Businesses are not spending enough on security

24 March 2016

Cyber security budgets are still not in-line with rising threats


Businesses might be increasing their cyber-security budgets, but they are still not doing enough, according to a new report.

The Institute of Information Security Professionals (IISP) says that although businesses are investing more in their cyber-security, the increase is still not in-line with rising threats.

While two-thirds of members polled  by the IISP said security  budgets have increased, 60% of budgets are still not keeping pace with the rise in the level of threats, and only 7% of respondents reported that security budgets were rising faster than the level of threat.

“In times of financial pressure or instability, as we have seen in recent years, security is often seen as a supporting function or an overhead,” said IISP director Piers Wilson

“Security budgets are hard won because they are about protection against future issues, so are a good indication of the state of risk awareness in the wider business community.”

Wilson said that while it is good news that businesses are increasing investment, it is clear that spending on security is still not a top priority or at a level that matches the changing threat landscape.

Overall, the results of the IISP survey showed there are growing challenges from more types of attack, more sources of threats, greater reliance on increasingly complex IT systems, shortage of effective security staff and a regulatory environment that is both fluid and challenging.

For further information on the IISP report visit

Amethyst are cyber security and information assurance specialists. Our expertise and comprehensive range of risk management services help you identify and understand risk so it can then be reduced and successfully managed. To find out how we can help and support your business please email





Contact us for more information

<< Back to Latest News items