Cybersecurity is the most common IT expense - but are firms spending enough?

Stock photo of young woman’s face as she contemplates one of the many computer monitors that surround her.
(Image credit: Getty Images)

It appears that businesses are finally heeding the advice of experts and taking their cybersecurity seriously, as levels of investment soar to new heights.

Research from NordLayer revealed cybersecurity is the most popular category in IT spending, with two-thirds (66%) of firms purchasing such solutions and services in 2023 so far, with 57% also spending money on cybersecurity training.

What's more, most UK companies have in-house cybersecurity specialists, and only 22% outsource these services.

Big spender?

As cyberattacks on firms continue to rise, the need to invest properly in defensive infrastructure is more imperative than ever. NordLayer's research also shows that last year, malware was the most popular form of attack overall at 43%, followed by phishing attacks (31%) and data breaches (26%). 

For just under a quarter of companies, this resulted in loses up to £5,000, and over £10,000 for 17%. Also, another quarter of those surveyed did not disclose how much they lost from such attacks, so figures could be even higher.

Antivirus software is used by 79% of British companies in the survey, and password manager and file encryption solutions are used by 63% and 66% respectively, making these three the most popular choices for upholding security posture.

Business VPNs are also quite popular, as over half of companies use them. 56% also use have cyber insurance, a new instrument designed to help with the aftermath of an attack rather than a tool to prevent one.

In comparing attack vectors across businesses of different sizes, there were some intersting findings. Small businesses are more likely to suffer from identity theft and data breaches, and overall received the lowest number of attacks.

Medium businesses were more prone to malware, social enginering and insider threats. They also received more data breaches and DDoS attacks than any other business size. 

Large companies were hit with the most cyberattacks overall, with a staggering 92% affirming so. Malware and phishing were the most prominent forms of attack they faced, followed by data breaches and identity theft. Ransomware was the least likely form of attack against them.

While cybersecurity is a popular area of spending in budgets, the actual amount of money is low relative to other IT expenses. 

“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says  Carlos Salas, a cybersecurity expert at NordLayer.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.