Most businesses expect to spend more on cybersecurity this year, creating demand for a wider range of cybersecurity solutions.

That’s according to a new survey by Kaspersky. The survey targeted 600 employees who are key decision makers for their company’s cybersecurity sector. Respondents were based in the United States and Canada.

According to the research, 86% of IT decision makers in North America said their organization intends to set aside budget for cybersecurity when planning for 2022. In addition, 85% said their budget would increase anywhere up to 50% in the next 12 months.

In addition, more than one in four (28%) said their company annually invests anywhere from $25,000-$50,000 per year in cyber insurance. There are three top criteria they would be willing to meet in order to obtain cyber insurance. Those are security controls (70%), compliance (52%) and education (44%).

Volume, Sophistication of Attacks Likely Driving Higher Spending

Rob Cataldo is managing director of Kaspersky North America.

Kaspersky’s Rob Cataldo

“While the reasoning behind why organizations are spending more money on cybersecurity was not specifically addressed, we suspect the primary drivers to be the growing volume and sophistication of cyberattacks, and increasing security requirements stemming from cyber insurance underwriters,” he said.

The increase in cybersecurity spending should open up opportunities for organizations to use a wider range of cybersecurity solutions, Cataldo said.

“The majority of small to medium-size businesses and even smaller enterprise accounts will benefit from turnkey solutions like managed detection and response (MDR),” he said. “Larger, more security-mature organizations will continue to need unique, world-class threat intelligence to gain deeper insight into their cybersecurity posture and where they might be most vulnerable to attacks.”

The survey also analyzed how businesses respond when reactively dealing with a cyberattack. In terms of who’s held responsible, vendors were the top choice with the internal IT team as a close second. However, should a cyberattack occur, two in five (41%) respondents said they would ask their cybersecurity vendor for more recommendations on what their organization could/should do to avoid future attacks.

Assess Before Spending

“Increased investment to fight cybercrime can only be positive if the chosen solutions are effectively preventing or mitigating attacks without significantly increasing operational complexity,” Cataldo said. “Before making such investments, organizations need to conduct an honest assessment of their own security maturity and risk management profile. Armed with this plan, companies can more appropriately decide what use cases they want to prioritize and what resources will be required in order to select the most appropriate solution for their needs.”

Armed with this research, vendors will now be more informed when approaching potential clients and can speak more relevantly to their cybersecurity priorities in the year ahead, he said.