Despite a 25% increase of the cost of major cyber incidents in 2022 compared to 2021, the new report on cybersecurity investment reveals a slight increase of 0,4% of IT budget dedicated to cybersecurity by EU operators in scope of the NIS Directive.
However, if organisations are inclined to allocate more budget to cybersecurity, 47% of the total of organisations surveyed do not plan to hire information security Full Time Equivalents (FTEs) in the next two years. Besides, 83% of these organisations claim recruitment difficulties in at least one information security domain. Such hiring issues surfacing in the report could be one of the factors when it comes to managing vulnerabilities.
Indeed, an analysis on patching of critical IT and OT assets in the transport sector shows that 51% of the organisations in the transport sector need one month to patch critical vulnerabilities and 21% need a time between 1 month and six months. Only 28% of the surveyed organisations fix critical vulnerabilities on critical assets in one week.
EU Agency for Cybersecurity, Executive Director, Juhan Lepassaar, said: “Allocating sufficient budgetary and human resources to cybersecurity is key to our…
