New data from the 2022 Cyber Security Insights Report from leading global intelligence and cyber security consultancy S-RM has found that cyber security budgets are set to increase an average of only 11% over the next 24-36 months. With high levels of inflation, this means UK organisations will effectively be facing cuts to their cyber budgets to 2025, with 13% of those surveyed across the UK expecting budgets to decrease over the next 24-36 months.
S-RM’s report also shows that, on average, cyber security spending represents over a quarter (26%) of organisations’ annual IT budgets in 2022. The research also marks a 5% year-on-year average growth in cyber security budget, when compared to survey responses in 2021.
Heyrick Bond-Gunning, CEO of S-RM, comments:
“We’ve seen a lot of market disruption over the past year, but one thing that hasn’t changed is the importance of investing in cyber security to not only protect your business, but also to foster future growth.
“However, our findings show that, after inflation is taken into account, budgets are set to barely increase in the coming years, and that is a point of worry as cyber threats increase, insurance coverage shrinks and compliance considerations continue to evolve. Decision makers need to be proactive in defending against cyberattacks, or they could find themselves racing to mitigate damage and cost in the future.”
Factors driving spend
Some of the key reasons for budgetary increases included:
- Maintaining security against evolving threats (40%),
- Responding to changes in regulations and compliance (38%)
- Increased focus on cyber security at board level (38%)
The research also found that smaller companies are more likely to allocate between 40-60% of their IT budgets to cyber security. 20% of companies with an annual revenue of between $500m and $1bn currently allocate this proportion of their IT budget to cyber security. This compared to just 10% among companies with $1bn-$5bn in annual revenue.
Jamie Smith, Board Director and Head of Cyber security at S-RM added:
“Cyber security is an issue that exists beyond just board level, and resources must be allocated throughout a business to best defend against malicious intent from threat actors. Cyber security departments cannot achieve the results they need to if budgets don’t afford them the necessary resources. The fact that smaller, agile businesses are dedicating more resource to this area should be a clear sign for larger companies not to let investment get tied up in bureaucracy.”
The average percentage of organisations’ IT budgets allocated to cyber security across the UK (25%) and the US (26%) are fairly consistent. However, the average predicted increase to cyber security budgets over the next 2-3 years differ slightly across markets surveyed, with the UK reporting an anticipated increase of 8%, and 14% across the US.
A higher proportion of UK decision makers anticipated that cyber security budgets may increase in the future due to the need to respond to changes in regulations and compliance (42% in the UK vs 35% in the US). In comparison, a higher proportion of US decision makers felt that cyber budgets might rise due to their organisation increasing its focus on resilience (43% in the US compared to 29% in the UK).
Further detail on the full report can be accessed on the S-RM website, here: https://www.s-rminform.com/cyber-security-insights-report