WOBURN, Mass.--(BUSINESS WIRE)--According to a new Kaspersky report ‘Investment adjustment: aligning IT budgets with changing security priorities,’ cybersecurity remains a priority for investment among businesses. Its share of IT spending has grown from 23% in 2019 to 26% in 2020 for SMBs, and from 26% to 29% for enterprises. 71% of organizations also expect their cybersecurity budget will increase in the next three years, despite overall IT budgets decreasing in both segments amid the COVID-19 pandemic.
External conditions and events can influence IT priorities for businesses. As a result of the COVID-19 pandemic, organizations have been forced to adjust plans to meet changing business needs. The report, based on a survey of more than 5,000 IT and cybersecurity practitioners, observes recent IT security economics trends and how they correlate with this year’s events1.
While the overall IT budget has fallen from $1.2m in 2019 to $1.1m in 2020 among SMBs, and from $74.1m to $54.3m for enterprises, the share of IT budget dedicated to IT security continues to grow year-on-year. Decreases in budget are likely due to the consequences of the global coronavirus pandemic, according to Gartner, whose experts also predicted that budgets would decrease earlier this year.
As a result, small and medium businesses allocated $275k to cybersecurity while enterprises invested $14m. According to the survey, the majority of companies are expecting these figures to grow in the next three years by 11% in enterprises and 12% in SMBs, on average. 17% believe it will remain at least the same as this year.
Alternatively, one-in-ten (10%) organizations said they are going to spend less on IT security. Interestingly, the main reason for this across enterprises is the deliberate decision of top management, who sees no point in investing so much money in cybersecurity in the future (32%).
Among SMBs, the reason to reduce spend in this area is primarily dictated by the need to cut overall company expenses and optimize budgets (29%). Small and medium organizations were hit hardest by the lockdown with more than half of small companies globally reported a decline in sales or experienced cash flow constraints. It is clear that those affected have needed to optimize their expenses to survive. But while this impacts cyber-protection, it’s important for businesses to find a way to keep safe from cyber-risks in such a challenging time.
“2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat,” commented Alexander Moiseev, chief business officer at Kaspersky. “Even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses, who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defenses by turning to free security solutions available on the market and introducing security awareness programs across the organization. Those are small steps that can make a difference, especially for SMBs.”
Kaspersky suggests the following advice to small and medium organizations in order to maintain their cybersecurity posture, even with low security investments:
- Always keep employees aware of IT security risks that can target their daily working routine. Dedicated training courses that teach security practices, such as the ones provided in the Kaspersky Automated Security Awareness Platform, use formats that help employees remember cybersecurity rules.
- Ensure timely updates of all systems, software and devices. Also all corporate devices should be protected with strong passwords that are changed regularly.
- Use a free endpoint security tool, such as Kaspersky Anti-Ransomware Tool for Business, which provides protection for both PCs and servers from a wide range of threats including ransomware, cryptominers, adware, pornware, exploits and more.
- There are also some useful tools that could help ad-hoc cybersecurity needs, such as checking suspicious files, IP addresses, domains and URLs. This can be done for free on the Kaspersky Threat Intelligence Portal.
To read the full report ‘Investment adjustment: aligning IT budgets with changing security priorities’, please visit here.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
1 The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) interviewed 5,266 respondents across 31 countries. Conducted by B2B International and commissioned by Kaspersky, fieldwork took place in July 2020.