Majority of Small Businesses Prepared to Allocate Budget for Cybersecurity Measures Only When Legally Compelled
==========================================================
In the rapidly evolving digital landscape, Russia is experiencing a significant shortage of Information Security (IS) specialists, with the gap predicted to persist for another five years, affecting approximately 27,300 positions.
Amidst this shortage, businesses are taking steps to bolster their cybersecurity. According to a recent survey, 53% of businesses plan to increase their IS budget, with 14% aiming for a significant increase. However, 18% have yet to decide about increasing their spending on IS this year.
The lack of qualified specialists is a concern for small and medium-sized enterprises (SMEs) as well. Seven percent of SMEs do not have qualified specialists in their staff and entrust IS to an office manager.
Despite the challenges, there are promising signs. In 2025, 74% of small and medium-sized businesses are ready to enhance their cybersecurity if new regulatory requirements and changes in legislation are introduced.
Senior partner Dmitry Korreshnikov of Advokat Bureau LOYS discussed steps to avoid fines for information leaks. While specific details were not available, common violations in handling personal data often include unauthorised access or sharing, insufficient protection measures, failure to obtain proper consent, inadequate response to data breaches, and non-compliance with legal data handling requirements.
To avoid such violations and legal consequences, experts recommend conducting regular audits and risk assessments, implementing strong technical and organisational security measures, establishing clear internal policies and employee training, promptly detecting and reporting data breaches, ensuring compliance with applicable data protection regulations, limiting data access strictly to authorised personnel, and seeking legal consultation.
Job applications for cybersecurity specialist positions decreased by 6% in 2024, which could exacerbate the current shortage. Companies in Russia could face a fine of up to 20 million rubles for failing to submit a notification of personal data processing to Roskomnadzor.
Respondents are most concerned about DDoS attacks, malicious software, phishing attacks, corporate account hacking, and software vulnerabilities. Numerous companies are discussed to be at risk of fines for information leaks.
However, there are positive signs. Twenty-eight percent of SMEs have an in-house cybersecurity specialist, and 13% have a full-fledged IS team. The most popular security measures mentioned by respondents are antivirus software, Virtual Private Networks (VPN), password policy, data backup, and data encryption.
For 23% of respondents, IS expenses have decreased over the past year, and for 7%, they have significantly decreased. However, for 69% of respondents, IS expenses have remained unchanged or increased slightly over the past year.
As the digital landscape continues to evolve, it's essential for businesses to stay vigilant and proactive in their approach to information security.
- To address the current shortage of Information Security (IS) specialists in Russia, businesses are increasing their IS budgets, with 53% planning to do so and 14% aiming for a significant increase.
- In response to the growing concerns about cybersecurity, 28% of small and medium-sized businesses in Russia already have an in-house cybersecurity specialist, while 13% have a full-fledged IS team.
