According to the Ponemon Institute report, organizations spent an average of $9+ million to remediate the impact of cyberattacks.
That’s a lot of money considering 59% of organizations changed their security strategy over the last two years to meet the evolving threats of internet-enabled and digital business environments. The problems lie in where budget is allocated and what businesses are spending money on.
How Much Do Companies Spend On Cybersecurity?
The report found that organizations have an average annual IT budget of $365 million, and about 22% of IT budgets are spent on cybersecurity programs.
At first glance, 22% might seem like a solid investment in cybersecurity, especially considering IT budgets go toward a lot of other costly expenses, like technology, software, equipment, and personnel. But it’s not enough. 35% of organizations still cite insufficient budgets and resources as a barrier to achieving strong cybersecurity. And despite the seemingly hefty investment in IT, organizations are still experiencing ineffective results:
- 52% say the volume of cyber threats has increased over the last 12 months
- 54% have experienced a cyberattack in the last 12 months
- 49% have experienced a data breach caused by a third-party vendor in the last 12 months
- 50% of organizations aren’t effective in mitigating remote access risks
- Nearly half of organizations aren’t effective in detecting remote access risks, responding to a third-party cyber incident, or controlling third-party access to their network
As the saying goes, “more money, more problems,” and that seems to be the case for organizations that are spending up to millions on non-security related IT projects. It takes more than just large budgets to cut down on cybercrime, especially if remediation for those crimes isn’t included.
Big Budgets Don’t Save Organizations From Cyberattacks
When you look at all the issues that need repaired after a cyberattack, the costs add up fast — and it’s a cost IT teams might not be prepared to handle, financially or operationally. On average:
- 30% of costs incurred from a cyberattack were spent on remediation and technical support activities, including forensic investigations, incident response activities, help desk, and customer service operations.
- 23% was spent on damage or theft of IT assets and infrastructure.
- 21% of remediation costs went towards users’ idle time and lost productivity because of downtime of system delays.
- 15% was spent recovering from disruption to normal operations because of system availability problems.
- And 11% of costs went to repairing reputation loss and brand damage.
Why Businesses Need To Budget More For Cybersecurity
Organizations have seemingly substantial IT budgets, but security is still average at best. There’s a disconnect between what an organization spends on cybersecurity and what’s needed to fully secure its mission-critical systems and assets.
It’s time to see the writing on the wall. Organizations aren’t investing in the right security solutions that can reduce risk, prevent threats, and give businesses more confidence in their cybersecurity systems. This is where automation and streamlining security technology can have the biggest impact.
The investment upfront, no matter how heavy, will prove its worth when previously manual or siloed workflows are made efficient. That’s also why interoperability between systems is critical when investing in cybersecurity initiatives. Systems need to sync and collaborate if there’s any hope of creating a full line of defense against bad actors.
If you’re going to invest in security technology, it needs to be worth it. Make sure it covers all vulnerabilities, secures all access points, and integrates with existing technology to fully shore up gaps in your security program.