Cost-centre or investment?

CERT-LatestNews ThreatsEconomic Uncategorized

The share of IT budgets being spent on IT security is growing, reaching almost a quarter (23 per cent) of IT budgets in large corporations; according to a new study from the IT security product company Kaspersky Lab, and B2B International. The average cost of a cybersecurity incident is growing, according to the report ‘IT Security: cost-center or strategic investment?’.

While security appears to be receiving a larger proportion of the IT budget pie, the pie itself is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2M ($25.5M) last year to £10.3M ($13.7M) in 2017. SMBs had to pay up to £106K ($140K) for incidents affecting infrastructure hosted by a third party, while enterprises lost nearly two million dollars (£1.5M) as a result of breaches affecting suppliers that they share data with, and $1.6M (£1.2M) because of IaaS-providers’ insufficient levels of protection.

As soon as a business gives another organisation access to its data or infrastructure, weaknesses in one may affect them both. This issue is becoming increasingly important as governments rush to introduce new data protection and privacy laws, requiring organisations to provide information about how they share and protect personal data.

Alessio Aceti, Head of Enterprise Business Division at Kaspersky Lab, says: “While cybersecurity incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage. This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill.”

For the report in full visit