Risks to Critical Infrastructure due to Lack of Cybersecurity Investment

A recent Kaspersky study highlights the vulnerability of businesses to cyber threats due to insufficient cybersecurity budget allocation. The research, based on the opinions of IT security professionals in SMEs and enterprises globally, reveals that 15% of businesses have experienced cyber incidents in the last two years due to this underinvestment.

The situation varies by industry, with critical infrastructure, energy, and oil and gas organisations being the most affected, with 25% of cyber attacks attributed to budget constraints. In contrast, industries such as telecommunications, transport and logistics, and financial services show lower figures, with 13%, and 8% respectively of cyber incidents caused by budget constraints.

Adequacy of available resources

In terms of the allocation of funds for cyber security measures, 78% of global respondents say they have adequate resources to deal with new threats. However, 18% say they have insufficient funds for effective protection, while 3% have no specific budget for cybersecurity.

The most successful industry in terms of adequately allocating funds for cyber security is found to be financial services, with up to 90% of professionals reporting that their organisations are prepared to face and anticipate threats.

The study also highlights that many companies intend to strengthen their cyber security in the next 1 to 1.5 years. Among the most popular areas of investment are threat detection software (40%) and cybersecurity training, with 39% allocating budget to specialised educational programmes and 38% for general staff training.

Other planned actions include implementing endpoint protection software (36%), hiring additional IT professionals (35%) and adopting SaaS solutions (34%). These actions reflect the growing awareness of the importance of a strong cybersecurity posture in an increasingly threatened business environment.