Financially motivated data breaches are set to cost businesses 20 percent more each year until 2009, according to Gartner.John Pescatore, VP at Gartner, said the biggest risk to organizations came from targeted attacks. He said that “phishing and identity theft attacks have caused the rise of ’credentialed’ attacks, in which the attacker uses the credentials of a legitimate user.”Malicious software attacks allowed internal executables to be used to forward information to an external attacker, Pescatore warned. “Being aware of ’inside out’ communications and being able to block those as effectively as ’outside in’ is becoming increasingly important,” he said.It was important to make sure that security strategies reduced the cost of dealing with mass attacks, Gartner advised, in order to free up budgets for the next generation of security attacks. The analyst group reckons the average business is spending more than 5 percent of its IT budget on security, and another 7 percent on disaster recovery.But it said 90 percent of targeted attacks could be avoided without an increase in firms’ security budgets, and said the investments that enterprises had made in intrusion prevention, vulnerability management and network access control had largely paid off. At the same time, however, it warned that there was currently little or no correlation between organizations that spent the most on security and those that are most protected, it said.It said the most effective way to become increase the efficiency of security spending was to avoid vulnerabilities by ensuring that security was a top requirement for every new application, process and product. It was also important to establish security metrics to measure spending efficiency, it added. By Leo King, Computerworld UK Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe