Light Dark
August 6, 2021 By Mike Elgan 2 min read
Cloud Security
Data Protection
Risk Management
Security Services

Spending on cybersecurity is hitting record highs. And that makes sense. Because of big changes in how work gets done (plus the rising cost of breaches and attacks, like ransomware), companies are spending more than ever. But simply throwing money at the problem in order to try to become more cyber resilient is not a solution.

It’s time to think about exactly where and how you’re directing new spending. Let’s explore how to focus on the future and advanced security tech and strategies.

Why Spending Is Rising

According to McAfee, cybercrime cost more than $1 trillion in 2019. Canalys estimates a 10% rise in cybersecurity spending this year. And Gartner says security spending will rise 12% in 2021 over the previous year, reaching $150 billion!

Why? First, higher costs come with the shift to remote and hybrid workforces. And security is usually top of mind when businesses and agencies work on becoming cyber resilient. Defending and following regulatory demands around the cloud can also increase costs. Gartner says that while spending is rising across all relevant vendor areas, some — like apps, the cloud and, above all, hardware support, implementation and outsourced services — take the bulk of the cash.

The truth is that spending is on the rise because it’s clear that not doing so can be expensive both in terms of actual finances and the company’s good name.

Smart Spending for a Cyber Resilient Future

Every increase in spending is a new chance to set your group up for success going forward. It helps build the foundation for more efficient and effective cyber defenses. Do this by taking a close look at the following:

Where Are You Spending Too Much?

Businesses and agencies often spend some of their defense budget on threats that no longer exist or pose a very small financial risk. Yes, run a cost-benefit analysis on under-spending on the big threats, but also do the same to figure out overspending on the small or non-existent ones. It won’t help you become cyber resilient if it’s not defending against a plausible threat in the first place.

Other costs do not apply directly to getting more tech. Chronic understaffing has pushed employers to spend big on consultants and outsourcing. New tech may allow companies to boost their cyber defenses with fewer staff, thus saving money by spending more on tech. Make sure you compare the price of consultants and outsourcing against doing it in-house.

If hiring is the barrier, work on that problem. See if you can hire from the inside, train and bootstrap your way to a solution, rather than just hiring others from outside.

Key Tools to Become Cyber Resilient

Separate tools that overlap are another needless expense. Focus less on this tech for that threat and instead consider your overall strategy for becoming cyber resilient.

Seek out tools and solutions that address not only the most common vulnerabilities and exposures that could be costly, but also help discover and quickly fix new, unknown threats. Artificial intelligence-based tools that can discover emerging threats can go a long way toward future-proofing your cybersecurity posture.

There are both challenges and opportunities aplenty in this field. Just look at the pros and cons of remote and hybrid work and of the cloud. You can face rising and costly threats by making sure your strategy fits the future, not the past. That way, you can stop spending too much, spend more wisely and boost cyber resilience all at the same time.

 |  |  |  |  |  | 
Mike Elgan

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature