Infrastructure protectionCritical infrastructure operators must double cybersecurity spending: report

A new study finds that critical infrastructure operators in the United States are massively under spending on cybersecurity.

According to the report by the Ponemon Institute and Bloomberg Government, U.S. critical infrastructure companies need to spend nine times more on cybersecurity to be able to prevent a digital attack.

Combined, the 172 infrastructure operators surveyed, spent a $5.3 billion on cybersecurity, but the company’s cybersecurity managers estimated that they would need to spend $46.6 billion over the next year and a half to attain a level where they could stop 95 percent of cyberattacks.

Even if the companies hoped to stop 84 percent of cyberattacks, infrastructure operators would have to double spending over the next year and a half.

IT managers estimated that they are currently able to detect 86 to 89 percent of attacks and prevent 67 to 76 percent of those attacks.

“The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages”, said Larry Ponemon, the chairman of the Ponemon Institute.

Afzal Bari, a financial analyst with Bloomberg Government’s Technology & Telecommunications Group, added, “Right now cybersecurity spending is not getting the results that are optimal.”

Respondents were careful to note that an increase in spending would actually save money in the long-run by cutting in half the number of false alarms and allow companies to focus more resources on legitimate attacks.