How the Pandemic is Changing Businesses’ Cybersecurity Budgets

As companies sent millions of employees to work from home, and, more recently, kids went back to school remotely via video meetings with teachers, organisations’ attack surfaces expanded exponentially. Meanwhile, attackers had a heyday with COVID-19 related attacks. All of this means a ton of overtime work for security professionals.

According to a Microsoft survey, a majority of business leaders reported budget increases for cybersecurity (58%) and compliance (65%) as their organisations adapted to the business implications of the pandemic. Additionally, 82% said they plan to add security staff.

At the same time, however, 81% reported feeling pressure to lower overall security costs. Business leaders from companies with primarily on-premises IT environments are especially likely to feel budget pressure — about one-third of these said they feel “very pressured” to cut costs.

To reduce expenses in the short term, survey respondents say they are prioritising integrated threat protection to reduce the risk — and expenses — of breaches. Longer term, 39% said they plan to invest in cloud security, including cloud access security brokers (CASBs), cloud workload protection platforms, and cloud security posture management tools.

Microsoft recently concluded a survey of nearly 800 business leaders of companies of more than 500 employees in India (IN), Germany (DE), the United Kingdom (UK) and the United States (US) to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber-security long-term.


Improving Productivity & Mitigating Threats

The No. 1 challenge reported by these security leaders was “providing secure remote access to resources, apps, and data.” Pre-pandemic, most businesses relied on company-managed devices and physical access to buildings to secure their corporate resources. But this perimeter-defined approach to security didn’t work with the newly remote workforce that needed to access cloud-based applications and services.

Because of this, Microsoft asked companies to identify the top security investment made during the pandemic, and multi-factor authentication (20%) topped the list. Endpoint device protections (17%) was next, followed by anti-phishing tools (16%), VPN (14%), and end-use security education (12%).

The pandemic also proved that integrated security across hybrid environments is a business imperative, and so is a comprehensive cyber resilience strategy. More than half of cloud-forward and hybrid companies reported having cyber-resilience plans for a range of risk scenarios, compared to 40% of companies with primarily on-premises infrastructure. And of these on-premises businesses, 19% said they do not expect to maintain a documented cyber-resilience plan.

An image of prevalence of successful phishing attacks

Security Impacting Budgets and Staffing

The role of security in remote work is having a direct impact on security budgets and staffing in 2020 as businesses scale existing solutions, enabling critical new capabilities like MFA, and implement a Zero Trust strategy. Business leaders from organisations with resources mostly on-premises are especially likely to feel budget pressure, with roughly 1/3rd feeling ‘very pressured.’

To rein in expenses in the short-term, leaders say they are working to improve integrated threat protection to reduce the risk of costly breaches and acquire security solutions with self-help options for users to drive efficiency. In the longer-term, nearly 40% of businesses say they are prioritising investments in Cloud Security (Cloud Access Security Broker, Cloud Workload Protection Platform, Cloud Security Posture Management), followed by Data & Information Security (28%) and anti-phishing tools (26%).

A graph of cybersecurity budget changes in response to the pandemic.

Human security expertise is at a premium with more than 80% of companies adding security professionals in response to COVID-19.

A graph of changes to cybersecurity staffing due to pandemic.

To learn more about cybersecurity, click the green button below to contact us today!


eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.