IT managers expect to increase their IT security spending by 14% over tne next three years as they recruit cybersecurity staff and battle a growing tide of threats, including from within their own organisations.
A survey of 3,230 IT professionals in 26 countries, including in New Zealand and Australia by IT security firm Kapersky found that median cybersecurity budgets in 2022 were US$3.75 for enterprises (of US$12.5 million overall IT budget) and US$150,000 of a US$375,000 overall IT budget for small and medium-sized businesses.
“The biggest headache for IT managers is how to protect their organization in 2023 and beyond, as they focus on securing business processes from cyber intrusion, requiring increased security budgets over the next three years, by up to 14 %,” Kapersky notes.
But the projected increase is even higher, 17%, based on the 711 responses from companies in the Asia Pacific region.
However, That concern doesn’t appear to be motivating business leaders to become more proactive on cybersecurity at board level. The most recent New Zealand Institute of Directors Directors Sentiment Survey published in November, found that 54% of directors, down from 60% in 2021, report that their board regularly discusses cyber risks and are confident their organisation has the capacity to respond to a cyber attack.
The big issues facing IT managers and which are fueling increased cybersecurity spending, include: the complexity of the IT infrastructure (52% for SMB for SMB and 57% for enterprise), and a need to improve the level of specialist security expertise (44% for SMB and 46% for enterprise).
“New potential risks occurring due to increased geopolitical or economic uncertainty were highlighted as reasons for investment increases for 36 percent in SMBs and 39 percent in enterprise organizations,” Kapersky reported.
While “malware infections and phishing attacks” remain the top cyber threats, according to Kapersky’s survey, “the new data leaks were from within the organization – mainly caused by employees – are an additional headache for IT security teams transitioning certain functions to outsourced Services”.
The cost of cybersecurity incidents
Overall, 55% of corporations surveyed faced IT security policy violations from their own employees. That should put business leaders on notice that threats in the cyber realm are as likely to be down to lax compliance policies and security procedures in their organisation, as the prospect of sophisticated hackers trying to infiltrate their networks.
So-called “fileless attacks” of company-owned devices was one of the biggest IT challenges in 2022, according to Kapersky, with 56% of SMBs and 51% of enterprises reporting intrusions. Fileless attacks take advantage of the vulnerabilities present in installed software to facilitate an attack.
The Asia Pacific region came out on top when it comes to the importance placed on transparency around data management policies, with 98% of respondents saying they are “a major consideration when considering a supplier or contractor.
Companies of every size are facing skills shortages in IT security but in 2022 nearly half of the respondents brought on new staff and 62% of enterprises outsourced IT security management, partly for efficiency, but also to combat skills shortages.