{"id":4552,"date":"2025-08-27T07:30:00","date_gmt":"2025-08-27T07:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4552"},"modified":"2025-08-27T07:30:00","modified_gmt":"2025-08-27T07:30:00","slug":"only-49-of-companies-to-increase-cyber-budget-after-a-breach","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4552","title":{"rendered":"Only 49% of companies to increase cyber budget after a breach"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>The long held conventional wisdom that organizations commit to increased cybersecurity investments only after a breach has taken a hit.<\/p>\n<p><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\">IBM\u2019s latest annual Cost of a Data Breach study<\/a> reports a significant reduction in the number of global organizations that said they plan to invest in security following a breach \u2014 49% in 2025 compared to 63% in 2024.<\/p>\n<p>Experts quizzed by CSO were split on whether the drop in post breach spending was \u201cfoolhardy\u201d or reflective of a growing realization that reactive spending is ineffective.<\/p>\n<p>\u201cHistorically, breach-driven investments have served as wake-up calls for boards, but the latest data shows fatigue is setting in,\u201d says <a href=\"https:\/\/www.linkedin.com\/in\/amirams\/\">Amiram Shachar<\/a>, CEO at cloud security firm Upwind. \u201cReactive, post-breach spending is neither effective nor sustainable.\u201d<\/p>\n<p>Shachar adds: \u201cContinuous proactive security programs that mature as workloads expand in the cloud, from protecting the configurations layer to protecting workloads at the runtime layer continuously increase coverage and reduce the possibility of a breach, deliver far greater impact.\u201d<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/aaronwperkins\/\">Aaron Perkins<\/a>, founder at Market-Proven AI, argues that companies are realizing that once you reach a certain threshold, additional cybersecurity spending doesn\u2019t necessarily translate to proportional risk reduction.<\/p>\n<p>\u201cOrganizations that have experienced breaches are shifting from reactive spending to calculated risk management \u2014 focusing on optimizing existing investments rather than simply adding more layers,\u201d Perkins says. \u201cThis reflects organizational maturity beyond the \u2018security at any cost\u2019 mentality toward more sophisticated, ROI-driven decision-making.\u201d<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/zacharylewis1\/\">Zach Lewis<\/a>, CIO and CISO at the University of Health Sciences and Pharmacy in St. Louis, tells CSO that IBM\u2019s numbers are unsurprising because breaches are failing to spark the same urgency they used to.<\/p>\n<p>\u201cToo many companies chalk [breaches] up as an inevitable cost of doing business and move on,\u201d Lewis says. \u201cThe problem is, attackers are getting smarter and faster, and if you\u2019re not updating your defenses, especially with tools that can keep up with them, you\u2019re leaving the door wide open for the next hit.\u201d<\/p>\n<p>Moreover, given the board-level emphasis on cybersecurity over the past several years, the post-breach budget question also puts boards on the spot.<\/p>\n<p>\u201cIncreasing security spend after a breach requires executives to acknowledge that they have been underinvesting in the first place,\u201d says <a href=\"https:\/\/www.linkedin.com\/in\/jrebholz\/\">Jason Rebholz<\/a>, advisory CISO at managed detection and response vendor Expel.<\/p>\n<h2 class=\"wp-block-heading\">Risk transference<\/h2>\n<p>More security leaders are choosing to transfer rather than mitigate risk through <a href=\"https:\/\/www.csoonline.com\/article\/571703\/cyber-insurance-explained.html\">cyber insurance<\/a>, a business decision that can shift responses to any security breach.<\/p>\n<p>\u201cThe drop in post-breach spending suggests a split mindset: Some companies rely on cyber insurance to absorb the impact, while others have already built resilience through frameworks like NIST CSF [Cyber Security Framework]. In those cases, breaches drive lessons learned and fine-tuning rather than new investments,\u201d says <a href=\"https:\/\/www.linkedin.com\/in\/elliottfranklin\/\">Elliott Franklin<\/a>, CISO of reinsurance firm Fortitude Re.<\/p>\n<h2 class=\"wp-block-heading\">Complexity and broken processes<\/h2>\n<p><a href=\"https:\/\/www.crashplan.com\/leadership\/todd-thorsen\/\">Todd Thorsen<\/a>, CISO at data recovery vendor CrashPlan, said that some breach victims may conclude that they were more exposed to the complexity of their IT environment rather than insufficient investment.<\/p>\n<p>\u201cComplexity can be as big a problem as underinvestment in security \u2014 duplicative systems, poorly managed integrations, shelf-ware, etc.,\u201d he says. \u201cThis may lead to some organizations simplifying their environments in the wake of a breach and focusing on the right tools, optimization, and consolidation.\u201d<\/p>\n<p><a href=\"https:\/\/www.vectra.ai\/about\/author\/mark-wojtasiak\">Mark Wojtasiak<\/a>, VP of product research and strategy at Vectra AI, argues that the decline in post-breach investment intentions suggests a wider shift of mindset among cybersecurity professionals.<\/p>\n<p>\u201cMany security leaders now see breaches less as a signal to buy more and more as an indicator of broken processes, governance gaps, or underutilized capabilities,\u201d he says. \u201cAs a result, rather than seeking fresh budget, organizations are focusing on improving how they use existing technology and partners.\u201d<\/p>\n<p>Other experts were far less sanguine about suggestions that breached firms were less likely to invest in cybersecurity improvements in the wake of a breach.<\/p>\n<p><a href=\"https:\/\/www.northdoor.co.uk\/about-us\/management-team\/aj-thompson\/\">AJ Thompson<\/a>, chief commercial officer at Northdoor and member of IBM\u2019s Worldwide Security Advisory Council, described the finding as \u201cdisturbing.\u201d<\/p>\n<p>\u201cThe fact that an organization has been breached means that there is already a vulnerability in place that can be exploited \u2014 not addressing this with increased security is foolhardy,\u201d Thompson says.<\/p>\n<h2 class=\"wp-block-heading\">Limited focus on AI-driven security enhancements<\/h2>\n<p>Less than half of those that plan to invest post-breach will focus on AI-driven security solutions or services, according to another key finding from IBM\u2019s report.<\/p>\n<p>\u201cThe limited focus on AI-driven solutions is surprising, given how AI and gen AI are reshaping the threat landscape,\u201d Upwind\u2019s Shachar says. \u201cOrganizations need tools that can secure AI workloads against risks such as data leakage, adversarial manipulation, and unauthorized model access \u2014 gaps traditional defenses can\u2019t address.\u201d<\/p>\n<p>Fortitude Re\u2019s Franklin adds: \u201cAI has a role, but it won\u2019t solve process failures \u2014 strengthening governance and automating fundamentals remains the smarter path.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The long held conventional wisdom that organizations commit to increased cybersecurity investments only after a breach has taken a hit. IBM\u2019s latest annual Cost of a Data Breach study reports a significant reduction in the number of global organizations that said they plan to invest in security following a breach \u2014 49% in 2025 compared [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4552"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4552"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4552\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4553"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}