While the outbreak of COVID-19 led to a shift of workspace and a rapid increase in cyber attacks across the world, the cyber budget of enterprises in UK actually came down.
A recent survey by S-RM, the cyber security, risk, and intelligence consultancy company revealed that the cyber budgets of UK enterprises actually shrank (-1%) during the pandemic. This left cyber spending stagnating at an average of around GBP18m ($24.9m) for the financial year 2021.
This is despite the fact that 79% of the participants reported having suffered a major cyber incident. Of this group, the majority (73%) had experienced an incident in the past three years.
The report said that over half (54%) of organisations either ‘hit pause’ or decreased their cyber budgets during the pandemic. However, now IT leaders expect to increase their cyber budget by an average of 7.4% in the next twelve months, taking the average budget to GBP19.4m.
“But taking into account inflation, which is currently 3%, this still may not be enough to make up for lost time during the pandemic,” the report said.
It said, “If this trend continues, a cyber spending ‘deficit’ will emerge that makes businesses more vulnerable to cyber incidents as attacks become more frequent and more sophisticated.”
According to the findings of the report the problem is compounded by a lack of confidence among decision-makers in how they spend their cyber budgets.
Around 40% of participants in the survey said their organisation needed a better understanding of how to prioritise areas for cyber investment. Half (50%) reported they had a cyber strategy but had not been able to fully implement it.
The average immediate damage of a cyber incident is in the region of GBP1.3m. But the secondary costs like higher insurance premiums and recovery services can be more than double this. M