Skip to main content

Many companies are only spending on IT to avoid penalties

(Image credit: Image Credit: Pavel Ignatov / Shutterstock)

Protecting company and customer data is not the main motivator behind the increase in cybersecurity investment, which is driven primarily by a fear of financial penalty, claims a new report from Thycotic.

Based on a poll of more than 900 CISOs and senior IT decision makers globally, the report states that almost a quarter of respondents (23 percent) believe the threat of fines is the most effective way to persuade directors to invest in cybersecurity. 

Regardless of motive, IT security budgets are rising across the board - and that’s a good sign, according to Thycotic. More than half of IT security decision makers say their companies are planning to add to security budgets in the next 12 months.

Further, more than three quarters (77 percent) have received boardroom investment for new security projects, either in response to a cybersecurity incident or prompted by the fear of audit failure.

Covid-19, despite the damage it has caused, has had a net positive impact on cybersecurity, as almost three in five of the respondents believe they’ll have an even bigger security budget next year because of the pandemic.

But it’s still not easy for CISOs and senior IT decision makers to convince directors to invest further in cybersecurity. Almost two fifths of proposed investments are turned down because the board doesn't consider the threat severe enough, and because IT couldn’t demonstrate a worthy return on investment.

A third of respondents said they don't think senior management understands the scale of cyberthreats when making security investment decisions.