Offering a "full-stack" "full-lifeycle" experience to maximise the opportunity for our customers.
Designed to keep you at the cutting edge of AI, Cyber, and IT advancements, we are voicing the unsaid and shaping the future of business technology solutions.
Latest Insights
As a Business Technology Services Partner, we explore the art of the possible.
Our Microsoft Partnership
Thank you for your interest in Acora. We'd love to hear from you! Please feel free to drop us a message via our contact form.
Follow Us
Work with us
To view this video please enable JavaScript, and consider upgrading to a web browser that
Home News room How Much Should you Spend on Cybersecurity?
Acora is a UK based, award-winning IT services and technology company with over 25 years’ experience. We provide a range of IT support and Microsoft-centric business software and cloud solutions to help mid-market organisations modernise their IT so they can compete and win in the digital economy. More than 200 clients trust us to take responsibility for part, or all of their IT from solution design to support.
Cybersecurity worries, compliance concerns, and the impact thereof is still growing quickly, with COVID-19 introducing a range of new issues. Yet, in our 2020 CIO survey, senior tech leaders reported that an average of just 9% of IT budgets is dedicated to cyber security services.
Do companies get sufficient cyber security firepower by spending just under ten percent of IT budgets spent on cybersecurity?
In this article, we outline why we think that there’s a risk that organisations may think that they are allocating a sufficient proportion of their tech budget, when in reality they are spending too little.
We also hint at the key areas for cyber security spend and outline how tech leaders can use their influence to boost cyber security in their organisation.
A lack of protection may take a very long time to reveal itself. But that can change rapidly, as a catastrophic event brings economic costs for your business. Of course, once that cost is realized, an organisation often increases future cyber security expenditure to protect itself.
David Murphy, a pre-sales engineer at Acora, says that “Anecdotally, we notice that companies that were victims of a cyber security breach spend much more on cyber security – these companies see security not as a box-ticking exercise, but as essential to business continuity, and rightly so.”
And the costs are very real. Studies vary, but the sums are simply staggering. A 2017 McAfee study suggests a £480 billion global annual loss, while RiskIQ’s 2018 numbers suggested £ 1.2 trillion per annum lost to cyber breaches. It should serve as a warning sign for companies that are underspending on cybersecurity.
Vulnerabilities and exploits are trending are upwards
It’s clear that the costs of cybercrime are high, but is the overall cyber security danger receding – or growing? Are cyber security budgets proving effective? Accenture’s 9th annual cost of cybercrime study found an 11% rise in security breaches between 2018 and 2019, and a whopping 67% rise from 2014 to 2019.
That is an obvious sign that cybercrime is accelerating, and the argument can be made that the trend will only be stopped by intelligent, effective cyber defence budgets. In the absence of further spend, the result may simply be more breaches and therefore higher costs for businesses.
Whatever your views on the sufficiency of existing budgets, spend trends are upwards. According to Gartner, spend on external cyber security services is set to grow at an annual rate of 8.4% through 2026.
A 2019 CSO Online survey likewise found 66% of respondents suggested that cyber security budgets are on the rise. Where should your organisation spend this new money?
Smarter spending delivers better results, and you should prioritise tools that drive security efficiency. We think that these are three key areas:
Automation is high on the list. Intelligent, AI-driven cyber security tools deliver greater value for money and offer superior protection too. Indeed, in some ways, automation is really the only way to stay ahead of a rapidly evolving threat landscape.
Endpoint security is an established, but growing concern and must also be a priority for security budgets. We know that 2020’s shift to remote working brought countless new endpoints into the picture. According to IDC, 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface. Neglecting endpoint security is unwise.
Of course, no matter how much you spend on cybersecurity, you will never be able to comprehensively mitigate all threats. That’s why budgeting for disaster recovery and resiliency is equally important. Tech leaders should allocate a proportion of cyber security funding towards testing, and to developing plans to respond in the worst-case scenario. Extended, clumsy recoveries can be more expensive than the attack itself.
Cybersecurity spend delivers essential firepower, but it is up to senior technology staff including CIOs to ensure optimal use of cyber security funds. It implies continuous spending reviews, and clear controls. A benchmarking process can help, whether an internal plan, or a framework such as ISO 27001.
That said, cyber security is not just about building technological walls and manning electronic checkpoints. Users are, after all, one of the weak points in cyber security defence – in part due to the unpredictable nature of human behaviour. Sophisticated social engineering can bypass highly secure systems.
So, it is essential that you allocate a budget for persistent, ongoing user education. But there is a further essential step: you must provide deep and persistent leadership. User education and culture is driven from the top.
Last, we believe that technology leaders need to use their influence to lift cyber security concerns to the top of the agenda. You must be present at the enterprise risk management table, persuading senior leadership that a security-first posture is simply not optional.
It’s impossible to suggest a definitive number, or a recommended percentage of IT spend that should go towards cybersecurity. Each organisation has a different cyber security profile – with a different threat surface, and varying compliance obligations.
But there’s little doubt that cyber security budgets are increasing in line with an ongoing increase in cyber threats. When setting budgets you must ensure that senior colleagues and board members are aware of the risks, using your influence to push for sufficient funding by outlining the clear risks of skimping on cyber security protection.
While it is up to technology leaders to take a view on threats and to spend budgets smartly it is also critical that they use their increasing influence to push for a cyber security budget that has the firepower to counter today’s threats.
2022 has been about growth, people and innovation. Company-wide, we have seen lots of staff members return back to the office which is essential for communication, personal development and collaboration. We are seeing the benefits of face-to-face internal team and…
Acora is pleased to announce it has secured a new minority investment with LDC, the private equity arm of Lloyds Banking Group. The new investment round, supported by debt funding from Ares and HSBC, will provide long-term financing for the…