{"id":31559,"date":"2019-11-27T09:33:56","date_gmt":"2019-11-27T14:33:56","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=31559"},"modified":"2021-03-19T04:20:57","modified_gmt":"2021-03-19T08:20:57","slug":"three-ways-it-security-budget","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/three-ways-it-security-budget\/31559\/","title":{"rendered":"The battle for business buy-in: Three ways to justify your IT security spend"},"content":{"rendered":"

Proving return on investment in IT security \u2013 an almost impossible task for IT professionals. Why? Because they\u2019re often found trying to balance budget limitations, while constantly fighting to stay ahead of the evolving threat landscape to protect your business. But times are changing. Companies are starting to treat IT security as an important investment, rather than simply a cost-center.<\/p>\n

That said, justifying IT cybersecurity investment is still a challenge. So, here are three reasons why it\u2019s crucial for businesses to keep their cybersecurity strategy up to date, in terms of both budget and approach.<\/p>\n

A cyberattack could cripple your business\u2026 seriously<\/h2>\n

It\u2019s no secret: businesses of all sizes and industries are prioritizing cybersecurity spend. Enterprises now spend almost a third of their IT budget<\/a> ($8.9M) on cybersecurity, and budgets are expected to rise over the next three years. Both small medium businesses (SMBs) and enterprises predict they will spend up to 15 percent more on cybersecurity until 2022.<\/p>\n

Why? Because people are realizing that cybersecurity attacks can be devastating. Ransomware WannaCry stopped the production lines of five Renault factories<\/a>, while a similar cyber-threat, exPetr, cost Maersk \u2013 the world\u2019s largest container ship and supply company \u2013 between 200 and 300 million US dollars<\/a>.<\/p>\n

Along with threatening current business operations, cyber-threats impact future-focused initiatives. For example, digital transformation and operational mobility projects require organizations to operate a growing IT infrastructure, meaning they might lose sight of what\u2019s happening to their data. Consequently, data could be compromised or even encrypted. The Zepto<\/a> ransomware, which was spread via cloud storage apps, is a prime example of this threat in action.<\/p>\n

The cost of dealing with cyberattacks is on the rise \u2013 especially when you take into account factors like hiring external consultants, acquiring new software, and dealing with PR risks and litigations, to name a few. With those costs rising and crucial business operations being put at risk, it\u2019s no surprise that senior leaders are getting involved in the cybersecurity debate. But it\u2019s not just their own infrastructure they have to think about.<\/p>\n

2. Your supplier networks are a threat, even when your business is protected<\/h2>\n

\"itBreaches can happen even if your business is protected. Sounds crazy, but it\u2019s true. Normally breaches happen through supply chain attacks or as a result of vulnerabilities in third party software.<\/p>\n

A case in point: American retailer Target<\/a>. Hackers accessed the company\u2019s network through its ventilation and air conditioning vendor, costing them $18.5m. This was followed by the Equifax breach<\/a>; the company was hacked through a vulnerability in legitimate open source software \u2013 software in which anyone can view the code. The hackers gained access to their databases, stealing 145m accounts with crucial client data like names, social security numbers, dates of birth, addresses and even credit card numbers. Equinox had to pay around $700m to settle the breach. Ouch.<\/p>\n

3. Protect your business data, wherever it is<\/h2>\n

Cloud services offer many benefits to businesses, from taking advantage of a more efficient mobile workforce, to reducing infrastructure costs and optimizing business operations. Our research shows<\/a> that 73 percent of SMBs use at least one software as a service (SaaS) hosted business application, while 45 percent of enterprises have either already raised or are planning to grow their use of hybrid cloud in the next 12 months.<\/p>\n

However, as businesses move more and more data to the cloud<\/a>, it\u2019s easy to lose track of what you\u2019re transferring, or where it\u2019s kept. Data \u2018on the go\u2019 that\u2019s stored outside of the corporate data center \u2013 for example, in third party IT infrastructure \u2013 is presenting businesses with new security issues and new costs. The most expensive incidents in 2017 to 2018 related to cloud environments and data protection issues. For example, for SMBs, two-thirds of the most expensive cybersecurity incidents are related to the cloud and third party hosted IT infrastructure failures, resulting in an average loss of $179K. That\u2019s why it\u2019s so important to consider a dedicated level of cybersecurity when moving workloads to cloud platforms<\/a>.<\/p>\n

Cybersecurity needs to be a core function of IT infrastructure<\/h2>\n

For businesses of any size, cyberattacks are a risk \u2013 many companies today deal with third party contractors, cloud infrastructure and a growing amount of sensitive customer and business data. To reach the right level of cybersecurity, it needs to be a core part of the IT infrastructure.<\/p>\n

When cybersecurity is a core function, solutions can then be put in place, meaning physical and virtual machines, containers, operating systems and cloud systems can be protected in a flexible way. This is particularly necessary when dealing with visibility on hybrid cloud infrastructure \u2013 or cloud systems where multiple parties have access.<\/p>\n

Last but not least: businesses have to realize their responsibility for data that\u2019s stored in cloud applications and platforms. A false sense of safety and relying on providers to ensure security can be extremely costly. Your data is your responsibility so invest in keeping it under lock and key.<\/p>\n

Article published in 2019, statistics correct at time of publishing. <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Trying to persuade your board to increase investment in IT security? Here are three reasons to convince them.<\/p>\n","protected":false},"author":2543,"featured_media":31563,"template":"","coauthors":[3579],"class_list":{"0":"post-31559","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-finance-and-budgets","7":"emagazine-tag-investment"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/three-ways-it-security-budget\/31559\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/three-ways-it-security-budget\/21890\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/31559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2543"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31563"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31559"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=31559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}