Business/Enterprise spending on Cybersecurity

Organizations have continued to invest in Cybersecurity, aside from the budget or the actual amounts, the focus needs to be on whether the funds were properly allocated for a particular year. The security investment made in 2019 or 2020 may look much different from what businesses have planned and budgeted for in 2021. Organizations of all sizes will either maintain or increase their security budgets for 2021.

Business verticals, industries, and sectors are concerned about cybersecurity breaches, but compliance and risk management and other mandates are additional areas where focus, priority, and budget are increasing.

With the start of the pandemic in 2020, many organizations have to rethink their cybersecurity and technology investment priorities. With some projects and innovation being pushed out for months for even years. Organizations have a finite pool of resources, whether that’s people, software, cloud, cybersecurity, the pandemic forced many organizations to prioritize operationally and support to enable, continue or start remote work, and all to keep our customer deliverables, to protect and retain our company brand and overall reputation. Cybersecurity spending for some may have taken a backseat even if only temporarily.

Cybersecurity attack strategies and vectors continue to evolve, threat actors have access to the same cloud technologies that many businesses have or will leverage which allows them to also evolve and expand their capability. Even with the increased cybersecurity budgets, some organizations continue to use the same tools, techniques, and software to defend their systems and data. There have been so many recent advancements with AI/ML, the security solutions that leverage this technology help position a business to keep pace with today’s threats.

Technology leaders with a business background who head Cybersecurity and or IT understand these are both cost centers and not revenue generators for companies. The goal for some organizations is to effectively manage risk, to satisfy all security compliance and mandates, but to be thoughtful and prescriptive about what and where they spend those security budget dollars. As I have said in other articles, our IT and Cybersecurity budgets are not infinite, it’s critical to allocate budget thoughtfully and on the roadmap work which protects and moves the organization forward. If not managed well, the budget, especially the cybersecurity budget could be easily overrun on objectives and initiatives which don’t reduce exposure or risk when compared to others which as I mentioned could have had a much greater impact.

Organizations, both large and small typically think about cybersecurity as software, tools, services, etc. Don’t forget the human elements, such as security awareness training and continuing education for employees. Even with all the latest security and technology in place, there will exist very low-tech entry points opportunity threat actors will take advantage of.

Do you agree or disagree, I would love to hear your thoughts on this!