Even though cyber security spending is growing year-on-year with almost 9 per cent growth in 2019, IT security budgets for small and medium businesses and enterprises have gone down and are below the average spend. According to an IT report, global budgets at 45 per cent SMBs and 50 per cent of enterprises have fallen below the average spend in 2019 — which is $205k for small and medium and $8 million for enterprise businesses.
“Budget planning is a very important process for companies as proper investments ensure a company is ready to meet current cyber security challenges and threats. Though it may be a complex task which demands a good understanding of business needs towards cyber security, how to address them and how much it can cost,” said Sergey Martsynkyan, head of B2B product marketing at Kaspersky, a cyber security company which came out with the report.
For SMBs the budget issue can be even more complicated as it’s not only about money but also about the alignment of the budget planning process. It can be challenging because of demands on human resources and expertise in relevant cyber security risks and protection methods for different business services, says the report.
According to the US-based company, enterprises can reduce the financial impact of data breaches by building an internal SOC (Security Operation Center) responsible for the ongoing monitoring of security events and incident response. There are also savings for larger SMBs who adopt a SOC, with the total financial impact of a data breach for these businesses estimated at $106,000, compared to $129,000 if an SOC is not in place. Outsourced SOCs, however, do not reduce the cost of data breaches for enterprises.
Enterprises can also consider hiring a data protection officer (DPO) to mitigate the cost of data breaches. DPO’s are responsible for building and implementing data protection strategy within a company as well as managing compliance issues. Kaspersky survey highlighted that more than one-third of organisations with a DPO that suffered a data breach did not incur any financial loss, compared to only one-fifth of businesses overall.