It’s estimated that in the first half of 2019 alone there have been nearly 4,000 data breaches, putting more than four billion users’ data at risk. Organisations have continued to be hit by high-profile, and costly cybersecurity beaches throughout the last 12 months. This year, Gartner has revealed that IT security and infrastructure budget investment has continued to grow. Worldwide IT spending is projected to total USD3.74 trillion in 2019 as businesses respond to number of growing threats to their systems, business operations and finances.
Given that businesses are still proving to be vulnerable to cyberattacks, it’s clear that more needs to be done so they adapt to a fast-moving and ever-increasing threat landscape. As they strive to achieve this, we can see that businesses are continuing to invest in their IT security and systems. With the Financial Services Information Sharing and Analysis Center advising that businesses should be asking for greater budgets to tackle cybersecurity, it’s clear that organizations need to bolster their businesses to mitigate long-term risks and protect from anticipated attacks in the future.
As business leaders strive to future-proof their organizations from cyberthreats, Kaspersky continues to work towards building a safer world. This involves understanding how enterprises and small and medium businesses can continue to identify vulnerabilities and protect themselves from sophisticated attacks.
Building on our annual research into the economy of the IT security industry, this report reflects on survey results from the past 12 months to highlight how organizations are investing their IT security budget. It looks at how businesses are losing money and saving costs amid cyberattacks as well as how they are affected by the threat landscape and the ways they are responding to these incidents, both financially and operationally.
Businesses need to focus their attention on the costliest attacks
Despite the fact that businesses are growing their IT security budgets, and the resources they put into monitoring threat incidents, many aren’t aware of the attacks that are costing them the most money.
The costliest type of data breach for smaller businesses are incidents affecting IT infrastructure hosted by a third party, adding up to USD162k. However, SMBs only ranked this as the fifth most important measure, and instead are most concerned about data protection issues, such as the loss of a physical device, or data loss through a targeted attack.
Investing in people, not systems
Last year’s report saw many businesses embarking on digital transformation projects to overhaul systems and defend their systems from cyberattacks, particularly cloud-based breaches. This year’s result however, reveal that businesses are increasingly investing in their people and resources to ready themselves for more attacks and prepare their IT departments for the future.
In 2019, enterprises have seen the highest rise of costs following incidents come from employing external professionals (USD170k) and the hiring of new staff (USD131k), which have increased by 35% and 24% respectively since 2018. At SMBs, new staff hiring costs remain unchanged at USD11k, compare to spending falling elsewhere on different departments across the board. Yet organisations face the challenge of being able to invest in expertise to build a more secure organisation as the talent is not available to meet market demand.
Notably this is resulting in the bolstering of internal IT teams, rather than just the hiring of outsourced MSPs, bringing skills and expertise in-house.
Security Operation Centers are becoming increasingly important
Interestingly, our study also found that maturity of IT systems pays in savings as a result of data breaches. Having an internal Security Operation Centre nearly halves the financial impact of data breaches in enterprises, from USD1.4 million to only USD 675k.
There are savings for upper SMBs who adopt an SOC as well, with the total financial impact of a data breach sitting at only USD106k for those with an internal SOC, compared to USD129k for SMBs overall. Although this saving isn’t as pronounced, it still reduces costs by 22%, and this cost saving may be lower given that many SMB still use an external service for this function.
Get in touch with us to have a better understanding of your current cybersecurity requirement.
india-info@kaspersky.com
Given that businesses are still proving to be vulnerable to cyberattacks, it’s clear that more needs to be done so they adapt to a fast-moving and ever-increasing threat landscape. As they strive to achieve this, we can see that businesses are continuing to invest in their IT security and systems. With the Financial Services Information Sharing and Analysis Center advising that businesses should be asking for greater budgets to tackle cybersecurity, it’s clear that organizations need to bolster their businesses to mitigate long-term risks and protect from anticipated attacks in the future.
As business leaders strive to future-proof their organizations from cyberthreats, Kaspersky continues to work towards building a safer world. This involves understanding how enterprises and small and medium businesses can continue to identify vulnerabilities and protect themselves from sophisticated attacks.
Building on our annual research into the economy of the IT security industry, this report reflects on survey results from the past 12 months to highlight how organizations are investing their IT security budget. It looks at how businesses are losing money and saving costs amid cyberattacks as well as how they are affected by the threat landscape and the ways they are responding to these incidents, both financially and operationally.
Businesses need to focus their attention on the costliest attacks
Despite the fact that businesses are growing their IT security budgets, and the resources they put into monitoring threat incidents, many aren’t aware of the attacks that are costing them the most money.
The costliest type of data breach for smaller businesses are incidents affecting IT infrastructure hosted by a third party, adding up to USD162k. However, SMBs only ranked this as the fifth most important measure, and instead are most concerned about data protection issues, such as the loss of a physical device, or data loss through a targeted attack.
Investing in people, not systems
Last year’s report saw many businesses embarking on digital transformation projects to overhaul systems and defend their systems from cyberattacks, particularly cloud-based breaches. This year’s result however, reveal that businesses are increasingly investing in their people and resources to ready themselves for more attacks and prepare their IT departments for the future.
In 2019, enterprises have seen the highest rise of costs following incidents come from employing external professionals (USD170k) and the hiring of new staff (USD131k), which have increased by 35% and 24% respectively since 2018. At SMBs, new staff hiring costs remain unchanged at USD11k, compare to spending falling elsewhere on different departments across the board. Yet organisations face the challenge of being able to invest in expertise to build a more secure organisation as the talent is not available to meet market demand.
Notably this is resulting in the bolstering of internal IT teams, rather than just the hiring of outsourced MSPs, bringing skills and expertise in-house.
Security Operation Centers are becoming increasingly important
Interestingly, our study also found that maturity of IT systems pays in savings as a result of data breaches. Having an internal Security Operation Centre nearly halves the financial impact of data breaches in enterprises, from USD1.4 million to only USD 675k.
There are savings for upper SMBs who adopt an SOC as well, with the total financial impact of a data breach sitting at only USD106k for those with an internal SOC, compared to USD129k for SMBs overall. Although this saving isn’t as pronounced, it still reduces costs by 22%, and this cost saving may be lower given that many SMB still use an external service for this function.
Get in touch with us to have a better understanding of your current cybersecurity requirement.
india-info@kaspersky.com