Businesses Plan to Spend More on Cybersecurity, Despite Shaky Economic Forecast

Record unemployment claims. A surge in bankruptcies. Warnings of an economic slowdown.

And… an increase in cybersecurity spending?

More businesses plan to increase their cybersecurity budgets in 2021 than decrease them, highlighting the sector’s resilience amid economic uncertainty, according to a new report from accounting giant PwC. More than half of the technology and security executives surveyed said they are increasing their cybersecurity spending, with nearly one out of every 12 reporting a spending increase of more than 10%. In comparison, about a quarter of respondents said they expect to decrease cybersecurity spending next year, while the remainder said it would be unchanged or they didn’t know.

The report, conducted in July and August and released this month, surveyed 3,249 executives from a wide range of regions and industries, including telecommunications, retail, and financial services.

Sean Joyce, PwC’s global cybersecurity and privacy practice leader and a former deputy director at the FBI, attributed the budget growth to rapid changes in the way businesses operate. For example, the shift to remote work has forced companies to rethink their network architecture and invest in data loss prevention and identity and access management tools. He also said that businesses are investing more in training and awareness, in part to help combat phishing scams.

“Initially I expected that—because of the economy and everything else—we would see a slowdown,” Joyce said in an interview. “When I talked to my colleagues, we’ve all been surprised that business has been so resilient, but I think it’s a reflection that rapid change has forced companies to do it securely.”

Additionally, the technology changes and increased cybersecurity risks have elevated the role of security teams, Joyce said. Many corporate boards are giving cybersecurity executives a seat at the table, which can make it easier for them to get funding for new personnel, tools, and training programs.

“For the CISO specifically it has really been a time that they come into front-office discussions,” he said. “From the board level on down, they’re asking themselves as we make these changes, how does it change our risk profile.”