Why spending more on cybersecurity isn’t moving the needle

For years we’ve come to understand that the cyber threat landscape evolves quickly and grows exponentially as new technology is introduced. After all, to survive as a business in the world today, leveraging that technology is critical–but it also presents new avenues for threat actors to exploit. As remote and hybrid work has become the norm, the attack surface for organizations today is as vast as it’s ever been–presenting a host of new obstacles for security departments whose aim to is measurably reduce risk–especially in the face of growing ransomware attacks.

Naturally, many enterprises are allocating more budget and time to address these challenges. According to the 2022 Cyberthreat Defense Report, the typical IT security budget increase by 5% this year. But is spending more and adding more to your security arsenal the answer? It doesn’t seem like. A study conducted by Dell’Oro Group reveals that as enterprise network security spend has increased, so has monetary losses tied to cyberattacks. This is the modern cybersecurity conundrum that continues to plague security departments across the globe.

A recent discussion featuring Dell’Oro Group Research Director Mauricio Sanchez and Menlo Security Senior Director of Cybersecurity Strategy, Mark Guntrip, dives further into this discussion. In the discussion featured below, the two break down why spending more on security doesn’t protect organizations any further, especially in the face of the Highly Evasive Adaptive Threats (HEAT) that are leading to successful ransomware attacks.