IT budgets are a topic of concern and uncertainty in the business world right now. A recent survey conducted by ESG revealed that 53% of organizations expect their IT budgets to increase this year, while 30% believe it will remain the same and 18% anticipate a decrease. But regardless of the direction IT budgets take, one area that is sure to receive a larger share of the pie is cybersecurity. According to the survey, 65% of businesses expect to increase their spending on cybersecurity.
While cybersecurity is recognized as a top priority for businesses, allocating sufficient funds to meet the demand can be challenging. Inflation has led to rising costs, including software licensing, putting additional strain on budgets. Moreover, the industry is currently facing a significant skills shortage, with the workforce gap increasing by 73.4% in the UK compared to last year. The Department for Digital, Culture and Sport (DCMS) has projected an annual shortfall of 14,100 cybersecurity professionals, and this shortage is expected to worsen over time.
On top of these challenges, the market for cybersecurity products and services is highly competitive. A recent survey conducted by Gartner revealed that 64% of board directors are looking to increase the risk appetite of their businesses in order to compete more aggressively. Additionally, 46% are willing to accept greater risk to achieve growth. This means that Chief Information Security Officers (CISOs) will have to adjust their risk management strategies to seize opportunities, but this will also increase the risk exposure of the business, placing even more pressure on cybersecurity resources.
To effectively justify their decisions and guide investment, CISOs will need to make better use of the data at their disposal. This includes measuring the effectiveness of their security controls against those of other organizations and evaluating the maturity of their own capabilities. Meta-analysis, or the analysis of multiple studies, can help CISOs present the overall cybersecurity performance of the business to the C-suite and justify their decisions to the board. It can also help identify opportunities to reduce costs by benchmarking against other organizations.
A data-driven approach can also make a strong business case for investment in automation, which could help ease the staffing shortage in the cybersecurity industry. Automation can bring real benefits, especially in the mid-market where alert overload and fatigue are common issues. Advancements in artificial intelligence and machine learning have allowed alerts to be treated as part of a bigger picture, using contextual information to determine the appropriate level of response. This helps reduce false positives and prioritize investigations.
Furthermore, organizations that have fully deployed security AI and automation have been found to save $3.05 million per data breach compared to those without automation, according to the 2022 IBM Cost of a Data Breach Report. This significant difference in average breach cost highlights the potential return on investment that automation can provide and the need to prioritize its implementation.
So where should CISOs focus their spending? According to Forrester, one top priority for cybersecurity in 2023 is replacing legacy Security and Incident Event Management (SIEM) systems with more advanced ones that can analyze security behavior. Converged SIEM solutions, for example, come with integrated Security Orchestration and Response (SOAR) capabilities, allowing for automated detection and response. These solutions also include User Entity Behavior Analytics (UEBA) for threat modeling and business critical security (BCS) modules that can bring previously siloed applications, such as SAP, into the SIEM security fold.
Investing in a converged solution can help ease the pressure on cybersecurity resources. Automation provided by SOAR helps gather and prioritize security data and alerts, enabling faster incident identification and resolution. Workflows and playbooks automate repetitive tasks, while contextual information and intelligence guide security analysts to the appropriate response. This speeds up the triage process, reduces mean time to detect and respond, and mitigates the impact of data breaches.
UEBA is another valuable tool for identifying abnormal activity and applying context to indicators of compromise. By applying machine learning to peer grouping and baselines, UEBA can detect security incidents that would be impossible to detect otherwise. It also helps make sense of alerts by supplementing them with environmental and situational information, reducing false positives and helping security teams prioritize investigations.
In addition, a converged solution can extend security management to previously siloed applications like SAP. These applications often contain business-critical data and are protected using SAP security. However, integrating them into a SIEM solution with BCS enables continuous monitoring for IP theft, fraud, access violations, and compliance. This helps with threat detection and response, prevents costly downtime, and automates checks to ensure compliance.
Automating SIEM, SOAR, UEBA, and BCS over one platform not only simplifies integration and management but also enhances the insights gained from these data feeds. The severity of an incident can be validated and the response automated, freeing up human resources. The solution provides a single pane of glass for the CISO to view the overall security posture of the business, manage compliance obligations, and generate reports.
Consolidating the cybersecurity stack through converged solutions can also lead to significant cost savings. Many businesses currently run more than ten cybersecurity tools, with some managing up to 50 point solutions. This results in high operational overheads and the need for specialized training. By reducing the number of solutions and vendors, businesses can cut management costs and derive efficiencies from economies of scale.
Vendor consolidation is a growing trend among CISOs, with 75% pursuing this strategy according to Gartner’s Top Trends in Cybersecurity 2022 report. The motivation behind this strategy includes improving overall risk posture, achieving cost savings, and eliminating the time and expense required to integrate separate tools.
In conclusion, while IT budgets may remain uncertain, cybersecurity is expected to receive increased investment. However, the challenges of rising costs, skills shortages, and a competitive market make it essential for CISOs to utilize data effectively to justify their decisions. Automation, convergence, and vendor consolidation are key areas where CISOs should focus their spending to address these challenges and ensure effective cybersecurity management.