2020 IT spending: cybersecurity remains investment priority despite overall IT budget cuts; Kaspersky found

عربي

According to the new Kaspersky report ‘Investment adjustment: aligning IT budgets with changing security priorities’, cybersecurity remains a priority for businesses’ investment. Its share of IT spending has grown from 23% in 2019 to 26% in 2020 for SMBs, and from 26% to 29% for enterprises. 71% of organizations also expect their cybersecurity budget to grow further in the next three years. This is despite overall IT budgets decreasing in both segments amid the COVID-19 pandemic and cybersecurity cuts affecting the most economically hit SMBs.

External conditions and events can influence IT priorities for businesses. As a result of the COVID-19 lockdown, organizations have had to adjust plans to meet changing business needs – from emergency digitalization to cost optimization. Based on a survey of more than 5,000 IT and cybersecurity practitioners, the Kaspersky report observes recent IT security economics trends and how they correlate with this year’s events^[1].

The share of IT budget dedicated to IT security continues to grow year-on-year, even though the overall IT budget has fallen from $1.2m in 2019 to $1.1m in 2020 among SMBs, and from $74.1m to $54.3m for enterprises. According to Gartner, this decrease may be due to the consequences of the global coronavirus pandemic, whose experts also predicted that budgets would decrease earlier this year.

As a result, small and medium businesses allocated $275k to cybersecurity in monetary terms while enterprises invested $14m. The majority of companies expect these figures to grow in the next three years by 11% in enterprises and 12% in SMBs, on average. 17% believe it will remain at least the same as this year.

A screenshot of a cell phone

Description automatically generated

Chart 1: IT security budget as a share of overall IT budget

However, one-in-ten (10%) organizations said they are going to spend less on IT security. Interestingly, the main reason for this across enterprises is top management’s deliberate decision, who sees no point in investing so much money in cybersecurity in the future (32%).

Among SMBs, the reason to reduce spend in this area is primarily dictated by the need to cut overall company expenses and optimize budgets (29%). Small and medium organizations were hit hardest by the lockdown: more than half of small companies globally reported a decline in sales or experienced cash flow constraints. Those affected have needed to optimize their expenses to survive. But while this impacts cyber-protection, businesses need to find a way to keep safe from cyber-risks in such a challenging time.

“2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat. Even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses, who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defenses – by turning to free security solutions available on the market and introducing security awareness programs across the organization. Those are small steps that can make a difference, especially for SMBs,” commented Alexander Moiseev, Chief Business Officer at Kaspersky.

Kaspersky suggests small and medium organizations take the following advice, to maintain their cybersecurity posture even with low security investments:

Always keep your team aware of IT security risks such as phishing, web threats, banking malware, and others that can target employees in their daily working routine. There are dedicated training courses that teach security practices, such as those provided in the Kaspersky Automated Security Awareness Platform. Use formats that help employees remember the cybersecurity rules, such as posters or cards in the workspace.
Ensure timely updates of all systems, software, and devices. This will help you to avoid situations where malware infiltrates a corporate system through, for example, an unpatched operating system.
Establish the practice of using strong passwords to access corporate services. Use multi-factor authentication for access to remote services.
Make sure all corporate devices are protected with strong passwords that are changed regularly.
Use proven cloud services and platforms when transferring business data. Ensure you protect all your shared files with passwords, for example, in Google Docs, or make them available to a limited circle within a working group.
Use a free endpoint security tool, such as Kaspersky Anti-Ransomware Tool for Business, which protects both PCs and servers from a wide range of threats, including ransomware and crypto miners adware, pornware, exploits, and more.
Some useful tools could help with ad-hoc cybersecurity needs, such as checking suspicious files, IP addresses, domains, and URLs. This can be done for free on the Kaspersky Threat Intelligence Portal.

To read the full report ‘Investment adjustment: aligning IT budgets with changing security priorities’, please visit the Kaspersky IT Security Calculator web page.

^[1] The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) interviewed 5,266 respondents across 31 countries. Conducted by B2B International and commissioned by Kaspersky, fieldwork took place in July 2020.