IAM, cloud security to drive new cybersecurity spending

Most organizations are increasing their cybersecurity budgets with CISOs planning to widen spending on identity and access management (IAM) and cloud security services. That’s according to Team8’s 2023 CISO Village Survey, which quizzed 130 global CISOs on a variety of security issues. It found that, along with expected increases in IAM and cloud security spending, CISOs are also looking for improved third-party risk management, AI security, and human error/insider risk reduction solutions.

Separate research published in June suggested that security budget hikes are missing the mark, with knee-jerk reactions and impractical expectations hampering the ability of CISOs to make business-critical security investments. The research came from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders, indicating that misguided expectations of budget holders regarding security spend are causing problems for CISOs despite notable budget increases.

IAM, cloud security top security investment areas

More than half of respondents (56%) reported a budget increase from 2022. Around 63% of CISOs operating in the technology domain saw security budgets increase, rising to 76% of CISOs in industrial, manufacturing, mobility, and energy domains. Most businesses with more than 50 cybersecurity employees now have an annual budget exceeding $10 million, according to the report. Budgets cuts were cited by just 19% of respondents, mostly observed in larger companies with over 100 cybersecurity employees, while 25% noted no change.

Budget expansions are widely anticipated in two categories. The first is IAM (46%), encompassing identity governance and administration (IGA), privileged access management (PAM), authentication, and machine identity management. Unmet needs in existing IGA tools/programs, triggered by the COVID-19 pandemic, and rapid adoption of remote working and accelerated adoption of cloud technologies, which requires both on-premises and cloud IAM products, are the primary drivers of expanded investment in IAM, according to the report.

The second is cloud security (46%), encompassing cloud native application platforms (CNAPP), cloud security posture management (CSPM), cloud workload protection platforms (CWPP), and cloud detection and response (CDR). The spike in cloud usage has increased the need for dedicated cloud security solutions to address new security complexities that were not needed with standard on-premises environments, respondents said.

In contrast, spending in the areas of risk assessment (16%), security services (11%), and infrastructure protection (10%) is likely to be significantly less common, the report found. Security information and event management (SIEM) was the product that CISOs are most keen to remove or replace, with the survey indicating that many CISOs consider traditional SIEM lacking in performance due to staffing, funding, and data stack constraints. Managed services and legacy scanning tools were also among the frequently mentioned products to remove or replace.