Firms to boost IT security budgets by 9% amid cyber losses

Today

As reported by Kaspersky's latest IT Security Economics study, businesses are projected to increase their IT security budgets by up to 9% over the next two years in response to growing financial losses due to cyber incidents.

The report, which is conducted annually, delves into how budgets, breaches, and business challenges are influencing decisions in IT security. It involves input from IT and IT security professionals across a diverse range of industries and organisations in 27 countries, including Europe, the Asia-Pacific region, the Middle East, Turkey, Africa, Latin America, and North America.

Kaspersky's research indicates that large enterprises currently allocate a median of USD $5.7 million towards cybersecurity within a general IT budget of USD $41.8 million. In comparison, Small and Medium-sized Businesses (SMBs) invest USD $0.2 million in IT security from a median IT budget of USD $1.6 million.

The report details that large enterprises experienced an average of 12 cyber incidents this year, with recovery costs amounting to USD $6.2 million—1.1 times their overall IT security budget. This highlights the financial strain on large enterprises, which face challenges despite having considerable resources and advanced security measures due to their scale and complexity. Although they can typically detect incidents swiftly, complete response and mitigation often require several hours, particularly in vast and intricate IT environments.

In contrast, SMBs dealt with an average of 16 incidents, spending USD $0.3 million on remediation—1.5 times more than their allocated IT security budget. This indicates a disproportionate budgetary impact on SMBs, which often do not have robust cybersecurity policies, making them vulnerable to incidents tied to employee mishaps, public cloud misconfigurations, and high-level permissions.

Veniamin Levtsov, Vice President of the Center of Corporate Business Expertise at Kaspersky, explained, "This data illustrates the continuation of the current trend of increasing cybersecurity spending across all market segments. This growth is driven by at least three key factors. Firstly and obviously, the constant growth in the complexity of cybersecurity threats forces companies to adopt more advanced solutions to enhance the detection of attack traces and automate responses."

"Secondly, increasing concerns from governments regarding digital sovereignty leads to the emergence of new regulations and regulatory requirements and, as a result, increased expenses. The third factor influencing the growth of cybersecurity budgets and costs is the constant increase in salary expectations for professionals in various cybersecurity fields."

Kaspersky advises companies to employ comprehensive solutions from the Kaspersky Next product line, which offers real-time protection, threat visibility, and advanced investigation and response capabilities suitable for companies of all sizes. These solutions allow flexibility in choosing and migrating between product tiers as cybersecurity requirements evolve.

Furthermore, for firms lacking qualified InfoSec professionals, adopting managed security services such as Kaspersky Managed Detection and Response is recommended. This service provides much-needed expertise and automated security services, leveraging real-time analysis of corporate data 24/7 to defend against complex cyberattacks.

Share on: