Cyberattacks occur most frequently in critical infrastructures due to budget constraints!
Does your company have a budget allocated for cybersecurity measures?
Cyberattacks occur most frequently in critical infrastructures due to budget constraints!
SBYS.NET / TÜRKİYE
According to research conducted by Kaspersky, 15% of global companies have been exposed to cyberattacks due to insufficient investment in cybersecurity in the past two years. Organizations with critical infrastructures, such as energy, oil, and gas companies, were the most affected by cyber incidents due to inadequate budget allocation (25%). Considering the financial status of global companies, one in five (21%) acknowledges the lack of sufficient budget for cybersecurity measures.
Kaspersky conducted research to understand the views of cybersecurity professionals in SMEs and enterprises regarding the impact of employees on a company's cybersecurity. This research aimed to gather information about employee groups affecting cybersecurity, including both internal staff and external contractors. Additionally, the study analyzed the impact of decision-makers on budget allocation concerning cybersecurity.
The lack of an adequate budget for cybersecurity led to 15% of companies worldwide experiencing cyber incidents in the past two years. This situation varied across sectors. For instance, organizations dealing with critical infrastructures, energy, oil, and gas faced the highest number of cyber breaches (25%) due to budget constraints. However, in some industries, the occurrence of cyber incidents was below the global average of 15%. For example, while the telecommunications sector faced 13% of cyber incidents due to budget limitations, transportation, logistics, and financial services experienced 8% each.
When asked about the budget allocated for cybersecurity measures, 78% of global participants claimed to possess the necessary hardware to adapt to new threats and even overcome them. However, 21% of companies are not in a good position, stating they do not have sufficient funds to protect the company's infrastructure adequately. Additionally, some companies do not allocate any cost for cybersecurity. 3% of companies claim to lack a specific budget for cyber protection.
Does your company have a budget allocated for cybersecurity measures?
Many companies expressed their willingness to take steps to strengthen their cybersecurity in the next 1-1.5 years. One of the most popular investment areas is threat detection software (40%) and training, with 39% planning to allocate budgets for cybersecurity training programs for both security experts and general staff. Other popular measures companies plan to take shortly include endpoint protection software (36%), hiring new IT professionals (35%), and adopting SaaS cloud solutions (34%).
Ivan Vassunov, Deputy President responsible for Kaspersky Corporate Products, stated, "Today, companies must align their cybersecurity investments with their business strategies and see cybersecurity as one of their business goals. Of course, investments must justify themselves and be effective. Therefore, the information security department is also responsible for increasing the return on information security investments and defending investments in front of senior management or the board. In addition to reducing the average detection time (MTTD) and average response time (MTTR), information security is also responsible for reducing the cost of security incidents. Various modern approaches and technologies can overcome these challenges. For example, we invest in developing XDR and MDR alongside our SASE portfolio, integrating artificial intelligence, machine learning, automatic detection and response, automatic threat investigation, ready-made integrations, and much more. We provide C-level executives with special dashboards and reports containing information about how many incidents we have prevented, how quickly incidents are investigated, and the effectiveness of cybersecurity solutions deployed across the organization to ensure process transparency and prove the value of our solutions. We also highlight specific risks for customers, reveal industry-specific trends, and help them shape their cybersecurity around existing threats and justify their investments in technology."