Cybersecurity budgets continue to increase despite economic headwinds

These may be challenging economic times but a survey of 200 CISO and IT decision-makers in the U.S. finds that cybersecurity budgets are not only remaining resilient but also in many cases being increased.

Conducted by Nuspire, a provider of managed security services, the survey finds well over half of the respondents (58%) reporting that cybersecurity budgets have increased, with 42% planning additional increases.

There is no doubt cybersecurity teams are being asked to be more efficient as the global economy continues to be impacted by inflation and the ongoing war in Ukraine but it would appear that most organizations realize they are not allocating enough resources to defend themselves against a range of cybersecurity threats that are increasing in terms of both volume and sophistication. In fact, 60% of survey respondents said they believe their companies are “somewhat vulnerable” or “extremely vulnerable” to attack.

As part of that effort the management of cybersecurity, for example, is increasingly shifting to the cloud via what are known as cloud-native application protection platforms (CNAPPs). In addition to increased efficiency, that approach provides the added benefit of making it simpler to invoke additional cybersecurity tools and resources on demand as required. That’s especially critical as the attack surface that needs to be defended continues to expand. The number of application workloads that have been distributed across everything from multiple cloud services to Internet of Things (IoT) environments has never been greater.

At the same time, adversaries continue to become better organized. A range of cybercriminal entities led by LockBit and other denizens of the DarkWeb continue to wreak havoc around the globe. No organization is immune from these attacks so arguably an increase in cybersecurity spending despite current economic headwinds should not be all that surprising. It’s even arguable that many organizations have been underspending on cybersecurity for years so in some cases a long-standing oversight is now being rectified.

The issue now is determining where best to allocate that funding. There is always going to be a natural inclination to hire additional personnel, but cybersecurity professionals are still hard to find and retain. Many organizations as a result are investing more in automation to make up for the skills gap. Generative artificial intelligence (AI) platforms are already being used to significantly reduce the toil required to maintain cybersecurity. It’s not likely they will eliminate the need for cybersecurity professionals but gains in productivity should allow organizations to eliminate the need for some currently open positions.

Of course, there is no correlation between how much is spent on cybersecurity and amount of level of cybersecurity achieved. It’s already been shown time and again how one small mistake can have devastating consequences. Increased spending, however, does reduce the odds an organization will be victimized so proper levels of funding remain crucial. It’s just as the end of the day cybersecurity requires not just a lot of skill but also a bit of luck to ensure that when mistakes are inevitably made the blast radius remains as modest as possible.