The Future of Companies and Cybersecurity Spending

Posted on by RSAC Contributor

These days, major data breaches are becoming a common occurrence. From the Marriott scandal last year to the Yahoo! and Target breaches of 2013, it’s becoming more and more evident that even the largest companies are vulnerable to hackers. This makes it even more important that corporations focus on a thorough and well-funded cybersecurity plan, something that used to be thought of as a formality more than anything else.

Luckily cybersecurity budgets have been on the rise for the past several years, increasing by 141 percent from 2010 to 2018. From the cybersecurity experts at Varonis, here are some additional findings on the future of cybersecurity budgeting.

1. Changes in Cybersecurity Spending

In addition to the 141 percent increase in overall budgeting since 2010, cybersecurity spending has increased around the world and across industries. In 2019, worldwide spending on information security products and services is estimated to reach over $124 billion. In addition, companies are spending to implement recent privacy laws. 30 percent of organizations worldwide will spend on GDPR-related consulting and services in 2019.

2. Cybersecurity Priorities

The top cyber spending area worldwide is on security services, as many companies and consumers are increasingly nervous after the recent data breach scandals. Spending on security services has reached $64.2 million in 2019. Also this year, spending on infrastructure protection is at $15.3 million, and companies have spent $13.2 million on network security equipment.

Worldwide spending has increased in a number of areas in just the past two years. Budgeting for cloud security has gone up 148 percent since 2017, and general data security budgeting has increased 38 percent. Spending on other information security software is up by 25 percent between 2017 and 2019.

3. Relationship Between Executives and Security Experts

One of the greatest challenges to ensuring a healthy cybersecurity budget is making sure company decision-makers are all on the same page. The technical understanding of cybersecurity issues can make this different, as well as the different priorities of the C-suite and IT professionals. Some executives don’t believe preventative measures are as effective as security pros claim them to be.

However, the lack of internal collaboration contributes directly to data breaches in a number of ways. Studies of recent data breaches reveal that 70 percent of breaches are actually caused by people and process failures within the company. Contrast this with the fact that 60 percent of C-level executives believe that their current company solutions protect them well enough against hackers, vs only 29 percent of IT pros who believe the same.

This can be frustrating to security experts, as many companies rely on reactive thinking to combat data breaches instead of investing in advanced solutions that combat emerging threats. IT pros also feel a lack of support from executives when advocating for better security solutions.

Fortunately, many organizations have recognized this discrepancy and are working to put the two departments on the same page. In 2019 32 percent of executive board members are briefed quarterly on company cybersecurity, and 54 percent are briefed at least annually. Even more importantly, 75 percent of organizations have increased their cybersecurity investment in the past year.

4. Moving Forward and Managing a Cybersecurity Budget

Gartner predicts that global security spending will be influenced by an increased focus on building detection and response capabilities, privacy regulations, and the need to address digital business risks in 2019. Worldwide spending on security-related hardware, software, and services is forecasted to reach $133.7 billion by 2022.

In the meantime, there are several strategies companies can employ to properly manage their cybersecurity budgets. The first is to invest in solutions that fulfill your team’s specific needs. Just because a competitor does things one way, doesn’t mean you should stick to that model. Perhaps obviously, you should also prioritize the protection of your most costly and sensitive data before all else.

It’s important to identify the strengths and weaknesses in your current cybersecurity strategy, and also to measure the effectiveness of your overall cybersecurity budget. You can then move forward to allocate the correct budget for your company’s cybersecurity needs. It’s important to set aside some of the funds for continuous training and education for all employees in order to best prevent a data leak.

These types of strategies will pay off for companies in the long run. Increasing efficiency and decreasing data breach response times is key, as is ensuring that top leadership and cybersecurity experts are on the same page about strategy. A company’s overall cybersecurity posture can actually improve if everyone is aligned on budget allocations. 

RSAC Contributor

, RSA Conference

Business Perspectives

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs