CSO Online – Michael Hill
Separate research published in June suggested that security budget hikes are missing the mark, with knee-jerk reactions and impractical expectations hampering the ability of CISOs to make business-critical security investments.
The research came from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders, indicating that misguided expectations of budget holders regarding security spend are causing problems for CISOs despite notable budget increases.
More than half of respondents (56%) reported a budget increase from 2022.
Around 63% of CISOs operating in the technology domain saw security budgets increase, rising to 76% of CISOs in industrial, manufacturing, mobility, and energy domains.
Most businesses with more than 50 cybersecurity employees now have an annual budget exceeding $10 million, according to the report.
Budgets cuts were cited by just 19% of respondents, mostly observed in larger companies with over 100 cybersecurity employees, while 25% noted no change.
Budget expansions are widely anticipated in two categories.
The first is IAM (46%), encompassing identity governance and administration (IGA), privileged access management (PAM), authentication, and machine identity management.
The second is cloud security (46%), encompassing cloud native application platforms (CNAPP), cloud security posture management (CSPM), cloud workload protection platforms (CWPP), and cloud detection and response (CDR).
In contrast, spending in the areas of risk assessment (16%), security services (11%), and infrastructure protection (10%) is likely to be significantly less common, the report found.
Security information and event management (SIEM) was the product that CISOs are most keen to remove or replace, with the survey indicating that many CISOs consider traditional SIEM lacking in performance due to staffing, funding, and data stack constraints.
Managed services and legacy scanning tools were also among the frequently mentioned products to remove or replace.
Respondents overwhelmingly cited third-party risk management (48%), AI security (48%), and insider threats (40%) as the most acute problems their organizations face, with existing solutions failing to meet needs in these areas, according to the report.
Link: https://www.csoonline.com/article/651241/iam-cloud-security-to-drive-new-cybersecurity-spending.html