Now that brothers, sisters and dogs are all talking about cybersecurity predictions for 2023, here are some observations based on recent ESG research.
First, the numbers: 53% of organizations expect IT spending to increase in 2023, 30% expect IT spending to remain flat in 2023, and 18% expect IT spending to decline. When it comes to cybersecurity, 65% of organizations plan to increase their cybersecurity spending in 2023.
These numbers mean that some organizations with flat or declining IT budgets are still spending more on cybersecurity. This trend is also supported by the fact that 40% of survey respondents claim that improving cybersecurity is his top justification for her IT investment in 2023. . their budget plan.
The data shows that cybersecurity spending is growing fairly robustly, but it also shows that caution is warranted. Seventy percent of his survey respondents said a budget cut or freeze is likely or possible this year. If job cuts occur, IT and security experts claim it will cause hiring freezes, project delays, and increased vendor scrutiny.
How CISOs Will Respond in 2023
As such, organizations should be prepared to step on the brakes if necessary and curb forecasts of increased spending. Based on all his ESG data, I think:
- CISOs focus on the inside. As IT spending slows, CISOs begin to scrutinize existing security programs. This allows her to focus her efforts on two areas: security hygiene and posture management, and improving existing processes and controls. Technology vendors such as Axonius, Brinqa, Detectify, JupiterOne, Noetic Cyber, Panaseer and Sevco should benefit from security hygiene and posture management initiatives that involve discovery, analysis and monitoring of all IT assets am. ServiceNow should also see activity, especially with existing customers looking to consolidate security and IT operations. As for the second initiative, improving existing processes and controls includes automating processes and operationalizing his SOAR, MITER ATT&CK, and more frequent security testing.
- Investing becomes more tactical than strategic. Security teams are already avoiding long-term contracts, postponing complex, resource-intensive projects. This means breaking projects and platform initiatives into digestible pieces and investing in high-priority needs. Rather than a Big Bang Zero Trust plan, security and IT teams will focus on application and data classification, access policies, policy enforcement, and network segmentation. Similarly, the security operations team may be reluctant to replace his legacy SIEM platform in 2023. Rather, we surround our SIEM with security data lakes, XDR, and SOAR tools, and support them with a focus on security engineering, proprietary analytics, and staff augmentation. service. Recessions often lead to cuts in training budgets, but this won’t happen in 2023. CISOs tell me they plan to increase investment in staff training and education to increase employee retention and improve productivity.
- Integration makes way for the Commonwealth. Yes, organizations will continue to consolidate vendors and consolidate technologies, but at a slower pace. On the other hand, it will focus on individual security domains such as cloud security, email security, endpoint security and network security. This will result in a more open, domain-based platform, pieced together through APIs and a growing set of open standards. I believe 2023 will be an important year for the Open Cybersecurity Schema Framework (OCSF) introduced at Black Hat 2022. Before 2024 arrives, the Security Technology Federation will be part of the everyday lexicon. Hmm, sounds like Security Operations and Analytics Platform Architecture (SOAPA) to me.
- Service spending dominates the budget. According to ESG research, nearly half (45%) of organizations say they lack cybersecurity skills. This means a lack of adequately sized staff and a lack of advanced but necessary cybersecurity skills. Despite industry headcount reductions, demand for cybersecurity professionals will remain high. CISOs have no choice but to augment their internal staff and skills with service providers in areas such as managed threat intelligence programs, managed detection and response, and identity as a service.
Cybersecurity is a business priority and many organizations need a lot of help here.Investments will continue but there will be a ‘back to basics’ atmosphere throughout the year. The CISO also fine-tunes the plan as the year progresses.
Some pretentious vendors will eat the humble pie in 2023, and you’ll find VCs drinking house wine at Menlo Park’s Rosewood Hotel. Alternatively, a security professional and his CISO could benefit from a more pragmatic program that focuses on priorities and existing resources to get the most return on security spending. .
Copyright © 2023 IDG Communications, Inc.