Most small businesses are prepared to invest in cyber security measures only when compelled by legal mandate
In the rapidly evolving digital landscape of Russia, two significant challenges have emerged: a shortage of Information Security (IS) specialists and the complexities of complying with personal data handling regulations.
According to recent reports, the shortage of IS specialists in Russia stands at an estimated 27,300 people, a gap that is expected to persist for another five years. Meanwhile, the demand for cybersecurity expertise is on the rise, with a 17-50% increase in cybersecurity specialist vacancies in 2024, as per job search services.
On the other hand, numerous companies in Russia are at risk of fines for failing to comply with personal data handling regulations. Common violations include the illegal use of foreign databases and failure to localize data storage and processing, as well as inadequate compliance and documentation.
To avoid these fines and information leaks, companies should focus on localizing data storage and processing, updating internal policies, implementing robust data security measures, monitoring legislative changes, training staff, and using professional compliance tools or services.
The main reason why small and medium-sized businesses (SMEs) cannot afford comprehensive cybersecurity is a lack of money, with 54% citing this as the primary obstacle. However, 53% of respondents plan to increase their IS budget, with 14% planning a significant increase, indicating a growing awareness of the importance of cybersecurity.
Respondents are most concerned about DDoS attacks, malicious software, phishing attacks, corporate account hacking, and software vulnerabilities. Despite these concerns, for 20% of respondents, there will be no increase in their spending on information security this year.
The shortage of qualified specialists and the high costs of cybersecurity solutions have led some SMEs to entrust information security to an office manager (7%). However, the importance of having a dedicated IS team is evident, with 28% of SMEs having an in-house cybersecurity specialist and 13% having a full-fledged information security team.
In conclusion, addressing the challenges of the IS skills shortage and ensuring compliance with personal data handling regulations are crucial for businesses in Russia. By taking proactive steps to strengthen their cybersecurity and adhere to local laws, companies can mitigate risks of fines, data leaks, and reputational damage.
[1] Federal Law No. 152-FZ (July 1, 2025) [2] Federal Law No. 242-FZ (effective since January 1, 2025) [3] Dmitry Koreshnikov, Senior Partner, LOYS Law Firm [4] Eugene Titov, Information Security Expert
- As businesses in Russia grapple with the shortage of Information Security (IS) specialists and the complexities of complying with personal data handling regulations, it's evident that a substantial investment in cybersecurity technology and hiring qualified professionals is necessary to mitigate risks and maintain business operations.
- The demand for cybersecurity expertise continues to grow, with estimates suggesting a 17-50% increase in cybersecurity specialist vacancies by 2024. In light of this, it's essential for businesses to prioritize the development of in-house IS teams or partner with professional security service providers to ensure their digital infrastructure is secure.
