Percentage of IT budgets dedicated to security growing: report

There is a growing recognition of the importance of cybersecurity among employers, judging by the results of a recent study.

Overall, the percentage of IT budgets dedicated to security is growing, reports CDW, and this is true for companies of all sizes.

“We're getting to the point where cybersecurity conversations are no longer a boardroom conversation or something that [people] need to be convinced is important,” says Ivo Wiens, field CTO for cybersecurity at CDW Canada, in talking with HRD Canada.

“People know that cybersecurity attacks can affect business, and they're starting to understand that.”

This is the case even though IT budgets have been dropping, specifically for medium-size employers and enterprises.

^{Source: CDW}

Wiens attributes the drop to the economy and “people’s hesitation to spend money”.

“A lot of Canadian organizations are talking about rationalization of spend now,” he says. “Just like everything else, with the pressure of the economy, IT is taking a hit.” 

Wiens adds that there is still a hangover from company’s outsized spending during the COVID-19 pandemic that’s affecting IT budgets today.

^{Source: CDW}

Over 11 million malware attacks were recorded across the world in the last four years in the wake of cybercriminals utilizing "increasingly sophisticated hacking techniques," according to a previous NordPass report.

How does zero-trust work in detail?

One thing that’s keeping employers’ cybersecurity walls solid is the “zero-trust” approach.

“Zero-trust security is a modern approach to security that is particularly beneficial for organizations that have invested in cloud services to support hybrid work, employee mobility and business innovation,” explains CDW in its report titled Cybersecurity in Focus 2024: Trends, Threats and Strategies.

“Based on the principle of ‘never trust, always verify,’ zero trust ensures that every user, device and network flow is authenticated and authorized before being allowed to access resources. With zero trust, inherent trust is never granted automatically, and scalable architectures can be readily extended to devices and networks, enhancing visibility and control and improving threat detection and response.”

Companies that implement a zero-trust from a security perspective “are doing better from a security perspective,” says Wiens. “They have less breaches.”

However, less than one-third (29 percent) of organizations implementing zero-trust strategies have a policy in place that mandates security monitoring for threat detection.

“In the cloud era, zero-trust security has rapidly gained traction. However, while zero-trust access (ZTA) is an essential component of zero-trust security, it should not be the sole focus. Threat detection and response are equally important measures to ensure comprehensive security and to meet the long-term objectives of the zero-trust strategy,” says CDW.

A mere 1% of organizations in Canada have achieved the level of cybersecurity readiness required to effectively defend against modern risks, according to the latest findings from Cisco’s 2024 Cybersecurity Readiness Index.

Is artificial intelligence playing a bigger role in cybersecurity?

Canadian organizations that prioritize artificial intelligence (AI)-enhanced functions can improve cybersecurity defences, streamline operations and address talent shortages, according to CDW’s survey of over 700 IT security, risk and compliance professionals.

^{Source: CDW}

“Understanding [the] AI policy within your organization is going to be key” in ensuring improved cybersecurity, says Wiens. “AI has been a big part of the conversation this year and understanding how you allow it to be used and setting that up [and identifying] how that fits with zero trust” is important, he says.

Strengthening cloud confidence as employers are navigating the cloud terrain is also important, says Wiens.

“The technology is there. All we need is people and processes.”

However, Wiens notes that the skills gap when it comes to cybersecurity continues to be a problem. More than two in five (43%) of Canadians say they know very little or nothing about AI, according to a previous report.

He adds: “It's always good to do an assessment, to constantly be assessing and making sure that you're doing the right things. Things like penetration testing, things like risk assessments. Things like privacy assessments need to happen. And understanding the value of the assets and [ensuring] that they're being protected is going to be important.”