Cybersecurity budgets across the globe
Does geographic location change how businesses think about cybersecurity?
According to a recent AT&T-sponsored survey, the type and amount of your cybersecurity investments may be significantly influenced by the region in which your organization is based.
On average, the AT&T 2017 Global State of Cybersecurity survey found that companies located in Asia-Pacific (APAC) are investing more heavily in cybersecurity defenses and cyberinsurance than their counterparts in the U.S. and EMEA.
For example, 58 percent of APAC respondents said they were allocating 10 percent or more of their organization’s budget to cybersecurity, compared to just 47 percent of EMEA respondents and 39 percent of U.S. respondents. That disparity is likely to grow even greater, with 40 percent of APAC companies expecting cybersecurity budgets to increase – by an average of 18 percent – in the coming 12 months.
By comparison, just 31 percent of EMEA respondents expect budget increases in this area, with the increases averaging 12 percent. In the U.S., less than one-quarter (23 percent) expect their cybersecurity budgets to go up, although the average predicted increase among those expecting a bump is 18 percent, the same as in APAC.
What accounts for these investment disparities?
The most obvious reason is a difference in the experience of successful attacks – 39 percent of APAC respondents said unauthorized individuals or groups had taken data from their organizations in the prior 12 months. Just 27 percent of U.S. respondents and 25 percent of EMEA respondents said the same.
Cybersecurity Insights report
The recently published Cybersecurity Insights report from AT&T, which draws from the same AT&T global survey, provides additional insights about the investment variations.
Among them: APAC organizations indicate they are particularly vulnerable to two of the most pernicious forms of cyberattacks – those based on mobile devices and those based on Internet of Things (IoT) devices. Consider:
- Among all survey respondents, employee mobile devices were the primary source of just over half (51 percent) of the data breaches experienced in the prior 12 months. However, these devices were the primary source for 63 percent of the breaches among APAC respondents.
- Likewise, IoT devices were the primary source of 35 percent of the past year’s data breaches overall, but accounted for 46 percent of the APAC-based incursions. Looking forward, 78 percent of the APAC respondents expect IoT threats to increase in the coming year, compared to just 68 percent of the full survey pool.
The new AT&T report also includes some fascinating insights into how companies in the different regions plan to allocate their budgets. There are notable differences, for instance, in their reliance on in-house cybersecurity employees, managed service providers and third-party consultants.
Another difference is in the anticipated growth of cybersecurity staffs at companies in the different regions. Perhaps not surprisingly, the heavily investing APAC organizations are the most bullish when it comes to such hires: 66 percent of the APAC respondents plan to increase their cybersecurity headcount in the coming year, compared to 46 percent of U.S. respondents and 43 percent of EMEA respondents.
Other investment differences range from the degree of reliance on cyberinsurance policies to the anticipated investment in cutting-edge defensive technologies. In aggregate, the AT&T survey data makes clear that neither the nature of cybersecurity threats nor the investments to combat them are uniform across the globe.