AVORD research reveals
cost of protecting critical assets with 77% saying it’s too expensive.
Businesses across the UK have criticised the security
testing industry for being too expensive, with a new report highlighting that
firms are spending more than £6.6bn annually protecting critical assets from
Research from AVORD – a new security testing platform that–
puts the spotlight firmly on the security testing market, which is dominated by
consultancies that provide services to businesses, sometimes at twice the daily
rate of an independent tester. And with 77% of UK businesses claiming the cost
of testing is too expensive, there is a clear demand for change.
The need to use external consultants is driven by the fact
only one in five (21%) UK businesses have sufficient, in-house, employee skills
and knowledge to carry out security testing – most of which are major
organisations with more than 750 employees. When homing in on SMEs, the figure
falls to just 1%, with businesses almost exclusively (95%) outsourcing the
testing of security controls for its critical assets
The challenges of security testing
Three in four businesses are currently initiating security
testing to comply with organisational operating practices and standards, such
as ISO27001, ITIL, ISF’s Standard of Good Practice for Information Security and
public sector guidelines. However, most firms taking part in the study said
that determining the risks associated with a sensitive data breach (72%) and
cost (72%) were major challenges when it comes conducting tests.
The complexities and lack of security testing knowledge were
also cited as key issues, with seven in 10 revealing ‘identifying when in the
development process to test’ and ‘what kind of testing was required’ as further
challenges. As a result, more than three quarters of businesses (82%) are now
outsourcing security testing on their critical assets at considerable expense.
33% of UK businesses have battled an online security breach
in the past 12 months, which have directly hit their bottom lines, lost them
customers and damaged their brand reputations. Of those hit by a cyber-attack,
95% reported that the breach occurred partly or totally as a result of issues
with the security testing process.
Over the past five years the majority of companies have seen
a major increase in the number of data breaches: a quarter reported an increase
of between 10% and 20%, one in 10 reported an increase of between 30% and 40%
more, while more than a half reported up to 10% more data breaches.
New security testing
AVORD promises to slash the price of security testing and
make it simpler and more accessible. Its free online platform will bring 1000s
of qualified security testers together with businesses. The brainchild of two
career security professionals, who have seen the market monopolised by major
consultancies, it will enable companies to reduce their costs by 30-40%.
The unique online security testing platform cuts out the
expensive middle men, ensuring that businesses of all sizes can protect their
businesses against future threats. Free to use, AVORD provides automated
scheduling and tracking of security tests, delivering an instant view of all
tests across an estate through a fully interactive risk and reporting
The new platform will also allow security testers to sign up
for free, enabling them to stay independent and charge their normal day rates.
They will, for the first time, have a place where they can receive contract
offers from clients around the world who have specific requirements that match
Brian Harrison, founder and CEO of AVORD, says, “Quite
simply, security testing has become too expensive for many UK businesses. Companies are struggling to cope with the
ever-increasing threats impacting on their attempts to secure systems at
current costs. Unless something changes, businesses will be forced to cut
corners and this will inevitably mean there are more data breaches and system
“AVORD has been designed to disrupt the current security
testing model by cutting out the costly ‘middle-man’ consultancies and allows
businesses to directly manage and engage security testers. This means that
whereas industry currently pays up to £1,100 per day for cyber security
testing, that cost will be reduced to approximately £600, collectively saving
UK businesses around £3bn annually.”