Foundry’s 2023 Security Priorities research looks at the tools security leaders are researching, the activities taking up most of their time, and how they are leveraging AI within security technologies.
Boston, MA: Foundry, the media, data, and martech division of IDG, Inc., recently released the 2023 Security Priorities Study. In its seventh year, the study shares insights into the security structure of organizations, perceived risks, challenges redirecting security leaders’ time, and investments being made to better secure organizations. The research also examines the security-related priorities that IT and security leaders are currently focused on and their future outlook.
To help them more quickly identify unknown threats, accelerate response times, and eliminate time-consuming tasks, organizations are investing in security solutions with AI capabilities. They are also investing in security operations centers, whether that be in-house or outsourced, and cyber insurance policies.
Here is a closer look at the survey’s findings.
Security objectives on the horizon
Security leaders have an extensive set of priorities for the upcoming year. Cited as the most important is being appropriately prepared to respond to security incidents (41%.) At #2, 36% want to improve the protection of confidential and sensitive data (up in rank from the fourth priority last year). Corporate resiliency is another top concern, with 34% of organizations planning to upgrade IT and data security, followed by 33% improving security of cloud data and systems.
“In today’s evolving cybersecurity landscape, it’s important to know where your customer’s priorities lie. By aligning their offerings and services with these top priorities, tech vendors can better address the needs of security leaders and provide solutions that enable organizations to protect their data, respond to incidents efficiently, and enhance their overall security posture effectively,” said Holly McWalter, Marketing and Research Specialist at Foundry.
Challenges security decision-makers are facing with stakeholder buy-in
This year’s study found that the most common distraction for security leaders has been meeting governance and compliance regulations. Almost half of security leaders say new SEC rules, which require disclosure within four days when a cybersecurity incident may be material to investors, are impacting how they handle cybersecurity initiatives at their company. Overall, 30% of organizations have a process in place to determine the materiality of security incidents – this increases to 38% for enterprises (1,000+ company size) and is 22% for SMBs – while 30% are currently developing a process.
The overwhelming majority (88%) believe their organization is falling short when it comes to addressing cybersecurity risk. Security leaders struggle to convince all or parts of the organization about the severity of the risk (28%), some organizations aren’t investing enough budget resources for people and technology (26%) and others can’t find and retain the skilled talent that they need (26%).
To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022). This has proven beneficial as 59% say that their engagement with the board helps improve cybersecurity/security initiatives. Additionally, 25% of top security executives currently report to the board of directors, which is up from 20% last year , and about half say their board has experience with cybersecurity-related issues.
What security ITDMs are investing in
IT leaders are addressing security risks by investing in new solutions and increasing spend on their existing security stack. Nearly all (98%) security leaders say they expect their security budgets to increase or remain the same over the next 12 months. They plan to increase spending on authentication (MFA, role-based, etc.), data analytics, protecting data in the cloud, and security solutions based in the cloud, with the added assurance of cyber insurance policies in their security technology. Close to a quarter of organizations have cyber insurance on their radar, 58% have a policy in use, and only 21% are not interested.
When asked which stages of the purchase process security decision-makers most likely need assistance from a vendor with, they especially noted the evaluation stage (48%), when determining the technical requirements (43%), and post sales engagement (32%).
“By focusing on these stages of the purchase process, tech vendors can better support their customers from initial evaluation to ongoing maintenance and growth. This will help strengthen the vendor-customer relationship, leading to long-term success and trust in the competitive cybersecurity market,” said McWalter.
Some 67% of organizations are leveraging artificial intelligence in their security technologies to keep up with ever-evolving threats and to help offset staff shortages. That number is higher for enterprises (79%) and lower for SMBs (55%). AI is being used in threat detection (44%), malware detection (36%), automated alerts and triage (32%) and real-time risk prediction (26%). Almost three-quarters of security leaders (72%) say they have already seen the benefits of AI-enabled security tech used in their own organization.