Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cyber Security Budget Trends in 2022
However, how you allocate your budget for this increase in spend will determine whether you get the most from your money and are able to best protect your organisation.
New types of threats demand a proportionate response. With organisations struggling to accommodate cloud architectures and new work methods, the need to budget wisely to address potential vulnerabilities is taking on greater urgency.
According to Gartner’s data on industry metrics, the average company’s breakdown of a cyber security budget is:
This gives a valuable benchmark, but each organisation must carry out its own assessment of how its cyber security budget should be allocated — and there may be an advantage in moving spend around to address your new risk profile and to take into account up-and-coming threats.
We believe it is more important to consider some of the major trends emerging in cyber security and targeting those areas for investment rather than looking at blanket spending increases. Here we’re going to look at some trends in cyber security and their impact on budget planning.
Additional reading: If you want to read more about the future of cyber security, take a look at our eBook — Planning For The Future Of Cyber Security Today
The way organisations approach spending on cyber security is changing for a number of reasons, as we’ll come to shortly. But spending continues to vary between application and industry – on average, energy companies are investing less than 0.2% of revenue in cyber security, while the corporate banking industry comes in at 0.6%.3 4
Overall, global spending on security awareness training and phishing simulation programs is predicted to reach $10 billion by 2027 and, as the table below indicates, this level of increase is mirrored throughout cyber security applications.
Despite this, in a recent survey, 60% of respondents suggested that cyber security spending is still underfunded.5 With this in mind, let’s take a moment to briefly consider a couple of reasons why attitudes towards cyber spending have changed in recent times.
If cyber attacks increase, it’s natural that organisations who find themselves targeted will want to adapt their approach to cyber security to protect themselves. One study found that 28% of organisations that suffered cyber attacks in 2020 were targeted on more than five occasions throughout the year.6 The same study found that the average organisation surveyed now devotes more than a fifth (21%) of its IT budget to cyber security, a jump of 63%. This is a clear indication that as attacks increase, organisations are also increasing their spending on security.
While the direct cost of a data breach can have severe consequences for an organisation, the long-term implications that come with the reputational damage caused by a breach are also having an impact on cyber security spending. The average cost to an organisation’s stock market value is estimated at almost $4 million per breach, with regulators in the UK also increasing maximum fines to 4% of turnover.7 The result is a need for more proactive cyber security investment that minimises risks, rather than simply reacting to a breach after it has occurred.
To help contextualise the major changes that are impacting cyber budgets, we now want to look at this from a trends perspective and illustrate how these major cyber trends are driving budget changes.
Remote working is not a new thing. But since 2015, it has increased by 140%, ten times more than all other work activities. This dramatic increase has been more pronounced of late, and it is clear we will not go back to everyone being in the office — huddled behind the firewall.
What’s behind this trend?
As a result of the COVID-19 pandemic, people are now working from home in large numbers. As people generate, access, and share more data remotely through cloud apps, the number of security blind spots increases.
Identifying critical attack areas and anticipating possible attack scenarios helps avoid such blind spots. It is essential to have a flexible and responsive security system that can cope with remote working demands.
What impact does it have on budgets?
With most organisations establishing remote working, a highly effective security system is not just an option but a must-have.
We see a trend away from basic endpoint security to a more complete Managed Detection and Response (MDR) approach. What is MDR? MDR is a managed cyber security service that provides intrusion detection of malware and malicious activity and assists in rapid incident response and remediation.
MDR has a positive impact on budgets as it combines a technology solution with outsourced security analysts to extend your capabilities to include:
More and more organisations are migrating to the cloud. In doing so, they are also exposing their organisation to new security threats. Attacks like phishing, malware, and data breaches are on the increase. It is becoming much harder to maintain the flexibility and value of cloud services while keeping cybercriminals at bay.
Many cloud services lack the basics, such as secure encryption, authentication, and audit logging. Poor configuration of cloud security can also lead to criminals bypassing internal policies meant to protect sensitive information. To address this, security in the cloud is moving to predictive security. It can identify threats before attackers can start their attack. It can also pinpoint attacks that pass through other endpoint security.
What impact will this have on budgets?
More organisations will be implementing predictive security, with the market gaining a 261% ROI for over three years.8 Some sectors are also leveraging multi-factor authentication to reinforce security.
Budgets will have to be changed to reflect these new cloud applications and new security contexts — one good suggestion from Gartner is to ensure you include a security line in any new cloud service organisation case.
Manual threat hunting is expensive and time-consuming, and there aren’t always people on hand to do it. AI systems are being trained on big data sets collected over decades — so they can analyse terabytes of data per day at a scale unimaginable previously.
The competition for talent in cyber security is fierce. It is almost impossible to hire people with the appropriate cyber security skills. Faced with this skills gap, CIOs and CISOs are beginning to augment their security with AI and ML (machine learning).
Machines are more cost-effective than individuals in handling regular tasks and coping with enormous volumes of data. As the demand for security experts rises, the people cost will also inevitably increase.
The perfect solution for CISOs is an AI system resembling a human expert’s investigative and reporting techniques, so cyber threats are identified and remediated before any damage is done.
However, it is worth noting that AI models are based on massive datasets, and some companies don’t have the resources to obtain them. Time and money are also required to invest in AI computing resources and should be factored into budgets.
The definition of the word hack emerged from MIT in 1955. The first known mention of computer or phone hacking arose in 1963. Over the past 50 years, attack surfaces have evolved from phone systems to the vastness of the internet.
Cyber threats have now expanded from targeting computers, networks, and phones to aiming at people, transport, utilities, government and financial systems.
When it’s commonly used, it’s widely abused. For example, email continues to be the most common attack vector, with almost 5% of organisations’ emails containing a malicious element.
What impact will it have on budgets?
As cyber threats become more aggressive, organisations will need to keep ahead by identifying new threats and strengthening their security measures. This is not just a technology issue. Cyber security awareness will be essential to prevent costly identity theft and data breaches.
While the increased emphasis placed on countering new threats will generate a rise in spending, security teams will inevitably have to do more with less. The way forward is to employ a targeted risk approach and lean heavily on security service providers’ expertise and experience.
Suggested reading: If you want to learn more about continually evolving cyber security threats and concerns, check out our blog — The Threat Landscape Never Sits Still: Four new risks organisations face in 2021
According to Brian Reed, Senior Director Analyst at Gartner, “We can spend too much time over analysing choices we make about security, striving for a notion of perfect protection that just simply does not exist.”9
The value of an organisation’s cyber security posture today depends essentially on how well it guards its data, the strength of its security, and its level of resilience. To deliver this value, you now need to consider structural and architectural changes to how you approach your security budget. There will be a need to focus on competencies, not just tools, tactical knowledge, and cyber security skill sets.
Partnering with an experienced, credible cyber security provider will allow you to establish your risk appetite and get the best value from your cyber security approach.
Six Degrees provides a complete security solution including compliance, governance, testing and offensive and defensive managed security services. We enable clients to implement cost-effective and robust security measures across all levels.
Some of the areas we can have a direct budget impact on include:
Security spending is, in the end, an exercise in risk management. Organisations need to ask themselves: are we addressing low risks at a higher cost than necessary, or are we addressing high risks at the lowest possible cost? Are we making the best use of our available budget?
We believe partnering with a managed service provider like Six Degrees is the most effective way to deliver the best approach to your cyber security budget and to deliver the best possible outcome to your organisation.
In 2020, the world witnessed a dramatic shift…
Many of us have adapted to new ways…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
