Decision makers’ guide on why and where to invest in cybersecurity

  • American companies will most likely invest in cybersecurity solutions and employee training (61% of respondents).
  • For 13 years in a row, the US has led the highest data breach costs globally. This year, this number reached a new all-time record of $4.45 million.
  • Malware and phishing attacks are the overall most prominent cyber threats globally and in the US.

According to NordLayer’s cybersecurity research data, most cyberattacks in the US start with phishing (40%) and malware (44%). Ransomware, one of the most menacing recent threats, appears in last place (19%).

LAFFAZ Media
LAFFAZ Media

In addition, organizations of various sizes are not immune to cyberattacks. For example, last year, 92% of large companies experienced a cyberattack at least once, while medium-sized ones – 85% and 58% of small organizations were affected. To make matters worse, the average cost of a data breach is higher than ever before, making cyberattacks a bigger financial burden. Considering all this, businesses nowadays can hardly exist without sufficient cybersecurity investments.

What is the need for a cybersecurity budget?

According to Statista, global spending on information security is expected to increase between 2017 and 2024. However, over 70% of businesses estimate they wasted 25–100% of their cybersecurity investment.

Therefore, even if cybersecurity investment keeps on increasing, expediency is still low.

Our research shows that in the US, the most prominent cyberattacks from last year were phishing (40%), malware (44%), and data breaches (27%). The trends aren’t favorable either, because the US, for 13 years in a row, has led the highest data breach costs globally. This year this number reached a new all-time record of $4.45 million.

The elements of a good cybersecurity

Carlos Salas, a cybersecurity expert and head of platform engineering at NordLayer, shares the most important steps on where to start when creating investments:

Firewalls: If an organization relies on a network, a firewall is a must because it monitors and controls network traffic. Acting as a barrier between the internet and/or other untrusted networks and your private network, it’s the first defense against malicious connections based on predefined rules.

Solutions: Organizations can protect themselves against cyberattacks by purchasing cybersecurity hardware or software solutions, which integrate into infrastructure, providing access to firewalls, antivirus, access control mechanisms, and intrusion detection systems. These technologies work together to halt or mitigate cyberattacks. This is the first choice of US decision-makers, and 61% of them plan to invest in solutions in 2023.

Trainings: The cybersecurity landscape is constantly changing. Therefore, employees’ skills and knowledge need to be periodically refreshed. Cybersecurity training and certifications ensure that employees know the best practices for protecting this information and can identify potential threats. Usually, they are the first target of almost all cyberattacks. This is also the most popular investment among Americans, with 61% of organizations investing in that.

Analyze the background of your company

Salas agrees that cybersecurity solutions can not start without a careful investigation of your business,

“Firstly, acknowledge the change in the cybersecurity landscape, and be aware of cybersecurity challenges and the vulnerability of your business to cyber threats. Malicious actors look for security gaps to exploit zero-day vulnerabilities.”

As various pieces of research show, size, and brand awareness are not factors in determining when and how threat actors will target a business – luck is.

“Also, make sure to assess business-affecting risks. Some industries have more red flags than others due to the nature of the data they process. The exposure to cyber threats can vary depending on the type of service or product the organization provides. Lastly, have a concrete plan for a cybersecurity strategy. It should have concrete processes, as well as clearly state what tools and solutions are used, have continuous employee security training, dedicate staff or consultants, and always have backup plans for different threat scenarios.” Salas added


LAFFAZ is not responsible for the content of external sites. Users are required to read and abide by our Terms of Service.


Editorial Staff
Editorial Staff

The Editorial Staff at LAFFAZ encompasses fandoms of startup culture, crazy researchers, data analysts and writers who decrypt strenuous information into graspable news, produce noteworthy features and compelling stories.

Leave a Reply

Your email address will not be published. Required fields are marked *