Organizations are significantly increasing their cybersecurity budgets as cyber threats continue to soar, according to a recent survey conducted by Moody’s, a major credit rating agency. The survey gathered data from over 1,700 issuers and revealed that organizations are now spending an average of 70% more on information security than before.
This substantial growth in cybersecurity budgets is not limited to the average. Large issuers have witnessed even more significant increases, with some experiencing up to 100% growth in their cybersecurity spending. Moreover, cybersecurity now constitutes a larger portion of the technology budget, accounting for 8% of total technology budgets compared to the previous 5%.
The surge in cybersecurity spending is largely driven by the rise of remote work and the expansion of companies’ digital footprints. With the increase in remote work, organizations have faced additional cybersecurity challenges and risks. As a result, they have recognized the need for stronger cybersecurity measures and have allocated more resources accordingly.
However, Moody’s warned that this heightened level of spending may have already reached its peak. Economic conditions have led to budget restrictions and delayed purchasing decisions, impacting cybersecurity companies and resulting in layoffs. Despite these challenges, organizations continue to prioritize cybersecurity, recognizing it as a necessity rather than a luxury.
As the cost of cybersecurity insurance also rises, organizations are adapting to the changing landscape. Insurance premiums have grown by a median of 50% across the board between 2020 and 2022. This increase is primarily attributed to the spike in cyber incidents following the mass shift to remote work during lockdowns. Individuals working from home often have weaker cybersecurity protections, making comprehensive insurance coverage essential.
The report highlighted that some industries have experienced premium hikes of over 300% in 2021. Sectors such as education, healthcare, construction, and manufacturing faced significant increases. Despite higher costs, organizations remain committed to maintaining their cyber insurance coverage. Only 3% of issuers plan to reduce their cyber coverage in 2023, while the majority (82%) aim to maintain the same level of coverage, and 16% plan to increase it.
The rising costs of cybersecurity and insurance have put additional strain on cybersecurity budgets. This strain can discourage organizations from implementing more advanced protective measures. The survey indicates that although most organizations follow basic cybersecurity practices, such as testing and updating security systems and having an incident response plan, they often lack advanced measures.
For example, only 17% of regional and local governments conduct red or purple team attacks, compared to 75% in the structured finance sector. The report also highlighted that compensating external reports of security issues affecting the company’s products or operations is a rarely used advanced measure, with only 18% of organizations implementing it.
Moody’s acknowledged that their survey did not account for the impact of large language AI models, which gained popularity last year, in assessing cyber risks. However, the credit rating agency anticipates that AI will play a significant role in both perpetuating cybercrime and preventing it. Advanced cybercriminals and state-backed actors are expected to develop cutting-edge generative AI hacking tools, which may be shared with lower-level actors, increasing the sophistication of attacks. The report emphasizes the need for medium and small organizations to strengthen their cyber defenses to counter these emerging threats.
In conclusion, organizations are ramping up their cybersecurity budgets amid the growing threat landscape. The increase in cybersecurity spending reflects the need to protect against evolving cyber risks, particularly in the context of remote work and digital expansion. However, economic conditions and rising insurance costs may impact future spending levels. It is crucial for organizations to continuously adapt and implement advanced cybersecurity measures to stay ahead of cybercriminals leveraging AI-driven tools.
