Companies across the globe are preparing to increase their investments in information security, driven by rising financial losses from cyber incidents. This shift in budget priorities was highlighted in the recent Kaspersky IT Security Economics report, which surveyed businesses from 27 countries spanning Europe, Asia-Pacific, the Middle East, Turkey, Africa, Latin America, and North America.
The report reveals that companies are planning to raise their IT security budgets by up to 9% in the next two years. This increase comes as businesses face growing risks from cyberattacks, with large enterprises and small and medium-sized businesses (SMBs) both experiencing significant financial strains due to breaches.
For large enterprises, the median cybersecurity budget is estimated at US $5.7 million, while the overall IT budget averages US $41.8 million. Despite having larger resources, these organizations have reported an average of 12 cyber incidents this year, costing them US $6.2 million in remediation efforts. This amount is 1.1 times higher than their allocated cybersecurity budget, underscoring the financial burden of recovering from cyberattacks. Even with advanced security infrastructures, the size and complexity of large enterprises often make them more vulnerable to costly breaches. While they are typically equipped to detect threats quickly, the sheer scale of their operations means that mitigation efforts can take hours, highlighting the challenges in managing large IT environments.
SMBs, on the other hand, have experienced an average of 16 incidents this year, with a total remediation cost of US $0.3 million. This figure is 1.5 times higher than their entire IT security budget, making SMBs the most disproportionately impacted group in terms of budgetary strain. Many SMBs lack robust cybersecurity policies and procedures, leaving them susceptible to incidents caused by employee errors, misconfigurations in public cloud services, and misuse of high-level permissions.
The report attributes this increase in IT security spending to several key factors. First, the complexity and frequency of cybersecurity threats continue to escalate, compelling companies to adopt more advanced solutions to improve threat detection and automate responses. Second, governments around the world are introducing new regulations aimed at enhancing digital sovereignty, leading to additional costs for businesses as they work to comply with these rules. Finally, there is an ongoing increase in salary expectations for cybersecurity professionals, further driving up the costs of maintaining effective security measures.
As companies strive to protect themselves from an ever-evolving landscape of cyber threats, Kaspersky recommends several strategies to enhance security. One of the primary suggestions is the adoption of comprehensive solutions like the Kaspersky Next product line, which provides real-time protection, threat visibility, and advanced investigation and response capabilities suitable for businesses of any size and industry. Depending on their specific needs and available resources, companies can select the appropriate product tier and easily upgrade as their security requirements grow.
For organizations lacking qualified IT security professionals, Kaspersky also advises the use of managed security services such as Kaspersky Managed Detection and Response. This service offers expert oversight and advanced automated security measures, analyzing corporate data in real-time to shield businesses from sophisticated cyberattacks.
