Most organizations plan to increase their cybersecurity budgets in 2020

With the perpetually shifting threat landscape, most organizations (over 90%) believe that the cyber threat landscape will stay the same or worsen in 2020, according to FireEye.

FireEye surveyed over 800 CISOs and other senior executives across North America, Europe, and Asia to uncover attitudes towards some of cybersecurity’s most prevalent topics.

The majority (51%) of organizations do not believe they are ready for or would respond well to a cyber attack or breach event. Moreover, 29% of organizations with cyber attack and breach response plans in place have not tested or updated them in the last 12 or more months.

Cybersecurity budgets to increase

To address concerns regarding the potential loss of sensitive data, customer impact, and business operation disruptions, the vast majority (76%) of organizations plan to increase their cybersecurity budget in 2020:

• Organizations most commonly expressed plans to bump cybersecurity spending by 1-9% over 2019 allocations
• The greatest number of U.S. participants indicated budgetary increase plans of 10% or more (39%), followed by the UK (30%) and South Korea (22%)
• However, 25% of organizations in Japan and 24% in South Korea indicated plans to keep their security spend the same year over year

Participating organizations were remarkably consistent in their views and perspectives of cybersecurity. The following sheds light on some of the more differentiated global viewpoints.

Japan organizations to prioritize detection capabilities in 2020

Globally, organizations allocated their cybersecurity budgets into four main categories with the largest allocations going to the areas of prevention (42%) and detection (28%), followed by containment and remediation.

However, Japan was the only country to break away from this order, expressing a greater emphasis on detection (40%) and then prevention (35%).

U.S. organizations take the lead in transitioning to the cloud

Over 44% of global respondents expressed having transitioned some of their environment to the cloud, and that they were monitoring cautiously. Additionally, 35% had transitioned some of their environment with plans to continue, and 17% had completed a full cloud deployment.

U.S. organizations reported being furthest along in adopting a cloud-first approach with 37% having finished a complete cloud migration.

Germany and Japan concerned about cloud security

Of the responding participants globally, 45% felt that the cloud was about as secure as on-premise, and a further 33% believed that the cloud was more secure.

However, in both Germany and Japan, 24% of responding organizations perceived the cloud as being less secure – highlighting a disparity from the global average (18%).

France believes employee training is a top protection measure

Globally, participants consistently identified the same solutions as having the most positive impact on their organization’s ability to prevent a cyber attack. Vulnerability management and security software took the lead (slightly above 16%). Employee training was the third (14%) followed by response plans and security hardware (both slightly above 12%).

When it came to cybersecurity investment areas with the greatest potential positive impact to an organization’s ability to prevent a cyber attack or breach, France participants were the only ones to identify employee training as their top priority, if they did not have constraints.

Further, research revealed that 1% of organizations surveyed in France do not have an employee cybersecurity training program in place, compared to the global average of slightly above 11%.

In contrast, 25% of organizations in Germany and 23% in Canada report not having employee cybersecurity training in place. These numbers are especially concerning considering that a cyber attack can often result from just one employee clicking on a single hyperlink.