Security budgets are forecast to net increase by 29% in 2023 compared to a year ago, after a 26% rise in 2022, said S&P Global Market Intelligence recently when releasing the report of the Voice of the Enterprise: Information Security, Budgets & Outlook 2023 study.
The natural assumption during or even anticipating some form of market correction is that costs will be reined in or constrained including technology expenditures, said Daniel Kennedy, Principal Analyst at S&P Global Market Intelligence.
“The problem with applying this model to enterprise information security spending is it underestimates just how far behind responding to the conditions of the pandemic put security project plans,” he noted.
- Almost all respondents (93%) report a planned budget increase for security efforts and teams in 2023.
- More than one in three respondents say they expect the biggest spending increase on third-party security products, either software (19%) or SaaS (15%).
- About one-fifth (18%) say spending on people costs will increase the most. Hiring and retention issues have only marginally improved by the slowdown in the labor markets.
- Among the minor survey population reporting lowering their information security budgets, the expected savings would apply to people costs and hardware costs. This is not surprising, given widely reported layoffs at some technology companies, and the fact that hardware costs represented both the most-cited area of cost savings and the least-cited area for increased spending last year.
- While enterprise security teams are tackling a broad variety of issues, the largest shift from 2022 is cloud security taking the top spot at 21%, up from 17%.
- It is likely equally challenging for enterprises of all sizes, reflecting cloud usage as ubiquitous in 2023 regardless of company scale.
- Despite debate over its effectiveness, security awareness training is the most-cited strategic initiative among security managers at 28%.
- Implementing or improving data security (26%) and improving application security (26%) round out the top three most-cited initiatives in 2023.
- Information security staffing is declining slightly as a key pain point, chosen by 10% this year versus 12% in 2022.
- This tracks with a more uncertain labor market in 2023 and a reduction in employee turnover, with a greater percentage of security professionals staying put while the dust settles compared with the period termed the great resignation.