The average cost of cybersecurity systems, solutions and staff is increasing. As noted by research firm Gartner, companies will spend 11% more in 2023 than they did in 2022 to effectively handle security and risk management.

This puts companies in a challenging position: If spending stays the same, IT environments are at risk. If they budget more for cybersecurity, funding for other projects may fall through.

The result? Businesses must balance rising cybersecurity costs with finite budget resources.

What’s driving increased costs?

Several factors are driving increased cybersecurity costs.

The first is evolving regulations, such as the new White House cybersecurity strategy. According to Utility Dive, the strategy focuses on industries such as energy and recommends that organizations build proactive cybersecurity that underpins interconnected hardware and software. Given that many enterprises still rely on legacy systems to support key functions, however, upgrading to proactive processes could come with a significant price tag.

And while private companies may not be subject to the same regulations, customers are increasingly concerned about data protection. According to TechRepublic, 45% say they would stop doing business with an organization after a successful cyberattack. So whether it’s to comply with government regulations or meet customer expectations, enterprises will likely pay more to build proactive cybersecurity frameworks.

Staffing also remains a key issue. Consider a 2022 survey from the World Economic Forum (WEF), which found 59% of companies had a shortage of cybersecurity skills and were worried about their ability to handle a cyberattack. When it comes to recruiting new staff, organizations face the dual cost of time and money. Given the high demand and low availability of security professionals, companies must create hiring strategies that go beyond salary to highlight the social impact and cultural benefits of coming on board.

How do companies navigate these new expenses?

There’s no way around it — prices are going up, and for companies to stay protected, they need to pay. While this isn’t something any executive wants to hear, it’s not all bad news. Here’s a look at four strategies to help manage cybersecurity spending.

Raising end-user costs

One option to balance out rising cybersecurity costs is passing on the increase to end users. By raising the costs of products and services, companies may be able to offset the price of new security solutions and break even on budgets.

This approach, however, comes with both pros and cons. On the pro side, small price increases across the board may be enough to balance out new spending. When it comes to cons, meanwhile, companies must consider the evolving impact of a looming recession. Charge too much, and budget-conscious consumers may simply take their business elsewhere, resulting in a net loss for organizations.

Covering the cost internally

It’s also possible to simply spend more on cybersecurity and cover the costs internally. While this does come with an initial cash outlay, many security solutions pay for themselves over time.

It’s worth noting, however, that these cost savings take the form of preventing incidents that could have crippled organizations. Consider that the average cost of a data breach in 2022 in the United States was $9.44 million. If more cybersecurity spending helps companies avoid an attack, the savings are substantial. The caveat? For this approach to work, C-suites must be on-board.

Prioritizing digital realignment

Businesses may also be able to minimize the impact of growing cybersecurity spending by embracing digital transformation. For example, shifting some or all of a company’s storage server management into the cloud can eliminate the need for physical data centers — and the costs that come with these physical locations, such as rent, power and on-site security.

In addition, cloud-based solutions offer the benefit of on-demand scalability. This removes the need for companies to purchase extra, unused server capacity for sudden traffic spikes or bandwidth needs. The money saved on these digital shifts can then be used to balance out cybersecurity budgets.

Shifting to managed services

Moving to a managed security services model is another way to keep cybersecurity costs under control. This is especially beneficial for smaller companies or those struggling to find skilled cybersecurity staff. By working with a trusted third-party provider, enterprises can reduce their risk of security incidents without the need to hire, train and compensate full-time staff.

In addition, managed options allow companies to choose the services they need to address specific concerns. This makes it possible for organizations to build predictable, reliable budgets that only change if services are added or removed.

Assessing the insurance impact

Half of the companies in the United States now have cyber insurance, according to Statista data. The market is also forecast to experience significant growth over the next five years.

This growth, however, is largely tied to the increasing number of cyberattacks that compel companies to make cyber insurance claims. As a result, the cost of cyber insurance is on the rise. As noted by Fortune, the average cost of cyber insurance in the United States rose 79% in the second quarter of 2022.

Insurance companies are also shifting some responsibility for successful claims onto enterprises. For example, many companies won’t issue policies until organizations demonstrate they have basic cybersecurity hygiene practices in place, such as the use of strong encryption and robust identity and access management (IAM) tools.

In other words, even buying insurance designed to protect against cybersecurity incidents requires pre-purchase spending to ensure policies and practices align with insurer expectations.

From obligation to investment

Cybersecurity is getting more expensive, and this upward trend is likely to continue as attack volumes rise, regulatory and customer expectations evolve and staffing shortages persist.

For organizations, the result is more spending to stay secure. And while it’s impossible to avoid this obligation, there’s an opportunity to see cybersecurity spending as an investment — one that reduces the risk of successful attacks, helps bolster customer trust and allows companies to streamline their IT operations.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today