Only 8% of European companies plan to decrease spending on antivirus and antimalware in 2013, a survey of IT security purchasing intentions has revealed.
Some 21% of more than 250 IT professionals polled by Computer Weekly and TechTarget said they were planning to increase spending in this area compared with 2012.
This shows many companies still look to these technologies as the mainstay of their cyber defences despite the fact that antivirus is increasingly being shown as a relatively ineffective security technology.
Most organisations (71%) say spending on antivirus/antimalware technologies will not change in 2013.
This may show that most plan to retain antivirus and antimalware as an essential layer in their defenses, but they are not investing further in technology and supplementing it with other technologies.
However, it may also show most companies are simply sticking with the same technology they have always used.
At the same time, it is surprising that 3% of respondents said their organisations are not using antivirus and antimalware. While these technologies alone are not enough, they form an important part of any layered cyber defense strategy.
The main reason for the lack of evolution in the use of security technologies is that most companies lack a proper understanding of the threat landscape, said Paul Simmonds, co-founder of the Jericho Forum and former CISO of AstraZeneca and ICI.
“Around 95% of the FTSE 100 companies do not have decent security teams, and typically have fewer than five members,” he told Computer Weekly.
This means that most companies do not have the necessary threat intelligence and understanding to perform accurate risk assessments and build appropriate security strategies, said Simmonds.
“Many companies are reliant on general IT for security, but most of them still believe that anti-virus and a firewall at the perimeter are enough, and their perception has become their reality” he said.
Organisations are also failing to evolve their defences because they do not see a reason to change, said Fred Piper, security consultant and former director of the information security group at Royal Holloway, University of London.
“A combination of anti-virus and firewall has proved effective in the past, so most IT teams see no reason to change or make additional investments,” he said.
By contrast, companies that have invested in corporate network visibility and forensics tools have seen some “troubling things,” said Hugh Thompson, chief security strategist for security firm Blue Coat Systems.
“The reality is that many companies do not know if they have been breached or that sensitive commercial information or intellectual property is being leaked,” he said.
According to Thompson, the threat landscape is very different to what it was in the past, but conventional wisdom around IT security has not kept pace.
The survey also revealed that the bulk of spending on antivirus technologies is focused on the desktop (90%) and server environments (84%).
In contrast, only 38% of antimalware investments are for mobile environments, indicating enterprises are still not taking the threat of data loss through smartphones as seriously as they should.
Despite the entrenched position of antivirus solutions, there are some indications the disillusionment with the technology is beginning to influence buying behaviour.
Some 5% of respondents said their organisations are reducing their use of antivirus,1% are discontinuing to use anti-virus, and 45% have no plans to add new antivirus technologies.
New deployments of antivirus is evenly spread between server, desktop and mobile, but with increased use of mobile devices by the enterprise, it is surprising that investment in mobile antivirus in 2013 is not expected to be greater than just 31%.
Read more about antivirus
- Antivirus systems fail to detect unknown viruses, study shows
- After anti-malware: Moving towards endpoint antivirus alternatives
- Antivirus detection gap widening, say security researchers
- Antivirus suppliers go beyond signature-based antivirus
- Is it the end of the line for antivirus signatures?