Despite doubts surrounding efficacy of cyber practices, budgets and insurance policy costs have increased exponentially, according to a recent survey gauging cybersecurity practices among global debt issuers conducted by Moody’s Investors Service.
Increased C-suite focus on cyber risk has led to a marked increase in cyber budgets, the survey of 1,700+ global respondents found.
Between 2019–2023, cyber budgets rose by 70 percent, though there was considerable variance in growth rates among respondents.
Budgets for corporates grew the most—up 100 percent, according to the survey findings.
Overall, issuers say they devoted a median of 8 percent of their technology budgets to cybersecurity, up from 5 percent in 2019.
Cyber insurance premiums increased by a median of 50 percent across the board between 2020 and 2022, with healthcare, housing and higher education sectors reporting a 94 percent increase.
Of those surveyed, 66 percent said they are required to report cyber incidents if there were no breach of personally identifiable information, although Moody’s analysts indicate the number is expected to rise as legislators and regulators worldwide tighten disclosure rules.
Vulnerability disclosure programs were reported by 56 percent of survey respondents, but only 18 percent offer financial incentives for vulnerability disclosures
Cyber security risk assessments were required of new vendors whose personnel or products had access to their in-house computer systems by 80 percent of respondents, though that figure dropped to 63 percent for regular monitoring of existing vendors–indicating a potential area of vulnerability, according to the report.
“Cybersecurity’s enterprise-wide visibility has improved while budgets have grown 70 percent in the last five years, according to Moody’s 2023 cyber survey,” said Leroy Terrelonge, VP-Analyst, Cyber Credit Risk at Moody’s Investors Service. “But advanced cyber practices remain out of reach for many issuers, and survey responses raise questions about the effectiveness of some cyber initiatives.”
In a prior survey conducted by Moody’s, 61 percent of cyber managers reported to a C-suite individual. The current survey indicates 90 percent of cyber managers report to C-suite individuals.
A global cybersecurity workforce gap of about 3.4 million exists, despite the 464,000 people that joined the cybersecurity profession between 2022 and 2023, the survey found.
This cyber security talent shortage coupled with generative AI use introduces new risks, according to Terrelonge.