Following the news that Sony Pictures Entertainment plans to spend $15 million on cyber security practices, Russ Spitler, VP, Product Strategy, AlienVault, writes:
“Sony Pictures had a gross revenue of $8B for the fiscal year of 2014. Assuming this $15M number is a quarterly budget not a one time cost that brings their projected annual cyber security budget up to $60M for 2015. With the assumption of about 3.5% of revenue spent on IT (from Gartner) this means they are spending $60M out of a total IT budget of $280M bringing them to about 20% of their IT budget spent on security. This is in line with the best out there (financial services), if it is a one time cost then they are spending about 5% of their IT budget on security which is the industry average (Gartner). However, when increasing spend this quickly other issues may arise as Sony tries to expand its internal expertise. It is a great start, however it is not an indicator that they will be able to successfully migrate that transition. They obviously have a big hole to dig out of and a lot of technology to get in place, but you would hope of all the executive teams out there, this one knows the personal price of poor security and has good motivation to see this effort through.”