Source: Sanket Mishra via Pexels.
In a study conducted by 451 Research, a part of S&P Global Market Intelligence, information security professionals were surveyed on planned budget changes for within their organizations over the next year, the pain points and resulting strategic plans driving spending, and the emphasis placed on different categories of information security tools.
The Take
The mean change in planned security budgets is an increase of 30%, and that is consistent across company sizes (those with more than 1,000 employees are at 29%; those with less than 1,000 employees are at 30%). At first glance, that increased percentage may seem strange in the wake of tech labor market conditions that some are reporting as rivaling the dotcom bust in 2000 in negativity, but there is more to the story. While 16% of respondents report that increases to “people” expenses will be their largest area of increase, 17% report the same as their largest area of decreased spending. Stronger ratios belong to SaaS security products, managed security services and third-party cloud security tools.
Summary of findings
More than 50% of survey respondents plan increased spending in network security, endpoint security, application security and data security. Data security and network security have the greatest percentage of respondents (18% and 15% respectively) noting significant increases in spending this year. For network security, this is a turnaround of pre-2020 trends in terms of security spending allocations, but the events of that year around the pandemic changed the calculus, resulting in a need to secure access from nearly anywhere with a permanently increased scale of remote work. Technologies enabling a hybrid work strategy, such as zero-trust network access and secure access service edge, have seen growth during this period.
Data protection and security — two sides of the same coin?
It is unsurprising to see cloud security atop the list of pain points with 18% of respondents, reflecting the increased spending plans around security tools for the cloud heading into 2024. The problem is even more pronounced at smaller organizations (those with fewer than 1,000 employees), where 21% cite it as a key pain point. Conversely, security concerns around AI are more pronounced at large organizations, where 20% note machine-learning implementation to be a top headache and 17% are concerned about securing generative AI usage. Securing cloud architecture is a key strategic concern for 19% of respondents’ enterprises.
Improving risk or vulnerability assessment/management tops the list for percentage of respondent citations for 2024 strategic initiatives. This is the result of security teams simply having too many alerts to reasonably address: Teams continue to look at how issues are prioritized in the context of their enterprise and its technology footprint. Beyond a generic prioritization of the issues themselves, security teams invest in tools that can sit above scanners and help collate and prioritize results. Among those reporting a significant increase in spending on data security, 21% note implementing or improving data classification is a key objective for 2024. Finally, improving application security is on the list for 20% of respondents, including implementation of software security supply chain controls (18%).
When asked to think about classes of security tools categorized as “preventative” (designed to stop attacks without intervention), “responsive” (those that allow for identification and reaction to security issues, such as in a security operations context) and “proactive” (threat hunting or vulnerability assessment), respondents predictably note that all are very important. The highest percentage (69%) give the nod to “preventative” tools, reflecting again a desire of both security leaders and teams to winnow down the astronomical number of problems they have to deal with to an addressable number.
Want insights on Infosec trends delivered to your inbox? Join the 451 Alliance.
