02 December 2024
As reported by Kaspersky's latest IT Security Economics study, businesses are projected to increase their IT security budgets by up to 9% over the next two years in response to growing financial losses due to cyber incidents.
Kaspersky's research indicates that large enterprises currently allocate a median of US$5.7 million towards cybersecurity within a general IT budget of US$41.8 million. In comparison, Small and Medium-sized Businesses (SMBs) invest US$0.2 million in IT security from a median IT budget of US$1.6 million.
Large enterprises experienced an average of 12 cyber incidents this year, with recovery costs amounting to US$6.2 million — 1.1 times their overall IT security budget. This highlights the financial strain on large enterprises, which face challenges despite having considerable resources and advanced security measures due to their scale and complexity. Although they can typically detect incidents swiftly, complete response and mitigation often require several hours, particularly in vast and intricate IT environments.
In contrast, SMBs dealt with an average of 16 incidents, spending US$0.3 million on remediation — 1.5 times more than their allocated IT security budget. This indicates a disproportionate budgetary impact on SMBs, which often do not have robust cybersecurity policies, making them vulnerable to incidents tied to employee mishaps, public cloud misconfigurations, and high-level permissions.
"This data illustrates the continuation of the current trend of increasing cybersecurity spending across all market segments. This growth is driven by at least three key factors. Firstly and obviously, the constant growth in the complexity of cybersecurity threats forces companies to adopt more advanced solutions to enhance the detection of attack traces and automate responses,” said Veniamin Levtsov, Vice President of the Center of Corporate Business Expertise at Kaspersky. "Secondly, increasing concerns from governments regarding digital sovereignty leads to the emergence of new regulations and regulatory requirements and, as a result, increased expenses. The third factor influencing the growth of cybersecurity budgets and costs is the constant increase in salary expectations for professionals in various cybersecurity fields."
Kaspersky advises companies to employ comprehensive solutions from the Kaspersky Next product line, which offers real-time protection, threat visibility, and advanced investigation and response capabilities suitable for companies of all sizes. These solutions allow flexibility in choosing and migrating between product tiers as cybersecurity requirements evolve.
Furthermore, for firms lacking qualified InfoSec professionals, adopting managed security services such as Kaspersky Managed Detection and Response is recommended. This service provides much-needed expertise and automated security services, leveraging real-time analysis of corporate data 24/7 to defend against complex cyberattacks.
