Cybersecurity training for employees, as well as the purchase of cybersecurity solutions/services (61% each), are the most popular IT investments among US businesses this year, according to the newest research by NordLayer, a network security solution for businesses. The majority of US companies (67%) have in-house cybersecurity specialists to take care of that, while 24% outsource such services.
“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even non-existent,” says Carlos Salas, a cybersecurity expert at NordLayer.
Additionally, the same research shows that the most prominent types of cyberattacks in the US from the last year were malware (44%), phishing (36%), and social engineering attacks (28%). As a result, financial damage varies from losses of up to 5,000 US dollars for 41% of companies, and to over 10,000 in the US dollars for 22% of surveyed US companies. Numbers could be even higher because as much as 15% of companies were not able to disclose how much they lost due to cyber incidents.
What cybersecurity solutions are currently in use among US companies?
Research reveals that American companies combine different measures to achieve security. More than 8 out of 10 companies utilize antivirus software (84%). Secure passwords (74%) and file encryption (70%) are the second-highest priority when creating security policies within organizations at the moment.
Business virtual private networks (VPNs) maintain their popularity in securing organization network connections, with over half (60%) of companies using them. Cyber insurance (46%) is a relatively new solution making its way to business cybersecurity, although its focus is on covering the consequences of an incident rather than preventing it.
Almost half of US companies plan to allocate up to 24% of their organizational budget for IT needs in 2023
Spending on cybersecurity solutions, services, and applications will remain a priority (62%) in the 2023 budget. Besides cybersecurity training and the purchase of cybersecurity solutions (61% each), American companies will devote slightly less budget to hiring dedicated staff for cybersecurity questions (54%) and external cybersecurity audits (42%).
The research shows that almost half of US companies (37%) plan to allocate up to quater of their organizational budget for IT needs in 2023, and another 29% of respondents plans to invest up to half of their budget. Only 4% of companies said they don’t plan to invest in cybersecurity in 2023, out of which the majority are small companies.
“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says Salas.
What cyberattacks are experienced in small, medium, and large companies?
NordLayer surveyed organizations of various sizes, revealing some similarities and differences between cyberattacks and company size. Speaking of similarities among all sizes, phishing (39%) is the overall most prominent, followed by malware (34%).
Small businesses are more likely to experience identity theft (12%) or data breaches (11%) than insider threats (2%) or social engineering attacks (5%). Also, small businesses experience the lowest number of cyberattacks — 42% of respondents did not face them.
Medium enterprises tend to suffer from malware (43%), social engineering (30%), and insider threats (29%). Compared with the other two categories, medium-sized businesses were exposed most to data breaches (34%) and DDos/DoS attacks (27%).
Large companies experienced the most cyberattacks — as much as 92%. Organizations of such size experience malware (43%) slightly more often than phishing (42%). They experience the same amount of data breaches and identity theft (27%) attacks, while ransomware is the least expected (19%).
Companies should allocate a budget for cybersecurity
The mantra “cybersecurity keeps evolving — so do cyber threats” remains relevant today, emphasizing the need for strengthening business protection measures. Choosing comprehensive cybersecurity tools and solutions helps to achieve the flexibility needed to adapt to dynamic technological and risk change. A sufficient budget is key.
Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”
Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about cyber incident costs and allocated budgeting for IT and security in the period of 2022-2023. The samples were taken from non-governmental organizations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups regarding size: 1 – 10 employees (small), 11-200 employees (medium), 201+ employees (large).
NordLayer is an adaptive network access security solution for modern businesses. It helps organizations of all sizes to fulfill scaling and integration challenges. Moving towards an ever-evolving SSE ecosystem, NordLayer is quick and easy to implement with existing infrastructure, is hardware-free, and is designed for scaling. As a cloud-native solution with an easy-to-use interface, NordLayer offers protection to businesses of any size, complexity, or work model, including remote or hybrid workplaces.