November 17, 2023 at 03:18AM
Organizations prioritize “high value for money” when allocating cybersecurity budgets, focusing on cybersecurity technologies, threat intelligence, risk assessment, cyber-insurance, and third-party risk management. While fewer organizations see technology as good value for money compared to the previous year, there is an awareness that technology investments require investment in governance and personnel. IT professionals emphasize technology investment areas more than C-suite executives, who prioritize cyber-insurance for potential business interruption and regulatory/reputational impact. Budget constraints are a key challenge, with cybersecurity accounting for a quarter of IT budgets in various sectors. The average cybersecurity budget increase is lower than expected, indicating a more modest increase in the future. Organizations recognize the need to invest in people and governance alongside technology.
Key takeaways from the meeting notes include:
1. Organizations are prioritizing “high value for money” when allocating cybersecurity budgets.
2. The top five investment areas for organizations are cybersecurity technologies, threat intelligence, risk assessment, cyber-insurance, and third-party risk management.
3. Technology investments are seen as less valuable for money in 2023 compared to 2022, indicating a need for investments in governance and personnel.
4. IT professionals view technology as a higher value investment area compared to C-suite executives.
5. C-suite executives value cyber-insurance more than IT professionals, likely due to their focus on business interruption, regulatory and reputational impacts.
6. A lack of budget is a key security challenge for many organizations.
7. Cybersecurity accounts for approximately a quarter of the overall IT budget in several sectors, with energy and utilities being underinvested at 18%.
8. The gap between cybersecurity budget expectations and reality has been consistent, with smaller actual increases compared to anticipated increases.
9. Organizations recognize the need to invest in people and governance alongside technology.
10. The anticipated security budget increase is expected to be used for upskilling existing security teams and hiring more skilled personnel.