Cyber budgets rose less than 1% during the pandemic, despite 61% of enterprises having experienced a serious incident.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability
Thursday 11 November 2021 – The cyber budgets of enterprises rose by less than 1% during the pandemic, according to their cyber budget holders. This left cyber spend stagnating at an average of around £18 million ($24.9 million) for the 2021 financial year. This is despite the fact that 61% reported having suffered a major cyber incident in the past three years.
Half (50%) of organisations either ‘hit pause’ or decreased their cyber budgets during the pandemic. Now, IT leaders expect to increase their cyber budget by an average of 8.4% in the next twelve months, taking the average budget to £19.9 million ($27 million). But taking into account inflation, which is currently 3%, this still may not be enough to make up for lost time during the pandemic. If this trend continues, a cyber spending ‘deficit’ will emerge that makes businesses more vulnerable to cyber incidents, as attacks become more frequent and more sophisticated.
The problem is compounded by a lack of confidence among business and IT decision makers in how they spend their cyber budgets:
- 41% said their organisation needed a better understanding of how to prioritise areas for cyber investment.
- Half (50%) reported they had a cyber strategy but had not been able to fully implement it – meaning that cyber investments are not realising their full potential.
“Businesses need to act now to lock in their cyber spending for next year,” said Jamie Smith, Head of Cyber Security at S-RM. “The readiness with which we saw businesses pull back their budgets during the pandemic is concerning. Next year’s cyber budgets cannot be futureproofed against all forms of disruption, but there are trends business leaders should watch closely. A major one is the rising cost of cyber insurance - premiums are going up. This is because cyberattacks are becoming more frequent. What’s more, insurers are looking to reduce the risk they take on when they provide cyber policies. As a result, insurers want companies to prove how cyber resilient they are before providing cover.”
“Cyber budgets have stagnated at a time when the cost of cybercrime and frequency of attacks is increasing at an alarming rate. The average immediate damage of a cyber incident is in the region of £1.3 million ($1.8 million). But the secondary costs like higher insurance premiums and recovery services can more than double this.”
“Businesses have been failing to keep pace, and if they don’t commit to strategic investment in their cyber security, they risk serious financial and reputational damage.”
The analysis, developed by S-RM, will guide organisations who are looking to utilise their cyber spend more effectively. It also found a clear correlation in the data which suggests that cyber confidence comes from the top. Businesses with boards who had a highly proactive approach to cyber security were more likely to say they are investing cyber budget in all the right places (79%) compared to those whose boards are not totally proactive and do not experience proactive support from the top (45%).
About the research
Research carried out by Vanson Bourne in August and September 2021 among 300 IT/cyber decision makers and 300 C-level / senior business decision makers. Respondents all work in organisations of 1,000+ employees and were evenly split between the US and UK.
Download the full report: Investing in Cyber Resilience: Spend, Strategy, and the Search for Value.
S-RM is a global intelligence and cyber security consultancy. Founded in 2005, they have 250+ practitioners spanning six international offices. Their teams are designed to address unique problems and complex challenges, deliver actionable results and direct, honest and objective advice. They serve clients across all regions and major sectors. Their clients include government departments, global banks, and multinational corporations across a wide range of industries.
About VANSON BOURNE
Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets.