Recent research conducted by NordLayer, a network security solution for businesses, reveals that businesses are prioritizing investing in cybersecurity. The study indicates that the majority of companies (65%) have in-house cybersecurity specialists, while 20% outsource such services. The most popular IT investments among businesses this year include the purchase of cybersecurity solutions/services/apps (61%) and cybersecurity training for employees (56%).
“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even non-existent,” says Carlos Salas, a cybersecurity expert at NordLayer.
The research also highlights the significant cyber threats faced by companies in the past year. The most prominent attacks reported were phishing (40%), malware (36%), and data breaches (27%). The financial damages resulting from these attacks vary, with 37% of companies reporting losses of up to 5,000 in local currency, and 17% reporting losses exceeding 10,000. However, the actual numbers could be higher, as 18% of companies did not disclose the extent of their losses due to cyber incidents.
Cybersecurity solutions employed by companies
To enhance security, companies employ a combination of measures. The research indicates that over 70% of companies utilize antivirus software (78%), prioritize secure passwords and file encryption (both 67%), and utilize business virtual private networks (VPNs) to secure network connections (60%). Cyber insurance is also gaining traction (48%), although it primarily focuses on covering the consequences of incidents rather than preventing them.
A majority of companies are setting aside 24% of their organizational budget for IT requirements for 2023
Looking ahead to 2023, nearly half of the companies surveyed (35%) plan to allocate up to a quarter of their organizational budget for IT needs. The budget will prioritize investing in cybersecurity solutions, services, and applications (61%), as well as cybersecurity training for employees (56%). Additionally, companies will allocate a budget for hiring dedicated staff for cybersecurity concerns (48%) and external cybersecurity audits (43%). Only a small percentage of companies (3%) stated that they do not plan to invest in cybersecurity in 2023, primarily consisting of small companies.
“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says Salas.
Types of cyberattacks that companies face
The research also explores the cyberattacks experienced by companies of different sizes. Phishing (39%) and malware (34%) are prevalent across all company sizes.
Small businesses are more likely to experience identity theft (12%) or data breaches (11%), while medium-sized enterprises face malware (43%), social engineering (30%), insider threats (29%), data breaches (34%), and DDoS/DoS attacks (27%).
Large companies experience the highest number of cyberattacks (92%), with malware (43%) and phishing (42%) being the most common, followed by data breaches and identity theft (27%), and ransomware attacks (19%).
Investing in cybersecurity is the need of the hour
Given the evolving nature of cyber threats, businesses must prioritize investing in cybersecurity and allocate a sufficient budget to implement comprehensive cybersecurity measures. This approach will provide the necessary flexibility to adapt to changing technological landscapes and mitigate risks effectively.
Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”
Read Next: Gartner Magic Quadrant for Security Service Edge Recognizes Top 10 Vendors
