Global cybersecurity spending is predicted to exceed $1.75 trillion over the next four years. But when it comes to individual companies, we often hear this question from executives: “Am I spending enough on cybersecurity?”
The answer to that question, however, is tricky. Industry benchmarks could shed light – as long as you’re within industry average, you should be fine, right?
But what is the average cybersecurity spend per industry, relative to companies’ IT budgets?
- Cybersecurity accounted for just 5.7% of total IT spending. Over five years, this figure has remained relatively stable, ranging from 2% to 11.5% of total IT budgets
- Many organisations say they intend to change their security budgets mid-cycle in response to changes in their business, risk or technology environments
- The percentage of spending varies between industries. Firms in the technology sector are leading cybersecurity spend with 9.5% of their IT budget. In contrast, government spending was the lowest of the sectors surveyed
- Organisations reported that their risk posture was improved when consolidating and simplifying their cybersecurity.
Why does this matter for businesses?
- How much budget to allocate to cybersecurity remains a critical IT investment decision
- Planning for cyber attacks is more important than ever, and being prepared is far more important than reacting. And part of being prepared is knowing how much resource to allocate to cybersecurity
- However, despite indications that spending on cybersecurity is increasing, the frequency of attacks is also increasing
- Therefore, increased spending on cybersecurity cannot substitute bad cybersecurity practices
- This means that the amount of cybersecurity spend in and of itself is insufficient. Resources will also need to be allocated to the right initiatives.