Its share of IT spending has grown from 23% in 2019 to 26% in 2020 for SMBs, and from 26% to 29% for enterprises. 71% of organizations also expect their cybersecurity budget to grow further in the next three years. This is despite overall IT budgets decreasing in both segments amid the COVID-19 pandemic, and cybersecurity cuts affecting the mosteconomically hitSMBs.
External conditions and events can influence IT priorities for businesses. As a result of the COVID-19 lockdown, organizations have had to adjust plans to meet changing business needs – from emergency digitalization to cost optimization. The Kaspersky report, based on a survey of more than 5,000 IT and cybersecurity practitioners, observes recent IT security economics trends and how they correlate with this year’s events.
The share of IT budget dedicated to IT security continues to grow year-on-year, even though the overall IT budget has fallen from $1.2m in 2019 to $1.1m in 2020 among SMBs, and from $74.1m to $54.3m for enterprises. This decrease may be due to the consequences of the global coronavirus pandemic, according to Gartner, whose experts also predicted that budgets would decrease earlier this year.
As a result, in monetary terms, small and medium businesses allocated $275k to cybersecurity while enterprises invested $14m. The majority of companies are expecting these figures to grow in the next three years by 11% in enterprises and 12% in SMBs, on average. 17% believe it will remain at least the same as this year.
Chart 1: IT security budget as a share of overall IT budget
However, one-in-ten (10%) organizations said they are going to spend less on IT security. Interestingly, the main reason for this across enterprises is the deliberate decision of top management, who sees no point in investing so much money in cybersecurity in the future (32%).
Among SMBs, the reason to reduce spend in this area is primarily dictated by the need to cut overall company expenses and optimize budgets (29%). Small and medium organizations were hit hardest by the lockdown: more than half of small companies globally reported a decline in sales or experienced cash flow constraints. It is clear that those affected have needed to optimize their expenses to survive. But while this impacts cyber-protection, it’s important for businesses to find a way to keep safe from cyber-risks in such a challenging time.
“2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat. Even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses, who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defenses – by turning to free security solutions available on the market and introducing security awareness programs across the organization. Those are small steps that can make a difference, especially for SMBs,” commented Alexander Moiseev, Chief Business Officer at Kaspersky.
Kaspersky suggests small and medium organizations take the following advice, to maintain their cybersecurity posture even with low security investments:
To read the full report ‘Investment adjustment: aligning IT budgets with changing security priorities’, please visit the Kaspersky IT Security Calculator web page.
 The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) interviewed 5,266 respondents across 31 countries. Conducted by B2B International and commissioned by Kaspersky, fieldwork took place in July 2020.