Cyber the top priority for 2021 technology spend a positive, but C-suites and shareholders should look at how the money translates to better security and financial results

Summary

A recently released Gartner survey of 2,000 CIOs indicates a prioritization of cybersecurity over all other IT areas, including cloud and data analytics.

According to the report, “With the opening of new attack surfaces due to the shift to remote work, cybersecurity spending continues to increase. 61% of respondents are increasing investment in cyber/information security, followed closely by business intelligence and data analytics (58%) and cloud services and solutions (53%).”

Technology budgets overall are still growing, with 2% growth forecast for 2021, but this is down from 2.8% in 2020.

Report

Analysis

This is a positive development as more companies recognize the need to balance security with the pursuit of growth via digitalization. Too often companies have sacrificed cybersecurity as they instead focus their investment on initiatives that increase growth and/or that deliver cost savings—a mistake characteristic of 1-2 Star-rated companies across all sectors.

But companies and investors should be aware that more money spent doesn’t necessarily translate to better security. Despite increasingly prioritizing cyber spend, the number of breaches continues to grow—including a 7-fold increase in the most financially damaging form of attack: ransomware.

For many companies, more investment in existing security tools is not resulting in better performance. According to Mandiant Security Validation: company systems only detect 26% of total attacks and prevent 33% of them (Mandiant Security Effectiveness Report 2020). This means 66% of attacks on companies get through despite tools designed to prevent them.

  • For C-suites: There is plenty of opportunity to better optimize existing cyber spend and a need to demonstrate better security ROI. First, conduct security validation against the existing security stack to understand what’s working and what’s not and what is most important to fix before investing more money in tools or capabilities the company may already have but isn’t using properly—or may not need at all.
  • For investors: A ransomware attack can wreck financials and lead to a precipitous drop in share price. Early warning signals appear long before successful attacks become known. Ask questions of C-suites on how the increased money will be spent, how will the investment translate to better security and what proof they have of these outcomes.

    In other words, “do you, Mr. CFO or CEO, know how the increased security spend will result in lower likelihood of a ransomware attack and lower the financial downside risk due to increased digitization? If so, based on what verifiable metrics?”
Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website