With cyberattacks showing no signs of retreating as a significant issue for IT departments, companies are committed to increasing their security budgets — regardless of any impact with ROI, according to a study of 4,000 business representatives from 25 countries.
The 2016 global study, conducted by Kaspersky Lab and B2B International, reviewed the businesses’ perspectives on the cost of data breaches, the complexity of their infrastructure, and attitudes towards security threats and solutions.
The damage caused by cyberattacks is leading the growth in IT security budgets, which is projected to grow by an average of 14 percent during the next three years, based on the results of the survey.
When asked about the previous 12 months of operations, nearly 40 percent of businesses polled said they had been affected by cyberattacks that resulted in a loss of productivity. They included inappropriate use of IT by employees, which accounted for 36 percent of incidents. About 20 percent of the businesses said they had experienced targeted attacks that led to data loss or exposure.
The report also revealed:
- IT infrastructure complexity was cited as a key reason to invest in security by 48 percent of enterprises and 42 percent of small businesses.
- For small- and medium-sized businesses, the average cost of recovery from a single security event was $86,500. The average was $861,000 for enterprises.
- The security breaches that were the costliest for larger companies included zero-day vulnerabilities and targeted attacks.
- Smaller companies experienced more issues with vulnerabilities or attacks related to mobile devices.
- Hacktivist activities were a major problem with larger companies.
- Average spending on security ranged from $1,000 for very small business to more than $1 million for large enterprise companies.
“While cyberattacks are inevitable, the way businesses use available budgets and resources will be vital in the coming years in keeping the financial impact down,” the report said. “While losses will occur as a result, the key is to minimize them.”
Despite finding it difficult to demonstrate the ROI of investments in IT security to senior management, businesses of all sizes agree that they will continue to invest in improving IT security regardless of ROI, as it is better to be safe than sorry.