Security budgets are forecast to net increase by 29 per cent in 2023 compared to a year ago, after a 26 per cent rise in 2022, according to the Voice of the Enterprise: Information Security, Budgets & Outlook 2023 study by S&P Global Market Intelligence
The natural assumption during or even anticipating some form of a market correction is that costs will be reined in or constrained including technology expenditures. The problem with applying this model to enterprise information security spending is it underestimates just how far behind responding to the conditions of the pandemic put security project plans.
Almost all respondents (93 per cent) report a planned budget increase for security efforts and teams in 2023. More than one in three respondents say they expect the biggest spending increase on third-party security products, either software (19 per cent) or SaaS (15 per cent). About one-fifth (18 per cent) say spending on people costs will increase the most. Hiring and retention issues have only marginally improved by the slowdown in the labour markets.
Among the minor survey population reporting lowering their information security budgets, the expected savings would apply to people costs and hardware costs. This is not surprising, given the widely reported layoffs at some technology companies, and the fact that hardware costs represented both the most-cited area of cost savings and the least-cited area for increased spending last year.
While enterprise security teams are tackling a broad variety of issues, the largest shift from 2022 is cloud security taking the top spot at 21 per cent, up from 17 per cent. It is likely equally challenging for enterprises of all sizes, reflecting cloud usage as ubiquitous in 2023 regardless of company scale.
Despite the debate over its effectiveness, security awareness training is the most-cited strategic initiative among security managers at 28 per cent. Implementing or improving data security (26 per cent) and improving application security (26 per cent) round out the top three most-cited initiatives in 2023.
Information security staffing is declining slightly as a key pain point, chosen by 10 per cent this year versus 12 per cent in 2022. This tracks with a more uncertain labour market in 2023 and a reduction in employee turnover, with a greater percentage of security professionals staying put while the dust settles compared with the period termed “the great resignation.”