Three trends to consider when building your 2022 cyber budget

November 9, 2021

11Cyber 2022 Trends

If your organization is struggling to keep up with proliferating cyber threats, you’re not alone.

Danny Timmins, CISSP, is MNP Digital’s National Cyber Security and Privacy Leader. Danny and his team have extensive experience advising business leaders and boards of directors on cyber security risks, trends and opportunities and have helped many Canadian organizations improve their resilience to attacks.

According to the 2021 Security Priorities Study, conducted by tech media company IDG, nine out of 10 IT and security leaders believe their organization is failing to keep pace with the evolving cyber landscape. In response, they’re pushing their respective companies to increase their cybersecurity budgets and allocate spending to address the biggest gaps.

For the most part, organizational leaders seem to be listening. The average small-to-medium business plans to double its cyber spending over the next 12 months, according to report respondents—jumping from an average annual $5.5 million cyber spend to $11 million.

But where will the extra money go? According to the survey, most companies will use it to strengthen three core areas:

1. Internal protection

According to the report, 44% of security incidents in 2021 were the result of a weak human firewall, or employees who unintentionally facilitated a cyber breach, by falling victim to such things as phishing scams. In 27% of cases, unpatched software was to blame, while misconfigured services or systems accounted for 26%.

Given that the vast majority of workplaces were still remote in 2021, this trend makes sense. Home offices simply don’t offer the same protection as the traditional in-office setup—there’s no one to consult if you get a suspicious email, and it’s easier to overlook a critical software update. Even within traditional in-office set-ups, phishing emails are becoming more sophisticated, making it easier for individuals to unknowingly click if they don’t know what to look for.

To overcome these risks, a growing number of organizations plan to bolster spending in employee security and awareness training. This type of training can not only help employees identify red flags when opening emails, but educate them on the importance of locking computers when they step away, implementing multifactor authentication requirements, avoiding unsecured networks and using strong passwords.

2. Stringent segmentation

When a cyber breach occurs, it can quickly infiltrate your high-value systems—that is, unless you take steps to strengthen the divisions between these systems.

11Teal quotation marks
"The average small-to-medium business plans to double its cyber spending over the next 12 months."

– IDG, 2021 Security Priorities Study

In 2022, many organizations plan to do just that. They recognize that, at this stage in the game, a breach is all but certain to happen. However, if you take steps to contain it, the damage can be dramatically reduced.

Not only are companies allocating more of their cyber budgets to thoroughly map the potential spread of a breach—and flag pertinent infrastructure vulnerabilities—but they’re also investing in new security tools, like zero trust. According to the IDG survey, 52% of respondents plan to research or pilot zero trust technology in 2022—a security tool that essentially replaces implicit trust of elements, nodes and services with stringent authentication and authorization processes.

3. External support

As cyber threats become more prevalent and complex, they’re exceeding the capabilities of internal IT departments, causing 49% to consider outsourcing some of their security functions (and 13% to outsource all their IT security functions over the next 12 months).

In most cases, this investment will seek to strengthen existing outsourcing efforts. Today, 38% of companies already rely on third party vendors to conduct evaluation services (e.g., penetration testing, risk assessments and security audits), while 33% outsource network monitoring efforts, endpoint and cloud, and security analytics. Companies plan to add to this over the next 12 months through things like behaviour monitoring and analysis (29%).

A critical step forward

If you’ve decided to enhance your cyber posture in 2022 and beyond, MNP can help. Our multidisciplinary team has the skills, expertise and experience to support you on your journey—however far along you may be. From vulnerability and cyber risk exposure assessments, to strategic and tactical planning support, we’re here for you every step of the way.

Want to learn more or to find a trusted cyber advisor? Reach out to us — we would be happy to chat.

Request a free consultation to explore your cyber security and privacy options.