2023 Cybersecurity Spending Increases to Combat Evolving Threats
A survey of more than 6,550 security professionals finds that while organizations continue to invest heavily in cybersecurity there’s still not a lot of confidence when it comes to actually being able to thwart attacks.
Conducted by Ravn Research on behalf of Ivanti, an IT service management platform provider, the survey found 71% of respondents expected to see an 11% increase in their cybersecurity budgets in 2023. Only 1% of respondents said they expected cybersecurity budgets to decrease. Nearly 75% also noted they set aside funds for security breaches, with those allocations making up about 16% of the overall cybersecurity budget.
Those budget allocations followed significant increases in cybersecurity spending in 2022, with 97% of respondents reporting their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago.
Despite all that investment, however, 20% of the 1,356 security leaders that participated in the survey said they wouldn’t bet a chocolate bar on their ability to prevent a damaging breach. When asked to name their most pressing threat concerns, respondents said software vulnerabilities (89%) and phishing (88%) ranked highest.
The survey also found fewer than half (47%) already identified the third-party systems and components that are most vulnerable in their software supply chain. More than a third (35%) planned to address this risk in the next 12 months, but only 46% rated supply chain threats as “high” or “critical” for 2023. Only 42% said they are very prepared to safeguard software supply chains. A full 98% said they have a method for prioritizing patches.
Overall, the survey identified technology stack complexity (37%) as the top security challenge, followed by 36% that identified a cybersecurity skills gap.
Dr. Srinivas Mukkamala, chief product officer at Ivanti, said there is not as much confidence in cybersecurity as there should be because adversaries are continuously adapting their tatics. Cybersecurity teams, in contrast, are not as agile, he noted.
In fact, many are slow to realize that current challenges require a more data-centric approach to cybersecurity, said Mukkamala. In contrast, much of the previous spending on cybersecurity focused on securing perimeters and deploying security information event management (SIEM) platforms instead of, for example, building a model along with the required domain expertise needed to identify the location of the most critical data an organization needs to protect in near-real-time, he added.
In general, cybersecurity professionals may also have more confidence in one type of platform over another. A full 69%, for example, said the cloud is more secure compared to 7% that viewed the cloud as being less secure. However, only 52% said they have high visibility into every user, device, application and service on their network, with only 48% running their asset discovery tools at least once per week.
Nearly half (45%) also admitted they suspected that former employees and contractors still had active access to company systems and files.
No one knows for sure what 2023 will bring in terms of cybersecurity threats, but while cybersecurity continues to improve overall, the cybercriminals that launch these attacks also will continue to develop additional cyberattack techniques to circumvent existing cybersecurity platforms.
Gloss