COMMENTARY: Cybersecurity threats have reached new heights, with businesses facing ongoing disruptions from a continuous wave of attacks. This year’s high-profile incidents offer only a glimpse of the relentless challenges security teams face.
Our 2024 State of Trust Report found that 55% of organizations now deal with the highest security risks they’ve ever faced, and half of them are hit with cyber attacks every week.
The rise of AI-powered threats will only make life harder for security pros, as these sophisticated attacks are tougher to catch and stop. Cybercriminals are using machine learning to craft more convincing phishing emails, find vulnerabilities faster, and create malware that can slip past traditional defenses.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Yet, despite these growing threats, security teams still aren’t getting the support and resources they need. Vanta’s research found that only 11% of IT budgets are allocated to security: far below the recommended 17%. This lack of investment doesn’t make good business sense given today’s risks.
And without the right resources and the continued challenges companies face to find skilled security people, organizations face an uphill battle in defending against sophisticated attacks.
The cost of underinvestment
This gap in funding and personnel resources comes with a hefty price tag: IBM’s 2024 Cost of a Data Breach Report shows that the average cost of a data breach has climbed to $4.88 million. But the financial hit isn’t the only issue—companies also lose customer trust, facing reputational damage and potential fines. In some cases, a major security breach can lead to losing significant market share or even shutting down entirely.
Companies also face growing compliance challenges. Our research found that time spent on manual security compliance tasks increased to over 11 weeks in 2024, up from 10 weeks the year before. And this increase reflects rising expectations, as nearly two-thirds (65%) of organizations report that customers, investors, and suppliers demand more proof of compliance than ever before.
With new regulations like the EU’s Digital Operational Resilience Act (DORA) and the SEC’s cybersecurity disclosure rules, companies are under increased pressure to allocate more resources to compliance. While it’s important to stay compliant, it often involves trade-offs that come at the cost of other genuine security improvements.
Good security means good business
When companies prioritize cybersecurity and demonstrate trust through compliance with regulations and frameworks, they protect data and also reassure customers, investors, and partners—strengthening relationships and elevating their reputation.
And, as security expectations rise, CEOs, boards and IT leaders take notice of the business value of investing in trust. According to our research, nearly half of business and IT professionals (48%) believe that robust security practices directly enhance customer confidence, while 46% see it as an important way to reduce financial risks. This clearly communicates that strong security isn’t just a safeguard: it’s a strategic advantage.
Companies take advantage of this opportunity today by using AI and automation to streamline security compliance. This boosts efficiency and also promises to free-up time for teams to focus on more strategic work, instead of getting bogged down with repetitive, manual tasks. Vanta’s research found that security teams can save an average of 3 to 5 hours a week by automating tasks such as user access reviews, employee management, and answering security questionnaires. It’s no wonder that nearly half (44%) of organizations have increased their investment in automation for security over the past year.
The question of whether security leaders are getting what they need has some definite solutions. With the right resources and a willingness to embrace new strategies, security teams can bridge the gap between where they are now and what the team needs to accomplish in the future.
It’s important to show that investing in cybersecurity isn’t just about preventing risks: it’s about building trust, protecting reputation, and driving growth. Companies that understand this and empower their security teams will stay in the best position to thrive in today’s digital world.
Matt Cooper, head of governance, risk, and compliance, Vanta
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
