Skip to main content

Woburn, MA – December 5, 2023 — According to a recent study by Kaspersky, 16% of companies in the U.S. have experienced cyber incidents due to insufficient cybersecurity investment in the last two years. Alarmingly, critical infrastructure, energy, oil and gas organizations suffered the biggest number of cyber incidents due to improper budget allocation (43%). Further, when it comes to companies’ finances in the U.S. 32% admit they do not have the budget for adequate cybersecurity measures. 

Kaspersky conducted a study[1] to discover the opinions of IT Security professionals working for SMEs and enterprises worldwide regarding the human impact on the cybersecurity in a company. The research – aimed at gathering information on various groups of people who influence cybersecurity – considered both internal staff, and external contractors. It also analyzed the impact decision makers have on cybersecurity in terms of budget allocation. 

Insufficient distribution of budget for cybersecurity led 16% of companies in the U.S. to endure cyber incidents in the last two years. The situation is different for every industry. For example, critical infrastructure, energy, oil and gas organizations suffered the greatest number of cyber breaches because of the lack of budget (43%). The information technology sector as well as transportation and logistics suffered 14% of cyber incidents due to budget constraints, with financial services (13%), retail (11%) and manufacturing (10%) to follow.  

When asked about the budget for cybersecurity measures, 67% of respondents said they are equipped to keep up with or even stay ahead of new threats. However, 32% of companies are not doing so well with 27% reporting they don’t have sufficient funds to protect the company’s infrastructure properly. At the same time, there are still companies without cost allocations for cybersecurity at all – 6% claimed they don’t have a dedicated budget for cyber protection needs. The most successful industries in terms of proper monetary distribution for cybersecurity are IT and retail with 82% of respondents working in this sphere claim their organizations are set to keep up with and stay ahead of all new threats. 

Many respondents' companies are eager to take steps to strengthen their cybersecurity in the next 1-1.5 years. One of the most popular areas of investment is threat detection software (32%), and trainings, where 27% of companies plan to allocate budgets for educational programs for cybersecurity professionals and 39% for training general staff. Other popular measures organizations plan to take soon are hiring additional IT professionals (41%), adopting SaaS cloud solutions (40%) and introducing endpoint protection software (26%).

“Today, companies must align cybersecurity investment with a business strategy and consider cybersecurity as one of their business goals,” comments Ivan Vassunov, vice president of corporate products at Kaspersky. “Of course, investments must justify themselves and be effective, so the information security department also faces the task of increasing the ROI of investments in information security and defending investments to senior management or the board of directors.”

The full report and more insights on the human impact on cybersecurity in business are available via the link

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at

Media Contact:

Cassandra Faro


[1] The survey was conducted across 19 countries: Brazil, Chile, China, Colombia, France, Germany, India, Indonesia, Japan, Kazakhstan, Mexico, Russia, Saudi Arabia, South Africa, Spain, Turkey, UAE, UK and USA.

Critical infrastructure, energy, oil and gas see the most cyber incidents due to lack of budget in the U.S.

Kaspersky Logo