Skip to content

Cybersecurity training becomes the biggest IT investment in USA

  • by
  • 4 min read

As cybersecurity attacks and threats rapidly increase worldwide, companies must train their employees to spot and prevent attacks, which often appear out of simple mistakes. So far, business budgets didn’t take cybersecurity training that seriously, but this trend seems to be changing, at least in the US. 

According to research from Nordlayer, cybersecurity training and purchasing cybersecurity services or solutions are the most popular investments for US businesses. 67% of IT companies now have in-house specialists for cybersecurity excursions, while 24% outsource such tasks.

Companies are starting to prioritise spending towards cybersecurity. | Source: Nordlayer

The trend only seems to increase as research shows that spending on cybersecurity solutions, services, and applications will remain a priority in the 2023 budget. Almost 37% of the US companies included in the survey plan to allocate a quarter of their budget for IT requirements in 2023, while another 29% will dedicate as much as half. Only about 4% of the companies surveyed don’t plan to spend anything on cybersecurity, most of which are small companies with less than 10 employees. 

In the News: Microsoft plans to switch to cloud-based Windows

What has caused this rise in cybersecurity budgets?

The need for cybersecurity investments is easily demonstrated by the number of cyber incidents in 2022. Phishing, malware, data breaches, identity theft and social engineering are the top five cyber incidents last year, with Phishing and malware attacks alone responsible for 39% and 34% of all cyber incidents in 2022.

Larger companies are more prone to cyber attacks as well. Nordlayer’s research data confirms that medium (11-200 employees) and large companies (200+ employees) are exposed to cyber incidents more often. 

Larget companies are more prone to cyber attacks. | Source: Nordlayer

Considering how the top reasons behind a cybersecurity incident are easily preventable if employees have the right training to deal with such situations. Companies with a cybersecurity awareness mindset are more likely to assess any risks they face. On the other hand, companies that aren’t as advanced or protected when it comes to cybersecurity are often an easy catch for threat actors and often end up being a training ground. 

That said, regardless of the company size, cybersecurity maturity or industry, the human factor, whether as an internal threat or attacker motivation, is “purely a wild card in the context of the cybersecurity landscape”, adding yet another reason why companies need to be training their employees right. 

The company’s size also matters regarding the type of attack it might face. Small businesses are more likely to face identity theft (12%) or data breaches (11%). Medium-sized businesses often have to deal with malware (43%), social engineering (30%), and insider threats (29%), and finally, large-scale companies, which also face the most attacks at around 92%, often run into malware (43%) and phishing attacks 42%). 

As for protective measures, companies in the US spend most of their IT budgets on antivirus software (84%), secure password sharing (74%), and file encryption solutions (70%). Business VPNs and Cyber insurance follow suit at 57% and 43%, respectively.

Purchase of cybersec solutions and services takes the most money in 2023. | Source: Nordlayer

Ultimately, it all comes down to the fact that every employee is responsible for cybersecurity, not just the IT department. According to Carlos Salas, a cybersecurity expert at Nordlayer, companies “should have cyber mitigation and remediation solutions and backup plans for threat scenarios” besides employee training and having dedicated staff for responding to cybersecurity incidents.

In the News: Instagram and Facebook get new parental control tools

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: