on Cybersecurity Investment

Seeing what is happening to their customers and feeling the heat from possible threats, technology companies are increasing spending on security for their own systems, according to a survey of chief financial officers. Meanwhile, incentives to spend big on security are still in short supply for retailers and other private companies.

According to the annual 2015 BDO Technology Outlook Survey, which sourced its information from 100 U.S. technology CFOs, 67 percent of respondents have increased spending on cybersecurity measures in the past year. Of those, 90 percent have implemented new software security tools, 72 percent have created a formal response plan for security breaches, 48 percent turned to an external security consultant, and 30 percent hired a chief security officer.

Meanwhile at retail companies, the financial incentives to spend on information security are low, even following high-profile breaches, wrote Benjamin Dean in The Conversation.

"The actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1 percent of each company's annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less," wrote Dean, a fellow for Internet Governance and Cyber-security, School of International and Public Affairs at Columbia University. As a result, there is less pressure for retailers to spend big on security than what technology CFOs might think.

Read Full Article

According to the annual 2015 BDO Technology Outlook Survey, which sourced its information from 100 U.S. technology CFOs, 67 percent of respondents have increased spending on cybersecurity measures in the past year. Of those, 90 percent have implemented new software security tools, 72 percent have created a formal response plan for security breaches, 48 percent turned to an external security consultant, and 30 percent hired a chief security officer.

Meanwhile at retail companies, the financial incentives to spend on information security are low, even following high-profile breaches, wrote Benjamin Dean in The Conversation.

"The actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1 percent of each company's annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less," wrote Dean, a fellow for Internet Governance and Cyber-security, School of International and Public Affairs at Columbia University. As a result, there is less pressure for retailers to spend big on security than what technology CFOs might think.

Read Full Article