A significant 18% of companies in the Middle East, Turkiye and Africa (META) region have experienced cyber incidents due to insufficient cybersecurity investment in the last two years.

Alarmingly, critical infrastructure, oil & gas and energy organisations suffered the biggest number of cyber incidents due to improper budget allocation (60%), according to a recent study by Kaspersky. And, when it comes to companies’ finances, in the META region one-in-five (24%) admit they do not have the budget for adequate cybersecurity measures.

Kaspersky conducted a study to discover the opinions of IT security professionals working for SMEs and enterprises worldwide regarding the human impact on the cybersecurity in a company. The research – aimed at gathering information on various groups of people who influence cybersecurity – considered both internal staff, and external contractors. It also analysed the impact decision makers have on cybersecurity in terms of budget allocation.

Insufficient distribution of budget for cybersecurity led 18% of companies in the META region to endure cyber incidents in the last two years.

The situation is different for every industry. For example, critical infrastructure, energy and oil & gas organisations suffered the greatest number of cyber breaches because of the lack of budget (60%). Meanwhile, some industries showed a smaller number of cyber incidents than the META region figure (14%).

The telecommunications sector suffered 25% of cyber incidents due to budget constraints, while transport & logistics suffered 17%, and financial services companies 14% of them.

When asked about the budget for cybersecurity measures, 74% of respondents from the META region said they are equipped to keep up with or even stay ahead of new threats.

However, 24% of companies are not doing so well – 22% report that they don’t have sufficient funds to protect the company’s infrastructure properly. At the same time, there are still companies without cost allocations for cybersecurity at all – 2% claimed they don’t have a dedicated budget for cyber protection needs.

Many respondents’ companies from the META region are eager to take steps to strengthen their cybersecurity in the next 12-18 months.

One of the most popular areas of investment is threat detection software (35%) and training, where 41% of companies plan to allocate budget for educational programs for cybersecurity professionals and 42% for training general staff. Other popular measures organisations plan to take soon are introducing endpoint protection software (36%), hiring additional IT professionals (39%) and adopting SaaS cloud solutions (34%).

“Today, companies must align cybersecurity investment with a business strategy and consider cybersecurity as one of their business goals,” comments Ivan Vassunov, vice-president: corporate products at Kaspersky. “Of course, investments must justify themselves and be effective, so the information security department also faces the task of increasing the ROI of investments in information security and defending investments to senior management or the board of directors.

“Also, in addition to reducing mean time to detect (MTTD) and mean time to respond (MTTR), information security is tasked with reducing the cost of a security incident.

“These challenges can be met through the use of various modern approaches and technologies,” he adds.