Despite the growing threat of cyber-attack, the cybersecurity budget is low relative to overall IT spend. The survey data also suggest that budget allocation processes are largely inflexible, despite the need for agility in response to pandemic-era volatility and the prospect of future disruption.
Current funding models are simply inadequate for what is, in effect, an existential risk. It is also symptomatic of the poor understanding that many businesses have of cyber issues and their failure to implement a culture of security by design.
Budgets are out of sync with the need
In the creation of this report, EY carried out qualitative interviews with heads of cyber security and separately surveyed 1,010 senior cybersecurity professionals. The survey respondents, on average, had revenues of approximately $11b last year, while spending an average of just $5.28m, or 0.05% of the total, on cybersecurity per annum.
The picture varies from one sector to another. At one extreme, in the highly regulated financial services and technology, media and entertainment, and telecommunications (TMT) sectors, the average GISS respondent spent an average of $9.43m and $9 .62m respectively on cybersecurity last year. At the other end of the spectrum, energy companies spent just $2 .17m, on average. Click the link for the full report.