Cybersecurity economics

Our colleagues researched economic aspects of cybersecurity and reported on the dominant trends.

This is hardly the first year full of cybersecurity impact and focus, but 2020 has been a big one. Companies have had to develop and implement new practices, new technologies, and new approaches — and fast. One focus of this year’s Kaspersky Global Corporate IT Security Risks Survey is how cybersecurity has influenced budgets and risk assessments.

For the survey, they interviewed 5,266 respondents across 31 countries about the state of IT security in their companies, the threats they face, and the post-attack costs they incurred.

Regrettably, large enterprise-level companies had cut cybersecurity spending from an average of $18.9 million last year to $14 million in 2020. In the face of COVID-19-related costs and losses, which were largely unforeseen, such cuts are unsurprising, even though IT budget spending on security has grown proportionally. The SMB picture is different: Security budgets there increased slightly (from $267,000 in 2019 to $275,000 in 2020).

All the same, 71% of companies plan to increase their investments in security over the next three years. What’s more, regardless of company size, respondents cited the increased complexity of IT infrastructure and the need to increase employee expertise as the main reasons for the increase. Some (17%) hope to keep cybersecurity outlays at the same level, and only the remaining 12% are considering further budget cuts as part of an overall optimization or in the belief that past investments have already helped solve the key issues.

We plan to publish the research results as a series of reports. Part one, which contains some of the most interesting findings, is available on the website of our IT Security Calculator, a tool for working out an optimal cybersecurity budget based on a company’s size, region, and industry. Along with statistics and analytics, this section of the report contains tips from our experts, analysis of the most common cyberincidents, and estimations of the average cost of incidents involving corporate data loss for companies of different sizes.