Are you spending too much on IT security?

"The European Commission's latest Data Protection Directive calls for mandatory data breach disclosure notifications," states Brewer. "That would require organisations to reveal when a breach occurs and exactly what data has been jeopardised."

When news of a data breach breaks, the sensitivity of the data concerned could prove inconsequential as far as the company bottom line is concerned.

The latest Symantec 'UK Cost of a Data Breach' report suggests that the average cost to a UK business has risen by 68% over the past five years, with the average cost per capita of a data breach now standing at a whopping 79 per record.

Perhaps the data sensitivity issue is a red herring. But, does this mean we should dismiss Thale's assertion that security budgets are being badly allocated? David Harley, senior research fellow at security vendor ESET, doesn't think so.

"[It is]highly probable that some businesses are overspending on security by over-engineering the defence of low-priority attack surfaces and relying on overpriced and under-performing panaceas du jour," Harley told IT Pro .

This is where the need for vendor-neutral security audits comes in. Something the Information Security Forum (ISF), along with several other industry watchers, reckon could become a mandatory requirement for the enterprise in the years to come.

"The issue then becomes how the organisation selects the most appropriate technology and vendor to meet their demands," says Logica's Martin.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at