Cybersecurity Remains an Elusive Business Priority
I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research (note: I am an ESG employee). The year 2017 continues to follow a pattern – cybersecurity is a high business and IT priority for most organizations.
Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals:
- While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% say they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security 39% will in network security, 30% in endpoint security, and 29% in security analytics.
- Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity, and 39% “improving information security.”
- When asked which business initiatives will drive the most IT spending, 39% said, “increasing cybersecurity,” the top selection of all.
- When asked to identify the most important IT initiatives for this year, the number one answer was, “strengthening cybersecurity controls and processes.”
- For the 6th year in a row, survey respondents say that cybersecurity is the area where their organization has biggest problematic shortage of skills. This year, 45% of organizations say they have a problematic shortage of cybersecurity skills – nearly identical to last year’s results (46% said they had a problematic shortage of cybersecurity skills in 2016).
Allow me to provide a bit of analysis to this data (after all, I am an industry analyst):
1. There is growing demand for cybersecurity technologies so 2017 should be another banner year for vendor revenue, VC investment, M&A activity, and IPOs.
2. Boards are getting more involved in cybersecurity which is driving more demand for data and metrics. In other words, executives are willing to spend on cybersecurity but they want to better understand what they get for their money. Executive reporting tools for cybersecurity will grow precipitously.
3. Corporate boards want to transfer risk so demand for cyber insurance policies shows no end in sight.
4. The pool of next-generation CISOs who understand business initiatives, operations, and cybersecurity technology is extremely shallow. We need more and better programs to train people for these critical jobs.
5. Every CISO should be investing in skills and best practices for cloud security and figure out where cloud-centric controls can supplement or replace traditional security controls.
6. Once again there is no near-term improvement for the cybersecurity skills shortage. Expect:
a. Continued salary inflation
b. Growth for professional and managed security services
c. More technologies featuring artificial intelligence and automation that can offload human tasks.