UK businesses face tightening cybersecurity budgets as incidents spike

UK businesses have suffered a 25% increase in cyber incidents in the last year with budgetary constraints hamstringing cyber strategies. That's according to the Security's Lament: The state of cybersecurity in the UK 2023 report from iomart and Oxford Economics, which surveyed 500 UK executives responsible for their organisation's cyber strategy. The report found that, despite spending more than GBP40,000 a year on cybersecurity protection, more than a quarter (27%) of organisations think their cybersecurity budget is inadequate to fully protect them from growing threats.

Last week, a study by IANS Research discovered that many CISOs have seen approved 2023 budgets slashed as part of overall budget tightening. The study surveyed 550 CISO respondents within the period of April to August, revealing a general downtick in the allocation of funds for cybersecurity across sectors with a 65% fall in budget growth in the 2022-2023 budget cycle.

Tight budgets a top barrier in meeting cybersecurity goals

In the iomart/Oxford Economics report, phishing (56%) and malware (55%) were cited as the threats of greatest concern to executives, with less than half confident in their organisation's ability to in handle them. Fewer still (25%) have confidence their ability to deal with ransomware.

To respond, organisations have spent an average of GBP40,190 on vulnerability assessments, penetration testing, or red team engagements to improve their cyber postures. However, many are aware that this isn't enough, with tight budgets cited as not only a barrier in meeting cybersecurity goals but also a cause of blind spots in businesses' cyber strategies, according to the report. Meanwhile, rising cyber insurance premiums only stress budgets further, with 70% of businesses noting an increase over the last two years, the report found.

Knowing where to invest budgets has proven difficult too, with the research indicating that almost 40% of executives have trouble sorting through the "noise" created by the sea of technology offerings and security players in the market to find the best fit for their organisations needs and budgets. What's more, while almost all respondents have invested in new security products, only half think their investments have been effective.

Contrasting security budget data paints conflicting picture

In contrast to the iomart/Oxford Economics research, a report published last month by Team8 found that most organizations are increasing their cybersecurity budgets with CISOs planning to widen spending on identity and access management (IAM) and cloud security services. Team8's 2023 CISO Village Survey, which quizzed 130 global CISOs on a variety of security issues indicated that, along with expected increases in IAM and cloud security spending, CISOs are looking for improved third-party risk management, AI security, and human error/insider risk reduction solutions.

Separate research published in June also suggested that security budgets are increasing but missing the mark with knee-jerk reactions and impractical expectations hampering the ability of CISOs to make business-critical security investments. The research came from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders, indicating that misguided expectations of budget holders regarding security spend are causing problems for CISOs despite notable budget hikes.