We recently completed another annual cybersecurity survey of CISOs, VPs and directors at enterprises with more than 500 employees along with our esteemed colleagues from Osterman Research. From threats and responses to budgets and staffing, it's insightful for cybersecurity software, hardware and services companies to understand CISO's top priorities in the current threat landscape. Download the full cybersecurity survey report or cybersecurity survey infographic or read the recent Venture Beat article for more key findings and highlights.
Security Incidents Increased
Although security leaders reported that ransomware attacks were down 30% last year, 84% of organizations listed ransomware as the number one trend that would drive security strategies over the next 12 months. There was also a dramatic increase in the number of firms experiencing multiple security incidents last year.
71% of enterprises experienced three or more security incidents, a 51% increase compared with the previous year.
Cloud service attacks were the most common security incident, with 50% of security leaders reporting at least one incident over the last 12 months. This was followed by 43% of organizations that were compromised by an attack against a third party and 41% of firms that experienced a phishing attack that resulted in compromised credentials.
Security Teams Still Understaffed
Similar to last year's cybersecurity survey, the cybersecurity skills gap presented significant challenges for security leaders this year. Enterprise security leaders are still struggling to attract, hire and retain skilled cybersecurity professionals to respond to ongoing cyberattacks and recent threats. Other top barriers included too many alerts, too many false positives and too many tools.
57% of firms indicated the biggest barrier to achieving their security posture was not enough security personnel.
Around 83% of firms intended to enforce existing security policies more strictly this year to address their security challenges, while 63% of organizations sought greater visibility and transparency into the state of security. There was also a nearly 20% year-over-year increase in the number of firms that decided to consolidate security vendors.
Security Budgets Remained Up
Despite economic uncertainty, inflationary fears and recent tech layoffs, security budgets increased 20% on average at large enterprises with more than 1,000 employees. Security budgets only increased 5% at mid-sized enterprises with 500 to 999 employees, which was a sharp decline from an increase of 51% last year.
Budgets for firms to deploy emerging security solutions — defined as new, innovative or experimental — increased from 11% to 13% of the overall security budget this year.
Data, application, cloud and endpoint security were the top spending priorities this year, each representing 10% of the overall security budget, while budget allocations for security awareness training, endpoint security and identity management increased the most between last year and this year. If security leaders had more budget available, they indicated they would invest more into security awareness training, cloud infrastructure and cloud security solutions.
Security Leaders Seek Efficiency
Without enough skilled cybersecurity professionals to manage the current volume of alerts from their existing security stack, security leaders are looking for tools to help them do more with less. They expressed interest in solutions that automate manual security processes to identify, contain and remediate urgent security threats. Four out of five security leaders also believe AI/ML is important to improve their security posture over the next 12 months.
Nearly 2/3rds of security leaders are looking for solutions with AI/ML and automation to improve the efficiency and effectiveness of their limited cybersecurity teams.
With a current understanding of top CISO priorities, cybersecurity companies are able to better position their solutions to address the challenges and concerns facing security leaders at large and mid-sized enterprises. If your cybersecurity company is looking for a marketing agency with cybersecurity industry expertise, contact us for help with positioning, messaging and marketing to sell more cybersecurity software, hardware or services.