Increasing investments in cybersecurity generate ROI of 179%


Increasing investments in cybersecurity can generate a significant return on investment (ROI) of 179%, according to a new study released by ESI Thoughtlab.

The study, which was conducted on some 1,009 companies across 13 industries and 19 countries, has revealed that increasing investments in cybersecurity provide greater protection as companies cope with the fallout from COVID-19.

Companies surveyed spent $9.6 million on cybersecurity in 2019 or $515 per employee and 97% of these firms plan to expand their spending by 14% in 2020.

The investments were directed in three areas: people, process, and technology.

While the average ROI is 179%, it ranges from 271% for investments in people, 156% for process, and 129% for technology. 

Related articles:
Security concerns drive IoT rollouts toward private networks, study finds
External attacks on corporates’ cloud accounts grow by 630%

Investments in people result in a 46% decline in the probability of a breach vs. 30% for process and 37% for technology.   

Lou Celi, the CEO of ESI Thoughtlab, said: “These cybersecurity investments can generate enormous ROI for companies, particularly for those in earlier stages of cybersecurity maturity.

“The reliance on digital technology during the pandemic, together with the rise of remote working, shopping, and healthcare, have served as a stress test for corporate cybersecurity systems. Our CISO interviews have revealed that companies with advanced protection, detection, and response frameworks, backed up by strong cybersecurity hygiene and governance, have fared well during the crisis.”  

Other key study findings include:
  • Companies still need to do more to combat rising threats. One in three attack attempts over the last year resulted in a successful breach.
  • The most effective cybersecurity frameworks are the NIST and ISO.
  • 64 of 151 companies (42%) classified as leaders in NIST compliance are advanced in cybersecurity effectiveness.
  • The largest losses reported by companies are from malware (66%), phishing (60%) and password reuse (49%).
  • With digitisation expected to increase in the next two years, cyber attacks are also expected to increase through artificial intelligence (38%), denial of service (34%), and web applications (29%).
  • Sectors including finance, energy, automotive, retail and telecom are expected to record an increase in attacks due to geopolitical and social unrest growing, and greater economic volatility ahead.

Click here for more information about the report.