Where are cybersecurity budgets going?

A new year means new budgets, strategies and expectations for businesses everywhere, but what does that mean for cybersecurity?

A new year means new budgets, strategies and expectations for businesses everywhere, but what does that mean for cybersecurity?

If you have casually read the news or turned on the evening headlines, you know that cyberattacks are something that people can no longer avoid. Names like the Colonial Pipeline, Log4j or JBS quickly spring to mind. It may be easy for wonks like me working in cybersecurity to tell you about them or link to many of the stories we covered on Kaspersky Daily, but what would be the fun in that?

What many care about is what businesses are doing to protect themselves so that their customers’ and corporate data stays safe and secure. We wondered as well and commissioned a survey of 600 business’ IT staffs in North America to see how they are preparing for this upcoming year.

Our survey says…

In looking at the data, it seems that organizations are starting to move cybersecurity up their priority list for when planning out their spending for the new year. Some of the highlights are:

  • 86% of respondents said their business intends to include cybersecurity protection and prevention in its 2022 budgets.
  • 85% are increasing cybersecurity budgets by up to 50% in the next year.
  • 28% of respondents said their company will continue its annual investment of $25-50K per year in cyber insurance.
  • Where cybersecurity risk management investments are organizations prioritizing in 2022? Cyber insurance (45%), digital forensics and incident response (43%) and training (42%) take the top spots.

86% said that their organization intends to set aside budget for cybersecurity in 2022

Budgeting during a pandemic

As the pandemic continues on (unfortunately), its impact can still be felt across businesses everywhere. While budgets may still be constrained due to the pandemic, brute force attacks have skyrocketed since the spring of 2020 making cybersecurity an important part of the budget. SMBs especially understand the importance of budgeting for cybersecurity, with 19% saying their organization will increase investments in the tech by 6-10% in the next year.

Budget constraints shouldn’t stand in the way of a business having solid cybersecurity measures in place. Cybersecurity can happen on a budget without compromising client databases, reports and other important data. More information and resources can be found here.

To insure or not to insure

We have insurance in case of fires, health issues, car accidents and so much more, so why not in case of a cyberattack? While cyber insurance is still a pretty new concept, it’s become a key area of investment for many businesses. Just like other insurance plans that we’re used to, a cyber insurance policy can help mitigate risk exposure by offsetting costs involved with damages and recovery after a cyber-related attack, breach or other incident.

Many companies (28%) already invest $25-50K annually on cyber insurance. As cyber criminals continue to broaden their reach and skillsets, cyber insurance will become an even greater asset in the fight against cybercrime.

85% said that their organization's budget would increase up to 50%

The vendor-client relationship

It takes a long time to develop a solid vendor-client relationship. As cybercrime evolves, so must the strategic approach against cyberattacks and clients are relying on their vendors to keep them protected. So who’s to blame when a cyberattack does get through any protection barriers?

While vendors are still at the top of the blame game for a cyberattack, 41% of clients still see the vendor as the expert in the field and would ask them for recommendations on how to avoid potential cyberattacks if they were affected by one. Clients are relying on vendors to constantly improve their detection and prevention strategies and solutions. As the cybersecurity landscape expands, it’s crucial for vendors to continue to innovate based on client needs.

In recent years, businesses have been prioritizing cybersecurity more than ever before. Cyberattacks aren’t going away and it’s the IT staff’s job to ensure their companies are protected and prepared. As companies reevaluate their budgets for 2022, don’t be the one to skimp on cybersecurity. So how can you ask for more budget?

  • Present hard numbers. As of 2020, on average, a breach costs an enterprise $1.09M and a SMBs $101K, compared to $1.41M and $108K respectively in 2019.
  • Use persuasive pictures. A visual representation of the current state of cybersecurity at other companies in your industry, region, size and budget range can highlight the types of threats they are encountering, the solutions they’re using and the budgets they’re working with. The Kaspersky IT Security Calculator can provide all of that information in a visually appealing way.

It’s a new year and the best way to ensure your business is safe from any potential cyberattacks is to invest in cybersecurity measures. Thankfully, many businesses are already doing so, but there’s always room for improvement. Re-evaluate your company’s budget, consider your cyber insurance options and strengthen your client-vendor relationships.