Cyber budgets of UK enterprises shrank during COVID-19 pandemic: Report

Cybersecurity Image credits: Gorodenkoff/Shutterstock

The unexpected onset of the COVID-19 pandemic and the shift of workspace have led to a rapid increase in cyber-attacks across the world. According to Check Point research, the number of ransomware assaults worldwide increased by 102% in 2021.

Recently, S-RM, London-based cybersecurity, risk, and intelligence consultancy company, conducted research on the cyber budgets of UK enterprises. 

Cyber budgets of UK enterprises

According to the findings, the cyber budgets of UK enterprises actually shrank (-1%) during the pandemic. This left cyber spending stagnating at an average of around £18M (approx $24.9M) for the 2021 financial year. 

This is despite the fact that 79% reported having suffered a major cyber incident. Of this group, the majority (73%) had experienced an incident in the past three years. 

Increasing cyber budget

The report says that over half (54%) of organisations either ‘hit pause’ or decreased their cyber budgets during the pandemic. 

However, now, IT leaders expect to increase their cyber budget by an average of 7.4% in the next twelve months, taking the average budget to £19.4M. 

“But taking into account inflation, which is currently 3%, this still may not be enough to make up for lost time during the pandemic, says the report. If this trend continues, a cyber spending ‘deficit’ will emerge that makes businesses more vulnerable to cyber incidents, as attacks become more frequent and more sophisticated,” says the report. 

Lack of confidence

According to the findings, the problem is compounded by a lack of confidence among decision-makers in how they spend their cyber budgets.

Around 40% said their organisation needed a better understanding of how to prioritise areas for cyber investment. Half (50%) reported they had a cyber strategy but had not been able to fully implement it. 

“Businesses need to act now to lock in their cyber spending for next year,” said Jamie Smith, Head of Cyber Security at S-RM. “The readiness with which we saw businesses pull back their budgets during the pandemic is concerning. Next year’s cyber budgets cannot be futureproofed against all forms of disruption, but there are trends business leaders should watch closely. A major one is the rising cost of cyber insurance – premiums are going up. This is because cyberattacks are becoming more frequent. What’s more, insurers are looking to reduce the risk they take on when they provide cyber policies. As a result, insurers want companies to prove how cyber resilient they are before providing cover.” 

“UK cyber budgets shrunk at a time when the cost of cybercrime and frequency of attacks is increasing at an alarming rate. The average immediate damage of a cyber incident is in the region of £1.3M. But the secondary costs like higher insurance premiums and recovery services can more than double this.”  

“Businesses have been failing to keep pace, and if they don’t commit to strategic investment in their cyber security, they risk serious financial and reputational damage.”