Company cyber budgets jump 70% in four years: Moody’s
Reprints
Companies’ cyber budgets rose by 70% between 2019 and 2023, while cyber insurance premiums increased by a median of 50% across the board between 2020 and 2022 alone, according to a Moody’s Investors Service survey issued Friday.
Overall, issues devoted a median of 8% of their technology budgets to cybersecurity, up from 5% in 2019, according to the survey.
The survey of about 90 questions was sent to about 9,000 issuers globally in May, with more than 1,700 responses received through July 18.
A total of 66% of respondents said they are required to report cyber incidents if there were no breach of personally identifiable information, although Moody’s anticipates this number will rise.
According to the report, while in 2020, 22% of cyber managers reported to their company’s most senior decision maker, such as the chief executive, this doubled to 44% in 2023. In both years, these reports were made at least quarterly by about a third of the respondents.
The survey found wide variations in the adoption of more advanced cybersecurity practices. For instance, while 75% of structured finance respondents said they conducted advanced simulated attacks at least annually, only 17% of regional and local governments did so.
“Implementing these more advanced techniques requires more time, money, and personnel, so issuers with fewer resources often cannot afford to adopt them,” the report said.
A total of 56% of respondents said they had vulnerability disclosure programs, but only 18% have put in place financial awards for making these disclosures, according to the survey report.
The survey found that despite 464,000 people becoming cyber professionals between 2022 and 2032, there is a shortage of about 3.4 million people in the profession.
