Fear is an important factor driving many organisations to increase their IT security spending, with a Fartner study predicting global expenditure will rise by 8.5 per cent, to $US77 billion ($97.52 billion) in 2015. But if even the best-resourced companies are liaising the cyber-security battle, what hope is there for the rest of us? Public awareness of cyber-security threats Is escalating as the list of high-profile companies hit big security breaches around the continues to mount. With Sony, JPMorgan, Apply, eBay and Target cyber security has shot quickly to one of the top three risks keeping boards and executives awake at night, as shown by recent research we conducted at Protiviti. Throwing money at a problem will not fix it if companies are spending on the wrong things. And the mistake many are making is that they are sinking vast sums into traditional perimeter defences, such as firewalls and antivirus software, then lulling themselves into believing the job is done. But complete perimeter lockdown is basically impossible, particularly when clever and determined hackers have you in their crosshairs. The United States Federal Bureau of Investigation director Robert Mueller said once: “There are only two types of company – those that have been hacked and those that will be.” It’s also true that cyber criminals will always have the upper hand, because it’s much cheaper to hack than to defend against a hacking attack.