Skip to main content
close search
site logo
Dive Brief

Kaspersky: IT security budgets fell in 2019

Published Dec. 19, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Photo by Josh Appel on Unsplash

Dive Brief:

  • The average IT security budget shrunk to $692,132 in 2019, falling from an average of $769,760 in 2018, according to Kaspersky's IT Security Calculator based on data from almost 3,800 respondents. The survey's business representatives were from companies with up to 4,999 employees internationally. 
  • More than half, 56%, of respondents experienced viruses and malware and 46% suffered a data breach in the last 12 months, according to a survey of almost 4,500 business representatives from Kaspersky. The cost of a single cybersecurity incident is about $308,300. 
  • Among the more than 4,500 respondents, the majority, 87%, had endpoint security, but only 2% had embedded systems security. One-fifth of respondents had security solutions for software as a service (SaaS), infrastructure as a service (IaaS) and cloud.
Samantha Schwartz, for CIO Dive, data from Kaspersky
 

Dive Insight:

CISOs have a "thankless job," with strained budgets and a 500,000-person talent gap in the U.S. 

When boards and the C-suite sink money into cybersecurity, they expect a return on investment. Before they are willing to invest, boards need to understand the value of protection and CISOs can struggle to articulate the cost of risk

"Make sure your believe you can defend your argument, and your assumptions and your calculations," according to Tom Scholtz, distinguished VP analyst at Gartner, while speaking at the Gartner IT Symposium/Xpo in Orlando, Florida in October.​ 

CISOs can justify their spending by answering basic questions: 

  • What is cybersecurity costing the business?

  • Where is the money going? 

  • Who is paying for it? 

  • What are the funding models? 

  • How does the infosec department articulate the value of the investment? 

On average, security budgets make up a 6% of overall IT budgets, but they range between 2% and 14%, according to Scholtz. The budget usually represents about 3% of every $1,000 of revenue.  

The "money grabs" of security budgets are hardware, software and personnel, said Scholtz. The "fluffy stuff" is governance, and risk and compliance management. 

These are costs companies can plan on. 

Intangible costs are unplanned expenses used to answer for those incidents. The majority of CIOs and CISOs, 94%, already have practices that compromise protection. A lack of visibility into endpoints contributes to this uncertainty.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell