Globally, cyber security budgets are predicted to rise and are estimated to be more than $6 trillion annually by 2021. These figures have been driven largely by:
- Recent year-on-year growth in hostile nation-state sponsored activity,
- Organised crime and cyber hacking, and
- Malicious and non-malicious employee security breaches.
The type of damage resulting from this type of development includes theft of corporate, financial and personal data, intellectual property theft, destruction of data, stolen money and embezzlement, and lost productivity.
The resulting impact to businesses include compromised of systems and data, disruption of critical business services, extensive and costly forensic investigations, shareholder pricing drops, and reputational damage.
Unsurprisingly, many businesses are hesitant to announce the breaches that they have suffered – and the resulting increases to their security budgets.
Patrick Butler, Chief Executive Officer for Loop Secure, has noticed an increased demand for cyber security spending. “The issue for organisations is determining an appropriate spending level, and where this spend should be allocated."
One thing is for sure; Cyber security is an under-spent area for many businesses and very hard to track in relation to ROI.
Part of the challenge is the lack of current data on the current average spends, with analysis pointing to businesses spending around 3% of capex budgets on cyber security, and according to SANS 2016 projections 7-9% of IT budgets, both of which are relatively low.
Benchmarking is made more difficult by a range of factors including the large portion of information security spending not accounted for.
That said, Australian businesses and government organisations are expected to spend up to $3.8 billion in cyber security in 2018, up 6.5 percent from 2017 according to a recent Gartner report. The increase will be attributed to economical and social reactions to new legislation and reactions to high profile cyber-attacks.
With cyberattacks such as WannaCry and NotPetya making headlines across the world and massive breaches from well-known names such as Equifax, the effect of these attacks increases cyber security budgets.
Gartner recommends that security testing, security outsourcing, and security monitoring will be among the fastest growing security sub-segments.
Also fuelling higher security spending will be the Australian Government’s recent implementation of the Notifiable Data Breaches Scheme and general regulatory and compliance guidelines as stipulated by governance authorities such as APRA.
Automation and outsourcing are also seen as an identifiable area of growth in security spending due to skills shortages, technical complexity and a list of growing cyber threats.
The vast cyber security landscape coupled with personnel shortages lead organisations to seek external help from security consultants, managed security service providers and outsourcing companies.
“We’re finding budgets are trending towards detection, response and cyber resilience, rather than general hardware and software security spending.This increased focus has enabled our clients to fund up to date cyber security strategies based on risk management."
"Spending has been allocated to address key gaps around endpoint detection and response, vulnerability management and security monitoring - all traditionally neglected areas.” Patrick Butler, Chief Executive Officer of Loop Secure comments.
This lack of current data on cyber security spending should not impact the budgeting process, as each organisation will require different spending based on their use of IT systems and the value of the business processes these systems support.
An effective budget is one which manages cyber risk in line with business appetite, not based on comparisons to industry averages - as most organisation are severely under funded when it comes to cyber security. Simply matching the next poorly funded company is a recipe for disaster.
To learn how to manage, prioritise and calculate the ROI on your cyber security budget, download our Whitepaper here: