According to latest “IT Security Economics” report by Kaspersky, companies are planning to increase their investments in information security against the background of growing financial losses from cyber incidents.
Kaspersky IT Security Economics is an annual report that unpicks the changes in budgets, breaches and business challenges affecting IT Security decision makers. It is based on interviews with IT and IT security professionals working in organizations of various sizes and industries. The survey was conducted across 27 countries in Europe, the Middle East, Turkiye, the Africa region, Latin and North America and the Asia-Pacific region including Pakistan.
According to the research, companies plan to increase their IT security budgets by up to 9%. The median cybersecurity budgets for large enterprises were $5.7M with $41.8M allocated for IT generally, while SMBs invested $0.2M in IT security from a median IT budget of $1.6M.
Large enterprises experienced an average of 12 incidents this year, spending $6.2M to recover from them — 1.1 times higher than the budget allocated for IT security overall. While these enterprises are often better equipped to detect incidents quickly, the time required to fully respond and mitigate these threats can span for hours, underscoring the challenge of managing widespread, complex IT environments.
As for SMBs, these organizations experienced an average of 16 incidents this year, while spending $0.3M for remediation, which is 1.5 times higher than their overall IT Security budget. SMBs are the most disproportionately affected group in terms of budgetary impact.
In Pakistan organizations of all sizes reported to have experienced on average 11 incidents within a year.
“The growth in budget is driven by at least three key factors including the constant growth in the complexity of cybersecurity threats, increasing concerns from governments regarding digital sovereignty leads to the emergence of new regulations and regulatory requirements and, as a result, increased expenses and the constant increase in salary expectations for professionals in various cybersecurity fields,” comments Veniamin Levtsov, Vice President, Center of Corporate Business Expertise at Kaspersky.
To protect companies against a wide range of cyber threats, Kaspersky recommends to use all-encompassing solutions, such as those from the Kaspersky Next product line, that provide real-time protection, threat visibility, advanced investigation and response capabilities for companies of any size and industry. Adopt a managed security service such as Kaspersky Managed Detection and Response if companies lack qualified InfoSec professionals. Educate your employees. Dedicated training courses can help, such as those provided in the Kaspersky Automated Security Awareness Platform. To gain more insights about IT security costs and budgets in businesses visit the interactive IT Security Calculator.
To read the full report “IT Security Economics”, visit the website.