Why cybersecurity leaders should focus on spending, people and technology (in that order)

The cybersecurity industry is facing greater challenges than ever before. The number of publicly-reported data compromises continues to rise, partially due to the massive work-from-home migration and the use of specific technologies to support it. Although cybersecurity continues to be top-of-mind for most organizations, organizations are dissatisfied with the state of their programs, and this is reflected in growing security budgets.

These budget increases and efforts to keep up with evolving threats are pivotal for cybersecurity decision-makers. They offer an opportunity to see what competitors are doing to stay ahead as we move into 2022.

We interviewed more than 100 cybersecurity professionals about the state of the industry and here are four key challenges leaders face in the months to come:

1. Budget growth and allocation

We know cybersecurity budgets are going up. Gartner estimates that worldwide IT spending will reach $4.4 trillion in 2022, up 5.3 percent from 2021. How are leaders allocating these slowly but steadily-growing budgets? Is there a difference in how companies of disparate sizes divvy up their security dollars?

One of the biggest hurdles in cybersecurity budgeting is deciding whether to nest the security funds within the IT budget or to keep separate line items. Either way, about 40 percent of organizations mark an equivalent of 10 to 15 percent of their IT budgets for cybersecurity use.

About 80 percent of budgets are split between four categories:

• Monitoring and operations
• Endpoint and network security
• Identity and access management
• App and data protection

Another key consideration is cybersecurity staffing. While 40 percent of organizations don’t hire subcontractors due to the highly sensitive nature of cybersecurity work, our research found that 56 percent of companies are now subcontracting up to a quarter of their cybersecurity staff.

It’s become increasingly challenging to find the right talent when there are already millions of unfilled positions in the industry globally, and almost 500,000 in the U.S. alone. This unforgiving hiring landscape will likely require a creative reimagining of organizational budgets to capture adequate talent as competitors ratchet up hiring efforts at the same time.

2. Increasing threats and how to address them

Our research revealed that nearly all tech leaders reported an increase or plateau in cyber incidents, with the majority facing at least one incident in the past year. Data breaches cost organizations $4.24 million on average, and often take months to detect. Other data indicates companies lose about 5 percent of their stock price after a data breach is disclosed, and around 22 percent after a ransomware attack. Malicious actors are familiar with these figures and are motivated to keep scaling up attacks and adding new weapons to their arsenals.

While more traditional forms of attack like simple phishing emails continue to be popular, hackers are now stepping up the frequency of ransomware to extract millions from a growing group of targets. In the first half of 2021, 1,097 organizations suffered ransomware attacks, compared to 1,112 for the whole of 2020. Several of these, such as the Colonial Pipeline hack, have been extremely destructive.

Organizations are starkly split in how to handle ransomware attacks. From the companies we surveyed, about two-thirds have no dedicated budget to handle these attacks, and of those very few reported making any payouts. Smaller organizations are less likely to have any solution at all, while only 10 to 12 percent of organizations with over 1,000 employees have no solution. When organizations do implement a ransomware-focused solution, it’s usually bundled with a different product or service.

Security leadership must account for the fact that there will always be new waves of concentrated attacks in different formats as attackers expand their horizons. That defines success as being able to plan for and pivot toward emerging areas of concern when it comes to potential incidents and responses.

3. Rebalancing agenda for remote and hybrid work

The switch to remote work has created significant upheaval among cybersecurity leaders as they lose the benefit of restricting critical information to the physical premises of an organization. There is something to be said for having employees interact with work only or primarily through office-bound devices.

Now that employees are more dispersed, the issue of compromised credentials and other employee-based risks is rushing to the forefront. We found that about 60 percent of leaders reported compromised user credentials and a further 50 percent contended with either malware or security policy violations.

As remote work-related incidents continue to grow, what should be done when planning a cybersecurity agenda? Leaders will have to reassess the effort and prioritization given to measures like robust employee training as well as monitoring solutions based on their available budgets and threats faced from outside actors.

4. Singling out the most effective cybersecurity solutions

There is now near-unanimous agreement that cybersecurity excellence can only be achieved with the assistance of third-party solutions. There are simply too many angles of attack, increasing frequency of attacks, and stakes that only grow larger. However, solutions providers understand this as well, and it has resulted in unchecked growth in the number of vendors from which leaders must choose.

Because the vendor landscape has become so crowded and difficult to sift through, many security leaders find their preferred solutions through word-of-mouth. While it’s an excellent idea to narrow options by what has worked for similar companies, due diligence is always a necessity when selecting a product that can make or break an organization’s security goals. To that end, best practices require leaders to score vendor offerings on four dimensions:

• Ease of implementation and management
• Maturity of overall solution
• Integration with existing infrastructure
• Flexibility and value

The best solution is not necessarily the most expensive, and it takes more legwork than many leaders expect to find the right balance of features against available budget.

Driving smarter decisions with data

To find out what success looks like, it’s more crucial than ever for cybersecurity decision-makers to rely on high-quality data on what competitors and industry leaders are doing to face the most prominent challenges of 2022. By digging into the numbers and finding out what is working and what isn’t, those in charge of creating a functional cybersecurity agenda can avoid navigating in the dark and find the insights that illuminate the future.