em360tech image

A recent study has found that over half of organisations do not have a sufficient budget to meet current cybersecurity needs, leaving them critically exposed to cybercriminal activity. 

The study, published by the Neustar International Security Council (NISC), surveyed over 300 IT and security leaders across the US, Europe and Africa. It found that only 49 per cent of organisations have an adequate budget to protect themselves in the event of a cyber attack. 

Over a third of respondents also said that their organisation’s cybersecurity budget would remain the same or decrease further in 2023, and almost half believe their business will be more exposed as a result. 

While many respondents believed that C-suite and board-level decision-makers understood rising security threats, 69 per cent added that current budget constraints were limiting the use of new strategies, technologies, and implementation practices. 

Security teams have previously called for more involvement from CEOs and Board Members with cybersecurity procedures, citing that the lack of high-level engagement prevents organisations from constructing organised strategies to build a defence against attacks. 

“IT and security teams have faced a lot of pressure in recent years as they’ve been tasked with spearheading major new digital initiatives – often in the face of persistent staffing shortages – while defending a growing attack surface from larger, more sophisticated attacks in an increasingly complex threat landscape,”  Carlos Morales, senior vice president of solutions at NISC explained. 

Decreased budget, increased risk of attack

When participants were asked to identify the most significant risk for their security posture, “increased sophistication of attacks” emerged as the top concern (60 per cent), followed by “increased activity of attackers” (54 per cent), “budget constraints” and “larger attack surface from an increasingly borderless business operation” (both 35 per cent).

The study found many organisations will find themselves unable to protect themselves against the increasing prevalence and sophistication of the cyber threat landscape as budgets plummet amid heightened macroeconomic pressures.

But experts have long warned that business leaders must allocate enough resources to cybersecurity measures to prevent attacks despite economic challenges. 

“With mounting budget pressures, IT and security teams are once again being asked to do more with less, which will likely accelerate the adoption of service-based offerings that allow enterprises to flexibly scale up resources based on demand,” Carlos Morales, senior vice president of solutions at Neustar Security Services explained.

The cost of cyber-attacks reached an all-time high in 2022, with a single data breach costing an organisation $4.35 million according to a study by IBM.

“You can’t protect what you can’t see”, Jon Clay, VP of Threat Intelligence at Trend Micro explains in response to rising threat of cyber attacks. 

“To avoid attacks spiralling out of control, companies “need to combine asset discovery and monitoring with threat detection and response on a single platform, Clay added. 

DDoS attacks take hold

Above all other attacks, respondents said that Distributed-Denial-of-Service (DDoS) attacks were their security teams’ main concern for 2023, with just over half stating that they were specifically increasing their ability to respond to the threat of DDoS this year. 

These findings align with the rapid increase in DDoS attacks over the past few years. In the third quarter of 2022, the number of attacks increased by 90 per cent worldwide compared to 2021, and almost all respondents cited falling victim to attacks themselves. 

To read more about DDoS attacks, visit our dedicated Business Continuity Page. 

Despite the rapid rise of DDoS attacks, the survey revealed that cybersecurity teams are unable to implement measures to defend themselves against the risk, with many looking elsewhere for external defence tools.

Over half of the respondents said their enterprises outsource their DDoS mitigation, and most teams (60 per cent) take between 60 seconds and 5 minutes to initiate mitigation.

The pandemic’s long-lasting effect on business continuity

As well as the rising threat of DDoS attacks, respondents of the survey also cited remote and hybrid working as one of the biggest challenges for their organisation’s security team. 

85 per cent of respondents said that hybrid working has increased their organisation’s reliance on third-party providers for outsourcing staff and resources, and more than three-quarters of these professionals believe this puts them at increased risk of attack. 

When companies become reliant on third-party software, they put themselves at risk by continuously needing to access and communicate data beyond the periphery of security firewalls. 

This increases the chance of interception from threat actors and human error from external teams. Findings show that almost a quarter of security breaches derive from human error or ignorance.