Research from Databarracks has found that over half (55 per cent) of UK businesses have seen their IT security budgets either stay the same or decrease in the last 12 months, with just a third (33 per cent) seeing an increase.
This is down on last year, when 36 per cent reported a growth in budget, and bucks a trend of continuous growth over the previous four years.
The findings were taken from Databarracks’ annual Data Health Check survey. Further cyber security figures include:
- Cyber incidents were the biggest cause of IT downtime for 12 per cent of respondents, doubling from 6 per cent in 2016
- 17 per cent of respondents named cyber attacks as a cause of data loss, up from 9 per cent in 2016
- The prevalence of ransomware has almost doubled in in the same period, affecting 28 per cent of businesses in 2019, compared to 16 per cent in 2016
Peter Groucutt, Managing Director at Databarracks, said: “In previous years, we’ve seen a steady increase in security budget growth. This time it’s different.
After strong progress in recent years, organisations must ensure they continue to invest in cyber resilience
Cyber incidents are becoming more prominent as a cause of both IT downtime and data loss, and attack types like ransomware are causing significant disruption – particularly for manufacturing and the public sector. These developments underline that now is not the time to reduce investment in cyber resilience. We are adjusting to a new reality. This is a cyber-arms race and unless we continue to match the investment and commitment of the cyber criminals with a corresponding investment of our own, we will lose the battle.
The types of safeguards businesses invested in this year stayed largely the same as the year before. Employee Awareness Training is the top action again. Less than 10 per cent of organisations increased their cyber security headcount.
Dealing with the cyber challenge can seem overwhelming. New, high-profile breaches or strains of malware are being reported continually and it can feel like swimming against the tide. Improving an overall security posture is possible, but it takes work. It demands commitment from the highest levels of the organisation and the resources to deliver – both budget and time.
We recommend greater representation at board-level with a board member responsible for cyber security to drive the culture. This year, less than half (48 per cent) of organisations we surveyed reported having a board member responsible for cyber security. We also need joined-up responses from IT Operations, Security and Business Continuity teams both in planning and incident response. Although we need specialists, cyber security is now everyone’s responsibility.”