Network World is reporting on a Ponemon Institute report sponsored by Arcsight. Remember when reading this that Arcsight makes some really good security monitoring software. The headline is that the 45 companies surveyed spent an average of 3.8 million dollars per year on Cyber Security. The range of the companies is pretty large as the smallest was 1 million dollars and the largest was 52 million dollars. The company size was an equally wide split with the smallest being 500 people and the largest being over 105,000 people. The nit-picking aside the article is interesting. They talk about how they came up with the numbers and some of the observations the auditors made. What makes the numbers the most interesting is that this average dollar amount only includes the participating companies expenses related to actual attacks. This is not things like firewalls or antivirus software.
The quote of the article was this one on the last page: "The eye-popping thing we found is a lot of organizations are very disorganized in even understanding the environments they're dealing with," Ponemon says. Ponemon is the director of the institute. The full article is a quick read and worth sharing with colleges.