The IRS informed my wife and me that we were victims of identity theft with our 2014 federal income tax return. The agency got a return from us and someone pretending to be us. The IRS figured our return was the right one because we sent a check with our return and the identity thief wanted a refund.
We got off pretty easy (so far), but consumers and companies have been victims of increasing hacker attacks. About 60% of companies responding to a SecureAuth survey said they had been hacked in 2015. Notable attacks during the year included T-Mobile (via an Experian problem), Anthem health insurance, ScottTrade, and Ashley Madison as well as government agencies such as the US Office of Personnel Management and, of course, the IRS. And don’t forget the Sony attack in late 2014.
What are companies doing to fight the cyber security battle?
For one thing, they’re going to spend more money on it. Two surveys indicate that information technology managers in corporate America will ramp up their budgets to guard against security breaches in 2016.
In the SecureAuth survey, 95% of respondents said they think that their companies will increase security spending in the next year. Some 44% of that number expect spending to rise 20% or more.
Some 44% of respondents to a 451 Research survey said their companies would boost security spending. Respondents to that survey indicated a concern beyond money, with 44% citing a lack of expertise in dealing with cyber security and about 28% worried about inadequate staffing.
It might not be surprising that the IT folks — some 62% in the SecureAuth survey — say that protecting against breaches costs less than dealing with the aftermath. But 87% say that their company frequently chooses to facilitate user experience at the expense of better security.
Breaches not only occur more often, they’re getting more expensive to deal with. The per-company cost rose 23% from 2014 to 2015 to about $3.8 million, according to a survey from the Ponemon Institute. The cost per customer increased 6% to $154 in 2015 from $145 in 2014.
For those putting more money into security, there are plenty of providers ready to take it.
The research firm Cybersecurity Ventures predicts that spending on security will increase to $170 billion in 2020 from $77 billion in 2015. The company released its listing of 500 cybersecurity companies around the world in December.
Security firms such as Palo Alto Networks and FireEye are getting a good share of those security dollars.
Palo Alto Networks posted $928 million in revenue in 2015 (ended July), a 55% increase from 2014. The company posted a net loss of about $165 million in 2015, down from a $264 million loss in 2014.
FireEye’s revenue increased 163% to $425.6 million in 2014, and it eclipsed that amount in the first three quarters of 2015 with revenue of $438 million. It too loses money, racking up $401 million in losses in the first nine months of 2015.
Venture capitalists have been hot on security companies. Cybersecurity firms raised $1.9 billion in venture capital in 2014 and another $1.2 billion in the first half of 2015.
Another indication that security providers are trending higher is Dell Inc.’s decision to make its cybersecurity unit, SecureWorks, the first of what could be several spinoffs as Dell proceeds with its acquisition of EMC.
An SEC filing for an IPO showed that SecureWorks had $262.1 million in revenue in fiscal 2015 (ended January), up 27 percent year from $205.8 million in 2014. Revenue was $254 million through the first three quarters of 2016. The company posted net losses of $38.5 million in 2015 and $44.6 million in 2014.
While companies increase their budgets, there are less expensive steps consumers can take to protect themselves. Use strong passwords, use two-step verification, and make sure you’ve got your own security software.
It’s probably cheaper than sending a check to the IRS. Believe me.
Tim Green has covered business, technology and science at newspapers and in higher education. At Hoover’s he covers computers and telecommunications. Follow him on Twitter.