High-profile attacks such as the ransomware attacks against Kaseya and, more recently, Sinclair TV stations have made executives and boards more supportive of security investments and budget requests. Indeed, respondents to Dark Reading's 2021 Strategic Security Survey reported substantial increases in the size of their security organizations. A greater portion of their overall IT budgets is also being allocated to cybersecurity.

However, security leaders are still struggling to get the investments in areas that would have the most impact. About 70% of the respondents agreed or strongly agreed that the attacks on Colonial Pipeline and meat-packing company JBS significantly increased their organizations' concerns about ransomware. But 70% of respondents also said their cybersecurity staffs are stretched too thin, which may result in burnout and increased risk to data. In the survey, 60% said the organization is well-prepared to respond to a major data breach in the coming year.

Security investment tend to still be reactive, according to the survey. “Make risk and business needs part of a cybersecurity framework which would focus our spending where it is needed,” a respondent noted.