Executive Summary
Examines key CISO investment priorities for 2023. CISOs and CIOs view cybersecurity as a significantly higher priority than two years ago and are investing in multiple areas to meet escalating regulatory demands, protect new digital channels, and counteract ongoing cyber incidents. Improving protections for cloud services and platforms is the top-rated priority (attacks against cloud services were the most-seen incident type during the past year), followed by protections against ransomware attacks. CISOs and CIOs see a range of issues within apps, cloud platforms, data, and on-premises infrastructure requiring ongoing and higher investment in 2023. They are budgeting accordingly.
The data presented in this white paper is from a survey of CISO and CIO respondents at 284 organizations in the United States with more than 1,000 employees.
KEY TAKEAWAYS
- Regulation, digital channels, and economics driving cybersecurity
The top trends and challenges driving how organizations approach cybersecurity in 2023 are escalating regulatory demands for cybersecurity and data privacy; growing use of digital channels for engagement with customers, employees, and partners; and the declining economic outlook. CISOs attribute greater impact to all trends and challenges than the CIO (with one exception). - Top priorities are cloud security, ransomware protections, and data
Cloud security and ransomware protections are the top two investment priorities in 2023 out of more than 20 areas. For the investment priority to be high, the most common pre-conditions are high concern that the current security protections are insufficient along with the requirement for a significant financial outlay to bring the area up to the internal standard of the organization. - Better risk management leads to higher security prioritization and budget
Organizations with a greater ability to manage the business risks associated with apps, cloud platforms, data, and on-premises infrastructure assigned higher security prioritization to the key issues associated with each area, as well as a higher budget, compared to organizations with lower risk management efficacy. - Budgets have increased 11% since last year and are expected to increase further
The average budget increase from 2022 to 2023 is 11%, with a further average increase of 19% forecast for the 2023 to 2024 budget cycle. However, CISO and CIO respondents believe they could put an average of twice as much budget to productive and effective use in 2023. Some CISOs and CIOs say they could put three to five times as much budget to productive use in 2023. - How the board views cybersecurity has significant flow-on effects
Boards that view cybersecurity as a business risk show greater proclivity toward proactive investment, concern with technical risks, and approval of funding. Among these boards, fewer take a reactive approach to cybersecurity threats. If the board only pays attention to cybersecurity threats after a breach or incident, cybersecurity is viewed as a technical risk and budget is approved only grudgingly.
This white paper has been prepared by Osterman Research
Related Posts
Top 5 MSP Cyberattacks in 2023/2024
In 2023 and 2024, several high-profile cyberattacks targeted managed service providers (MSPs), disrupting services for their clients. Learn about the top 5 MSP attacks during this period, including incidents at CTS, Tietoevry, Lumen Technologies, HTC Global Services, and Südwestfalen IT.
Data Privacy vs Data Security: Why you Need to Know the Difference
Are you aware of the differences between data privacy vs data security that may impact how you develop a comprehensive protection strategy
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
Healthcare Industry Targeted by Cybercrime
Why is the healthcare industry targeted so frequently? In 2023, there were 136 publicized attacks, a 134% increase from the year before.
What Should a Company do After a Data Breach? Key Steps you Need to Know About
Does your firm know what to do in the immediate aftermath of discovering a data breach?
Does Your Business Have an Effective Data Security Policy?
What should firms include when creating a comprehensive data security policy?