As enterprises plan and set budgets for the new year ahead, the vast majority are expecting to channel more money toward enhancing their cybersecurity efforts. According to the latest survey from the Neustar International Security Council (NISC), conducted in November 2021, 81% of organisations have committed to bolstering their cybersecurity budgets for 2022. Nearly one-quarter (24%) of respondents are increasing allocations between as much as 31% to 50% over this past year, while more than four in ten (41%) are raising budgets 11% to 30%.
“As the cyber threat landscape continues to evolve, organisations are clearly recognising an urgent need to scale their systems and processes to keep at least one step ahead of bad actors,” said Carlos Morales, Senior Vice President, Solutions for Neustar Security Services. “Our latest data indicates that top-level executives and board members are well aware of the business implications of security gaps, and it is edifying to see that organisations have support all the way up the leadership chain to make the necessary investments to protect themselves and their clients.”
Organisations largely have top-down buy-in when it comes to strengthening cybersecurity measures. Among survey participants, 93% report that cybersecurity planning involves the input of board members, with 63% noting that their board’s active involvement is significant. Such engagement is seen as critical, particularly as organisations seek to thwart what they perceive to be growing threats from criminals and unknown actors. Additionally, as attacks have become more numerous, complex and sophisticated, 88% of organisations anticipate the cyber skills gap will impact their 2022 security strategy. Half (50%) of survey respondents said they expect a significant impact and noted they will need new team members to execute their security strategies for 2022. Only 12% of the respondents feel that their chosen course of action will not be impacted by a cyber skills gap.
Many organisations are looking to external partners to help close this gap: 71% of respondents say they plan to increase their reliance on third-party vendors. Building up existing teams will also be a priority, with 56% planning to add new team members in the coming year.
Meanwhile, more are looking for an added safety net. Half of survey respondents say their organisation currently holds a cyber insurance policy – and 94% of them find it a worthwhile investment. Another 22% of organisations are planning to take out a policy in 2022, and 18% have the prospect under consideration.
In the November survey, 82% of responding enterprises confirmed that they had been on the receiving end of a DDoS attack at some time, only a slight increase over the previous reporting period, but a significant leap over the 59% reported pre-pandemic. DDoS attacks were considered among the greatest concerns in terms of cyber threats, with system compromise and ransomware rounding out the top three concerns in the survey period.
“Organisations largely recognise that they cannot prevent cyberattacks, but in today’s market, they do have access to a broad array of tools and services to create defence in depth,” continued Morales. “By engaging the right partners, organisations can take meaningful steps toward achieving their cybersecurity goals while taking some of the pressure off of themselves to bring in new talent in a very tight market for cybersecurity expertise.”
The recent NISC survey was completed in November 2021 to reflect activity and concerns in the most recent reporting period, September and October 2021.