security lock symbol on circuit board.3d rendering,conceptual image.
By David Akinmola
Companies are planning to increase their investments in information security against the background of growing financial losses from cyber incidents. The trend was revealed in the recent Kaspersky’s IT Security Economics report.
Kaspersky IT Security Economics is a yearly report that unpicks the changes in budgets, breaches and business challenges affecting IT security decision-makers. It is based on interviews with IT and security professionals working in organisations of various sizes and industries.
The survey was conducted across 27 countries in Europe, the Asia-Pacific region, the Middle East, Turkiye and Africa (META) region, Latin and North America.
According to the research, companies plan to increase their IT security budgets by nine per cent.
The median cybersecurity budgets for large enterprises were $5.7 million with $41.8 million allocated for IT generally, while small and medium businesses (SMBs) invested $0.2 million in IT security from a median IT budget of $1.6 million.
Possible reasons for the increased investment can be found in the analysis of financial losses from cyber incidents. Large enterprises experienced an average of 12 incidents this year, spending $6.2 million to recover from them –1.1 times higher than the budget allocated for IT security overall.
According to Kaspersky, despite the greater resources and advanced security infrastructures, the sheer scale and complexity of large enterprise organisations make them more susceptible to costly breaches. While these enterprises are often better equipped to detect incidents quickly, the time required to fully respond and mitigate these threats can span for hours, underscoring the challenge of managing widespread, complex IT environments.
The report noted that as for SMBs, these organisations experienced an average of 16 incidents this year while spending $0.3 million for remediation, which is 1.5 times higher than their overall IT Security budget. SMBs are the most disproportionately affected group in terms of budgetary impact. They often lack robust cybersecurity policies and procedures, which leaves them vulnerable to incidents involving employees, public cloud misconfigurations, and high-level permissions.
In the META region, organisations of all sizes reported to have experienced on average 13 incidents within a year. In South Africa, organisations of all sizes were reported to have experienced an average of 19 incidents within a year.
Vice President, Centre of Corporate Business Expertise at Kaspersky, Veniamin Levtsov, said: “This data illustrates the continuation of the current trend of increasing cybersecurity spending across all market segments.
This growth is driven by at least three key factors. Firstly, and obviously, the constant growth in the complexity of cybersecurity threats forces companies to adopt more advanced solutions to enhance the detection of attack traces and automate responses.
“Secondly, increasing concerns from governments regarding digital sovereignty leads to the emergence of new regulations and regulatory requirements and, as a result, increased expenses. The third factor influencing the growth of cybersecurity budgets and costs is the constant increase in salary expectations for professionals in various cybersecurity fields.”
However, to protect companies against a wide range of cyber threats, Kaspersky recommends the use of all-encompassing solutions, such as those from the Kaspersky Next product line, that provide real-time protection, threat visibility, advanced investigation and response capabilities for companies of any size and industry.
The security firm said there is a need for the adoption of a managed security service, saying there is a need for companies to have qualified InfoSec professionals. It will provide the necessary expertise and give them the best possible advanced automated security services.
