Amidst the current uncertain macroeconomic landscape, security and risk (S&R) leaders require actionable advice for overseeing both existing expenditures and incoming budget proposals.

This guide, driven by data analysis, offers spending benchmarks, valuable insights, and recommendations aimed at helping you maintain financial discipline while effectively addressing the most pressing risks confronting your organization.

Constrained Economic Conditions And Emerging Risks Demand hyper-focus

The evolution of generative AI tools, the escalation of geopolitical threats, and the growing complexity of cloud services are reshaping the strategies employed by security teams and the spectrum of emerging threats they confront.

Concurrently, persistent security challenges such as ransomware and social engineering persist in afflicting organizations.

Security and Risk (S&R) leaders are confronted with the imperative task of navigating these emerging challenges within the context of an uncertain macroeconomic landscape, which exacerbates the complexities of security budgeting and planning.

Given the impracticality of funding and staffing every security initiative, organizations are compelled to make discerning choices regarding risk mitigation while aligning with the organization’s growth objectives.

Consequently, in the current milieu, S&R leaders are advised to evaluate their current expenditure, focusing on minimizing the risk associated with initiatives that present the most significant opportunities for their respective organizations.

Cloud Security And Managed Services Spend Is Up, Other Areas Are Flat

Forrester’s Budget Planning Survey, 2023 furnishes a pivotal overview of shifts in budget allocations for security across various categories.

The data delineates areas witnessing substantial annual spending increments alongside cybersecurity domains experiencing stagnation or reductions in expenditure. S&R leaders can utilize this data as a benchmark to ascertain areas of overspending or underspending within their budgets.

1. Cloud security spending continues its upward trajectory in tandem with the proliferation of cloud migrations. According to Forrester’s Budget Planning Survey, 2023, 80% of US IT security decision-makers intend to augment spending on cloud security within the ensuing 12 months. Moreover, findings from Forrester’s Infrastructure Cloud Survey, 2022, indicate that enterprises in the United States have migrated 44% of their total application portfolio to the cloud, with an anticipated escalation to 54% by 2024. Given the ongoing migration endeavors and lingering apprehensions surrounding misconfigured cloud workloads, organizations are compelled to augment their investments in cloud security.
2. Despite the prevailing trend toward cloud adoption, the significance of upgrading on-premises technology remains conspicuous. Data from the 2023 budgets underscore that 75% of US IT security decision-makers plan to boost expenditure on enhancements to existing on-premises security technology. While certain applications may prove unsuitable for cloud migration due to practical or technical constraints, the heightened spending on on-premises security warrants scrutiny, particularly in light of the concurrent surge in cloud security spending. Accordingly, S&R leaders are urged to evaluate existing expenditures on on-premises security to ensure alignment with long-term budgetary plans and strategies concerning cloud migrations.
3. Expenditure on managed security services is poised for growth to accommodate evolving requirements. Security teams have traditionally leveraged managed security services providers (MSSPs) for many reasons, and these entities continue to adapt their offerings to cater to the evolving needs of contemporary enterprises, including the transition to cloud infrastructure and the proliferation of AI-powered initiatives. Forecasts indicate sustained robust growth in spending on managed security services, notwithstanding a potential reallocation of expenditure towards MSSPs whose offerings are better aligned with future requirements.
4. The scarcity of labor is impeding expenditure on staffing, consultants, and integrators. Many security teams rely on external consultants and integrators to optimize their technological infrastructure, assess vulnerabilities within their environment, and continually evaluate their overall security posture and maturity. Regrettably, persistent shortages of qualified personnel, whether directly employed or engaged via an integrator, have encumbered organizations’ staffing budgets. Consequently, the data reveals that 7% of US IT security decision-makers intend to curtail spending on security staffing by up to 10% over the ensuing 12 months, while 5% plan analogous reductions in expenditure on security consultants and integrators.
5. S&R leaders express satisfaction with existing expenditure on security awareness and training (SA&T). Chief Information Security Officers (CISOs) have historically grappled with justifying investments in SA&T and quantifying the return on investment (ROI) derived from such expenditure. Although the allure of reallocating resources from SA&T to other security technologies may be tempting, budgetary data indicates that organizations are maintaining or augmenting spending in this domain, with none contemplating reductions. This suggests that organizations recognize the value of SA&T expenditure and possess mechanisms for measuring its efficacy. Consequently, S&R leaders are advised to resist any directives to curtail spending on SA&T over the ensuing 12 months.

To access further insights and download the comprehensive guide on optimizing your cybersecurity investments and strategies, click here. Continue your journey towards enhanced security resilience and strategic resource allocation.