Pandemic-hit SMEs be tempted to cut IT spending, but one global report suggests that tightening cybersecurity need not require heavy outlays.

Cybersecurity’s share of IT spending in SMEs has grown from 23% in 2019 to 26% in 2020, and from 26% to 29% for enterprises. The slight increase in importance is notable given that overall IT budgets for both SMEs and enterprises are under tight pressure in the current pandemic landscape.

In a July 2020 survey of more than 5,000 IT and cybersecurity practitioners, 71% of organizations expected their cybersecurity budget to grow further in the next three years despite overall decreased IT budgets from US$1.2m in 2019 to US$1.1m in 2020 among SMEs, and from US$74.1m to US$54.3m in large enterprises. This decrease may be due to the consequences of the global coronavirus pandemic, according to Gartner.

IT security budget as a share of overall IT budget

Notable exceptions 

One in 10 (10%) organizations did mention they were going to spend less on IT security, with the most common reason (32%) being it was a deliberate decision of top managements that did not see any point in investing so much money in cybersecurity in the future.

Among SMEs, the reason to reduce spend in this area was primarily dictated by the need to cut overall company expenses and optimize budgets (29%). These organizations were hit hardest by the lockdown: more than half of small companies globally reported a decline in sales or experienced cash flow constraints.

It is clear that those affected have needed to optimize their expenses to survive. But while this impacts cyber-protection, the survey report by cybersecurity solutions provider Kaspersky asserted that it is important for businesses to find a way to keep safe from cyber-risks in such a challenging time. Its Chief Business Officer Alexander Moiseev commented that: “Even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses, who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defenses—by turning to free security solutions available on the market and introducing security awareness programs across the organization. Those are small steps that can make a difference, especially for SMEs.”

In addition, the firm has several suggestions for businesses to maintain their cybersecurity posture even with low security investments:

  • Always be updated on current IT security risks such as phishing, web threats, banking malware and others threats that can target employees in their daily working routine.
  • Organize cybersecurity-awareness training for all employees. Use prominent visual aids that help employees remember the safety rules, such as posters or cards in the workspace.
  • Ensure timely updates of all systems, software and devices to avoid situations where malware infiltrates a corporate system through, for example, an unpatched operating system.
  • Mandate the practice of using strong passwords to access corporate services. Use multi-factor authentication for access to remote services. Make sure all corporate devices are protected with strong passwords that are changed regularly.
  • Use proven cloud services and platforms when transferring business data. Protect all shared files with passwords, or make them available to a limited circle within a working group.
  • Use a free endpoint security tool that provides protection for both PCs and servers from a wide range of threats including ransomware, crypto miners, adware, porn ware, exploits and more.

Finally, useful free tools are available for ad-hoc cybersecurity needs, such as checking suspicious files, IP addresses, domains and URLs.