Romanian companies are inclined to increase their spending on enhancing the cybersecurity of their business, indicates a study commissioned by Safetech Innovations SA, a Romanian cybersecurity company.
Despite the significant increase in the number and sophistication of cybersecurity attacks, only four out of 10 companies are concerned about the possibility that their company could be a victim of an attack while three out of 10 businesses consider it highly unlikely and therefore are not concerned about cybersecurity.
“The results of the study indicate clearly that Romanian managers see cybersecurity as a priority and a significant risk, yet still only a handful of companies are taking any action in this regard. Moreover, even though we see an increase in the value of budgets allocated to the cybersecurity, these are still small and in most cases – insufficient considering the needs. The biggest challenge that we see is the perception that cybersecurity is a cost without immediate return on investment. We recommend to all the managers to consider the expected loss in case of a cyberattack as a measure of return” said Victor Gansac, CEO at Safetech Innovations.
62% of the Romanian companies consider cybersecurity a key priority for their business. Large companies with over 250 employees pay higher attention to cybersecurity as 76% consider it important, compared to 58% of SMEs. Despite awarding high importance to cybersecurity, only a third of the companies have implemented policies and procedures against cybersecurity attacks and less than half has dedicated person within the company who oversees cybersecurity. Half of surveyed companies is willing to outsource cybersecurity to an external company. 20% of companies that participated in the survey indicated that they do not consider cybersecurity sufficiently important to appoint a dedicated employee.
Antivirus solution remains the most common IT service used both by medium- as well as large companies and was indicated as implemented means of protection by 86%. Other methods of protecting business against cyberattacks included using professional Wi-Fi (60%), investing in network security (58%) as well as disaster recovery (45%). The study indicated that 6% of surveyed companies experienced a cybersecurity attack between September 2019 and September 2020. A quarter of the companies managed to restore the system within one hour from the attach while 75% restored the system within one day. One in 10 companies confronted with a cybersecurity incident within the last year, out of which the most important were information systems disruption, violation of personal data security and data destruction or corruption.
When it comes to the weight of the expenditure in the IT budget, assigned budget for cybersecurity solutions in 2020 amounted to 11% of the total IT budget. Larger companies assigned higher budgets for cybersecurity solutions than the medium one (15% vs. 9%). In 2021, 25% of companies estimate their IT spending budget will increase, 55% consider it will remain at the same level as in 2020 while 4% of companies expect a decrease in expenses related to cybersecurity. On average, Romanian companies plan to spend 14% of their IT budgets on cybersecurity in 2021.
Safetech Innovations estimates that the Romanian cybersecurity market will grow significantly starting from 2021, in the context of transposition of the NIS Directive into the Romanian legislation through Law no. 362/2018 for ensuring a high common level of security of networks and information systems. The first step in the implementation of the Directive took place on 17 December 2020 when operators of essential services in the following sectors: energy, transport, banking, financial market infrastructure, health, drinking water supply and distribution, digital infrastructure were required to notify CERT-RO – the national competent authority for security of networks and information systems – for registration in the Register of operators of essential services.
210 companies based in Romania have participated in the quantitative survey carried out by MIA Marketing for Safetech Innovations. The companies came from finance and banking, energy, utilities, manufacturing as well as online retail sectors. The survey took place between September and October 2020 and included the IT&C decision makers: CEOs, Chief Security Officers and IT Managers.