How companies’ spending on cyber protection has changed in 2023

Russian companies have increased spending on cyber defense. More than half of all enterprises in 2023 increased budgets for these purposes by an average of 20%, according to a study by Yandex Cloud and Business Solutions and Technologies. About 300 representatives of companies, in particular from the banking sector, retail and industry, took part in it. Most of them invested in software and purchasing licenses for new cyber protection services. Moreover, companies have begun to increasingly use machine learning models against hacker attacks, and cloud technologies for privacy.

Kommersant FM asked representatives of Russian business how they strengthen their security systems? For example, Bitrix 24 has significantly increased the budget for the development of information security. Most of the funds go to orders for external audits, said the co-founder of the service, Sergei Ryzhikov: “Over the past year, we increased the budget by more than 50% and even opened a department at our university, which began to train security specialists.

We recruited new employees and increased spending on technical equipment. A separate expense item – it was large, but has now grown significantly – is attracting and ordering an external audit, Bug Bounty programs, searching for vulnerabilities in the infrastructure – everything that allows you to minimize risks.

What is the current trend for the development of information security in companies? When attacking, hackers actively begin to use artificial intelligence. Accordingly, defense companies are also starting to use it to analyze infrastructure, vulnerabilities, and search for methods that are used to write code. This is a component that is already used by employees, and in the future it will apparently be used in some automated systems.

Protecting personal data and their information systems is becoming a mandatory part for most companies. And this is rather unexpected for business; many are not ready for this. They don’t pay enough attention to information systems, don’t update software and website software, and ultimately put themselves and their clients’ data at risk.”

A quarter of the survey respondents noted that they plan to introduce artificial intelligence into their companies to improve security. It is most often used to solve two problems: detecting anomalies in large volumes of data and managing incidents. Such algorithms are most common in the financial sector—about 70% of companies use them there. Retail is in second place with a share of 14%. Transasia Logistics, in particular, intends to implement AI to improve information security. The company’s executive director, Kirill Latinsky, told Kommersant FM about this:

“Compared to last year, we increased the cybersecurity budget by 21%. In 2023, they spent 10-15% on this. The IT director is tasked with finding mechanisms for implementing artificial intelligence not only into the security system of the company’s IT infrastructure, but also using it in automating business processes by the end of 2024.

In the current realities, it is necessary to invest in cybersecurity at a faster pace than it was before the events of 2022. There were no attacks on us, but some partners were affected. As a rule, this is a blocking of the entire system with further extortion. It’s better not to lead to such events, look in advance at the mechanisms that will not allow an effective attack on our company.”

One of the most dangerous hacker attacks is database leakage. Such risks are typical for companies with a large number of clients. Thus, in medical clinics, the issue of maintaining confidentiality is very acute, Boris Churadze, chief physician of the K+31 clinic chain, told Kommersant FM: “We seriously focus on information security issues. One of the key values ​​that the clinic carries for its patients is the confidentiality of health data. This is a key factor, and we know many examples of serious database leaks.

When it comes to cybersecurity, artificial intelligence is one of the frequently used tools. There are, for example, antivirus protections that use AI systems to model threats and create protection for local databases.

Modern hacker systems allow you not only to take information, but even change it, which is even worse.

The clinic’s spending on cybersecurity in 2023 increased significantly, by no less than 50%. We also have a serious budget for 2024. In 2024 there will definitely be no less, I think even more.”

According to the study, already this year the average amount of investment in cyber protection for each small and medium-sized business company can range from $40 thousand to $80 thousand. The demand for such technologies in Russia is confirmed by iKS-Consulting data: the global IT infrastructure outsourcing market is about $200 billion per year, and domestic – less than $1 billion.

---

Everything is clear with us – Telegram channel “Kommersant FM”.