Cybersecurity expert explains why budget allocation to IT needs and cybersecurity are crucial
The purchase of cybersecurity solutions/services (66%), as well as cybersecurity training (57%), are the most popular IT investments among British businesses this year, according to the newest research by NordLayer, a network security solution for businesses. The majority of UK companies (61%) have in-house cybersecurity specialists to take care of that, while 22% outsource such services.
“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even non-existent,” says Carlos Salas, a cybersecurity expert at NordLayer.
Additionally, the same research shows that the most prominent types of cyberattacks in the UK from the last year were malware (43%), phishing (31%), and data breaches (26%). As a result, financial damage varies from losses of up to 5,000 GBP for 24% of companies and to over 10,000 GBP for 17% of surveyed UK companies. Numbers could be even higher because as much as 25% of companies could not disclose how much they lost due to cyber incidents.
What cybersecurity solutions are currently in use among UK companies?
Research reveals that British companies combine different measures to achieve security. Nearly 8 out of 10 companies utilize antivirus software (79%). Password (63%) and file encryption (66%) managing solutions are the second-highest priority when creating security policies within organizations at the moment.
Business virtual private networks (VPNs) maintain their popularity in securing organization network connections, with over half (55%) of companies using them. Cyber insurance (56%) is a relatively new solution making its way to business cybersecurity, although its focus is on covering the consequences of an incident rather than preventing it.
More than a quarter of UK companies plan to allocate up to 24% of their organizational budget for IT needs in 2023
Spending on cybersecurity solutions, services, and applications will remain a priority (66%) in the 2023 budget. However, British companies will devote less budget to employee cybersecurity training (57%), hiring dedicated staff for cybersecurity questions (47%), and external cybersecurity audits (45%).
The research shows that more than a quarter of UK companies (26%) plan to allocate up to 24% of their organizational budget for IT needs in 2023. However, most of them (39%) plan to invest less than a quarter of their budget. Only 2% of companies said they don’t plan to invest in cybersecurity in 2023, out of which all are small companies.
“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says Salas.
What cyberattacks are experienced in small, medium, and large companies?
NordLayer surveyed organizations of various sizes, revealing some similarities and differences between cyberattacks and company size. Speaking of similarities among all sizes, phishing (39%) is the overall most prominent, followed by malware (34%).
Small businesses are more likely to experience identity theft (12%) or data breaches (11%) than insider threats (2%) or social engineering attacks (5%). Also, small businesses experience the lowest number of cyberattacks — 42% of respondents did not face them.
Medium enterprises tend to suffer from malware (43%), social engineering (30%), and insider threats (29%). Compared with the other two categories, medium-sized businesses were exposed most to data breaches (34%) and DDos/DoS attacks (27%).
Large companies experienced the most cyberattacks — as much as 92%. Organizations of such size experience malware (43%) slightly more often than phishing (42%). They experience the same amount of data breaches and identity theft (27%) attacks, while ransomware is the least expected (19%).
Companies should allocate a budget for cybersecurity
The mantra “cybersecurity keeps evolving — so do cyber threats” remains relevant today, emphasizing the need for strengthening business protection measures. Choosing comprehensive cybersecurity tools and solutions helps to achieve the flexibility needed to adapt to dynamic technological and risk change. A sufficient budget is key.
Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”
Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about cyber incident costs and allocated budgeting for IT and security in the period of 2022-2023. The samples were taken from non-governmental organizations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups regarding size: 1 – 10 employees (small), 11-200 employees (medium), 201+ employees (large).