header image

Cyber Investment Decisions: Split Thinking?

Jamie Smith, Joseph Tarraf 18 January 2022
18 January 2022    Jamie Smith, Joseph Tarraf

Investing in Cyber Resilience: Spend, Strategy, and the Search for Value

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

While the overall size of cyber budgets is an important metric when preparing a cyber strategy, how individual budgets are allocated across different cyber investment areas is equally pertinent.


The survey behind our report, Investing in Cyber Resilience: Spend, Strategy and the Search for Value, found that IT and senior decision makers have different confidence levels around how well cyber investments are made within their organisations. IT decision makers feel more confident than senior decision makers – at 71% and 56% respectively – that their organisations are making investments in the right places.


Figure showing percentage responses to the statement ‘we are investing in all of the right areas.' showing IT decisions makers are more confident than senior decision makers that they are more confident – 71% and 55% respectively


But where does this difference stem from?

72% of all respondents agree there are different priorities among senior stakeholders when it comes to managing security strategy, which results in conflicts regarding how cyber security budgets are allocated and utilised. Digging into the data, we can see differing priorities across departments. While hybrid working emerged as the most frequently cited challenge across almost all departments, priorities began to diverge when it came to the second and third most frequently referenced issues.

table showing the three most frequently cited 'Biggest cyber security challenges' by department
Department First Second  Third

Cyber Security

Hybrid working models 48%

Compliance with policies is not enforced

outdated cyber
security tools 39%

Information Technology

Hybrid working models 51%

Compliance with policies is not enforced 40%

Compliance with policies is not enforced 40%


Lack of budget  47%

Lack of skills/expertise 40%

Hybrid working models 37%

Business Direction & Strategy

Lack of skills/expertise 39%

Hybrid working
models (tied) 33%

Lack of budget
(tied) 33%

Business Development
& Sales

Hybrid working models 44%

Perceived lack of importance from employees 41%

Unsophisticated/outdated cyber security tools 33%


Hybrid working models 49%

Compliance with policies is not enforced 43%

Perceived lack of importance from employees 40%


Hybrid working models 46%

Perceived lack of importance from employees 41%

Unsophisticated/outdated cyber security tools 28%


Issues around the enforcement of policy compliance are prioritised by security teams, IT, and operations. Meanwhile, employee awareness ranks highly among those with business direction and strategy-setting remits. Perhaps unsurprisingly, finance teams consider overall budgetary constraints as their primary concern.


A holistic cyber strategy

In every organisation, certain priorities seen as ‘must-haves’ by one group may be considered ‘nice-to-haves’ by another. A holistic cyber strategy will consider the potential challenges posed by diverging priorities across different functional units. Given the multi-disciplinary nature of cyber security and cyber incident response, achieving maximum buy-in from all relevant stakeholders will be key to the successful rollout of any cyber strategy. Therefore, while strategy setting and cyber budget allocations need top-level drive to succeed, effective implementation will increasingly rely on cross-functional communication and collaboration.




Investing In Cyber Resilience Report Download Button

To discuss this article or other industry developments, please reach out to one of our experts.

Jamie Smith
Jamie smith Board Director, Head of Cyber Security Email Jamie
Joseph Tarraf
Joseph tarraf Managing Director, Cyber Security Email Joseph


We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report