Cybersecurity Training for Employees Most Popular IT Investment Among U.S. Companies
Cybersecurity expert explains why budget allocation to IT needs and cybersecurity are crucial.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
Cybersecurity training for employees, as well as the purchase of cybersecurity solutions and services (61% each), are the most popular IT investments among U.S. businesses this year, according to the newest research by NordLayer, a network security solution for businesses. Two-thirds of U.S. companies (67%) have in-house cybersecurity specialists to take care of that, while 24% outsource such services.
“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even nonexistent,” says Carlos Salas, a cybersecurity expert at NordLayer.
Additionally, the same research shows the most prominent types of cyberattacks in the U.S. from the last year were malware (44%), phishing (36%), and social engineering attacks (28%). As a result, financial damage varies from losses of up to 5,000 USD for 41% of companies to over 10,000 USD for 22% of surveyed companies. Numbers could be even higher because as much as 15% of companies were not able to disclose how much they lost.
Cybersecurity Solutions Used
Research reveals that American companies combine different measures to achieve security. More than 8 out of 10 companies utilize antivirus software (84%). Secure passwords (74%) and file encryption (70%) are the second-highest priority when creating security policies within organizations surveyed.
Business virtual private networks (VPNs) maintain their popularity in securing organization network connections, with over half (60%) of companies using them. Cyber insurance (46%) is a relatively new solution making its way to business cybersecurity, although its focus is on covering the consequences of an incident rather than preventing it.
Spending on cybersecurity solutions, services, and applications will remain a priority (62%) in the 2023 budget. Almost half of U.S. companies plan to allocate up to 24% of their organizational budget for IT needs in 2023. Besides cybersecurity training and the purchase of cybersecurity solutions (61% each), American companies will devote slightly less budget to hiring dedicated staff for cybersecurity questions (54%) and external cybersecurity audits (42%).
The research shows that almost half of respondents (37%) plan to allocate up to a quarter of their organizational budget for IT needs in 2023, and another 29% plan to invest up to half of their budget. Only 4% of companies said they don’t plan to invest in cybersecurity in 2023, out of which the majority are small companies.
“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,” says Salas.
NordLayer surveyed organizations of various sizes, revealing some similarities and differences between cyberattacks and company size. Speaking of similarities among all sizes, phishing (39%) is the overall most prominent, followed by malware (34%).
Small businesses are more likely to experience identity theft (12%) or data breaches (11%) than insider threats (2%) or social engineering attacks (5%). Also, small businesses experience the lowest number of cyberattacks -- 42% of respondents did not face them.
Medium enterprises tend to suffer from malware (43%), social engineering (30%), and insider threats (29%). Compared with the other two categories, medium-sized businesses were exposed most to data breaches (34%) and DDos/DoS attacks (27%).
Large companies experienced the most cyberattacks -- as much as 92%. Organizations of such size experience malware (43%) slightly more often than phishing (42%). They experience the same amount of data breaches and identity theft (27%) attacks, and ransomware is the least expected (19%).
Budgeting for Cybersecurity
The mantra “cybersecurity keeps evolving -- so do cyber threats” remains relevant today, emphasizing the need for strengthening business protection measures. Choosing comprehensive cybersecurity tools and solutions helps to achieve the flexibility needed to adapt to dynamic technological and risk change. A sufficient budget is key.
Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”