Budgets shrink as security pressure mounts

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Despite knowing they’re falling behind in the cybersecurity race, many firms are allocating smaller portions of their IT budgets to security, new research has claimed.

A report from Vanta based on a survey of 2,500 business leaders found two-thirds of UK businesses (66%) believe they should improve their security and compliance measures. What’s more, a quarter (25%) of the respondents have rated their organization’s security and compliance strategy as reactive. 

Instead, the budgets are shrinking. Vanta has found that only 9% of the average UK company’s IT budget is dedicated to security. A fifth (21%) downsized their IT staff, while two-thirds (62%) reduced their IT budgets, or are planning to do so in the coming months. Furthermore, one in every three leaders says their IT budgets are continuing to shrink. 

The compliance challenge

At the same time, less than half (42%) rated their risk visibility as strong.

But it’s not just hackers and criminals that are putting these firms under pressure. Customers, investors, and suppliers are also forcing companies to act, as more than two-thirds (67%) now require proof of security and compliance. While 37% provide internal audit reports and third party audits, and 39% complete security questionnaires, 12% said they don't or can’t provide evidence when asked. 

Achieving and remaining compliant is quite the challenge, too. The average UK leader spends more than seven hours a week on this task, with lack of staffing (33%) and lack of automation (30%) being the biggest hurdles. 

Better security improves business efficiency, builds trust, and boosts the bottom line, Vanta argues. More than two-thirds (68%) of UK leaders said a better security and compliance strategy positively impacted their businesses. Three-quarters 73% state a better security and compliance strategy would make them more efficient.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.