Cyber budgets fail to meet expectations with only 1% increase on previous year in the U.S., finds S-RM
S-RM
· In 2023, the average cyber budget for large organizations grew by 3.1% YOY globally to USD 27.10 million — but only by 1% YOY in the U.S. · The increase falls below the 5% rise anticipated by Senior IT professionals and their C-suites cited in S-RM’s Cyber Security Insights Report 2023 · Nearly a third (31%) of organizations say lack of budget is a key cybersecurity challenge S-RM, a leading global corporate intelligence and cybersecurity consultancy, today published its Cyber Security Insights Report 2023, which reveals that this year’s cyber budgets for large organizations are falling short of expectations. In 2023, globally the average cyber budget grew to USD 27.10 million, up 3.1% from USD 26.30 million in 2022. In the U.S., budgets grew only by 1%. S-RM’s research shows that senior IT professionals and their C-suites had anticipated a more substantial increase of 5%, which would have seen budgets reach USD 27.60 million. The appetite for more budget comes after a year of rising operational costs – a result of wider economic turbulence – and a growing cyber threat following rapid advancements in generative AI. Cybersecurity departments want more budget to upskill employees (42%) and recruit additional skilled personnel (41%) to accommodate this rising threat. On average, cyber budgets make up a quarter (25%) of an organization's overall IT budget, marking a 1% decrease in share from 2022. This allocation varies across sectors, with Retail being the most generous (28%) and Energy & Utilities allocating the least (18%) toward tackling cyber threats. Navigating tightened purse strings Lack of budget was cited as a key challenge by nearly one third (31%) of organizations. To navigate this, cybersecurity teams have been prioritizing spend in the most ‘value for money’ areas. For the third consecutive year, investment in cyber technology topped the list, though fewer organizations highlighted technology as delivering the value commensurate with its cost in 2023 (49%) than in 2022 (58%). This dip can be attributed to a growing awareness that alongside cybersecurity technology, organizations need to invest in governance and personnel to effectively enable and manage new tech. This is a view more prevalent among IT professionals charged with implementing cyber tech solutions, with only 43% citing technology as ‘high value for money’ compared to 56% of C-suite executives. The findings reflect a misalignment of expectations between the operators of cyber technologies and those a step removed from their day-to-day applications. Organizations are adopting several other strategies to manage cybersecurity with restricted budgets: IT and security optimization - Identifying cost reduction opportunities by making existing processes more efficient to allocate budget for more critical initiatives. Future-focused investment - Investing now in security initiatives for long-term cost savings. Outsourcing - Contracting out IT and security functions to Managed Service Security Providers (MSSPs) or virtual Chief Information Security Officers (vCISOs). Paul Caron, Head of Cybersecurity, Americas at S-RM, said: “It’s reassuring that cybersecurity budgets are still rising in these challenging times, but this level of increase is simply not enough to tackle the growing cyber threat. This year’s increase has failed to meet the expectations of cyber teams and reveals that cyber security may be taking a back seat as its share of the overall IT budget declines. “Navigating ongoing skill shortages and investing in training and development of teams comes at a cost, but cyber professionals are not receiving the budget they need to deliver on these critical initiatives. Organizations will have to continue being cautious with cyber security spend, identifying those ‘value for money’ areas that will enable them to manage emerging cyber threats with tightened purse strings.” For more information, access the full 2023 Cyber Security Insights Report on S-RM's official website here: https://www.s-rminform.com/cyber-security-insights-report-2023 ENDS Notes to Editors: Methodology: The S-RM Cyber Security Insights Report 2023 follows on from our 2022 report, where we seek to understand the specific cybersecurity challenges faced by C-suite leaders and senior IT decision makers. For the 2023 report, we interviewed 602 C-Suite and senior IT professionals on the most pressing cyber challenges, cyber security incidents, and cyber budgets over the past year. For more information, access the full 2023 Cyber Security Insights Report on S-RM's official website here: https://www.s-rminform.com/cyber-security-insights-report-2023 About S-RM S-RM is a global corporate intelligence and cybersecurity consultancy with expertise in insurance, cybersecurity, and cyber response. Headquartered in London, S-RM works across 9 international offices and advises companies ranging from blue-chip corporates to large financial institutions, and beyond. To find out more about S-RM, visit https://www.s-rminform.com/ Contact Details Meir Kahtan +1 917-864-0800 mkahtan@rcn.com
November 20, 2023 02:00 PM Eastern Standard Time