- Constant changes in the security threat landscape have introduced priority issues in identifying what security initiatives to focus on.
- Lack of oversight and implementation strategies on these security initiatives results in challenges in developing a roadmap to develop, deploy, and monitor the initiatives to improve an organization’s security posture.
Our Advice
Critical Insight
- Responding to the cybersecurity talent shortage includes identifying methods to upskill existing employees to better equip organizations with the necessary competencies to stay competitive within their industry.
- Preparing for a world advanced through AI begins with having the right foundation to implement a framework to protect organizations against AI-based threats while leveraging AI to enhance their security operations.
- Ensuring security risks are embedded with business risks will prepare them to better respond to the rise of supply chain risks.
- Implementing a zero trust roadmap through an iterative strategy will allow for continuous improvements in an organization’s security posture.
- The rise of automated and AI-based threats indicates the importance of improving efficiencies by streamlining security operations through automation, which will equip organizations with the necessary resources to fight against these attacks.
Impact and Result
Use this report to help decide your 2024 priorities by:
- Reviewing the priorities and associated drivers to better understand what initiatives would help your organization prepare for threat landscape in 2024.
- Identifying your needs and analyzing existing capabilities. Use Info-Tech’s template to explain the priorities to your stakeholders.
- Determining next steps by referring to Info-Tech’s recommendations and related research.
Security Priorities 2024
Responding to an evolving threat landscape
With the constant shift in the threat landscape, it’s important to ensure organizations are equipped with the necessary measures to proactively respond to changes.
As the security world continues to respond to the various changes in the threat landscape and the advancement of new technologies, organizations are focusing on improving their security posture to prepare for the future. The threat landscape has been exacerbated with the various attack vectors emerging, such as the increase in credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks. Furthermore, the rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats. This adds to the growing complexities of the current threat landscape, which has been identified by cybersecurity professionals as the most challenging within the past five years.
The emergence of advanced technologies has also welcomed opportunities for organizations to explore unique approaches to respond to these challenges while also enhancing existing capabilities to better equip themselves with the right people, process, and technology. This includes assessing the ability to address the talent shortage through upskilling, establishing a foundation to implement AI technologies, and evaluating an organization's security risk management with respect to integrating with the enterprise. Furthermore, the increased interest in zero trust adoption, coupled with the need for improving process efficiencies through automation, depicts the importance of continuous improvements through operationalization. This report explores the five priorities, along with the drivers and recommended actions, to help organizations be prepared to confidently address these security risks for 2024 and the years to come.
The average cost of a data breach in 2023 was USD 4.35M. Up 2% from 2022 and an increase of 15% from 2020.
Source: IBM, 2023
75% of cybersecurity professionals are viewing the current threat landscape as the most challenging within the past five years.
Source: ISC2, 2023; N=14,865
Cybersecurity continues to disrupt the business
Investment on cybersecurity is increasing due to its potential impact to the organization.
As part of our research process for the 2024 Security Priorities Report, we used the results from our Future of IT Survey, which collected responses between May 23 and August 22, 2023 (total N=894, with n=496 completed surveys). The survey highlights important technology trends and how organizations are addressing their opportunities and risks as well as their strategies for implementing the different technologies.
Factors that would disrupt the business within the next 12 months
Survey respondents (n=667) were asked what factors they anticipated would disrupt their organization within the next 12 months, ranging from 1 (smallest disruptor) to 5 (biggest disruptor). The number one disruptor was cybersecurity incidents, which was ahead of government-enacted policies or regulations and changing customer behavior. This indicates the growing importance organizations are placing on improving their security maturity, which would prepare them for any potential cybersecurity incidents.
Percentage of organization's IT budget spent on cybersecurity
Survey respondents (n=448) were asked about the percentage allocation of their IT budget spent on cybersecurity during the past fiscal year. Fifty-five percent of organizations indicated an allocation of less than 10%, while 44% of organizations spent more than 10% of their IT budget on cybersecurity. Furthermore, 7% of organizations indicated an allocation of more than 20% of their technology spend was on cybersecurity.
Organizations understand the importance of adopting AI
But what is the overall perceived impact to the organization?
The evolution of AI during the past few years has resulted in organizations learning more about the technology, its capability, and the importance of assessing its potential impact to the business. This notion was posed in a question in the Future of IT Survey, where organizations were asked what potential overall impact they expect AI to have.
Overall impact of AI to the organization
Over 55% of organizations expect a positive impact from AI and were more optimistic in the benefits it will bring to the business. Likewise, only 5% of organizations expect a negative impact from AI and consider how it could be challenging and pose a threat to their business model. Irrespective of the impact, it's evident that the evolution of AI will continue to grow, and organizations should be prepared to secure the evolution through efficient investment in people, process, and technology.
30% of organizations are currently leveraging AI to help automate repetitive, low-level tasks, and 37% are planning to use AI in 2024.
Source: Future of IT Survey, n=333
Increase in investments to combat the growing threat landscape
Although a recession was anticipated in 2023, organizations are still looking into increasing their investments for the coming year and ensuring they have the resources to securely grow their business.
Expected organizational spending on cybersecurity compared to the previous fiscal year
Survey respondents (n=452) were asked how they anticipated their organization's spending on cybersecurity will change compared to the previous year. Over 60% of organizations anticipate an increase in their cybersecurity spending for next year, which was a ten-point increase from last year's response (53.4%). Furthermore, only 32% of organizations anticipate a similar budget to last year, which was a nine-point decrease from last year's response. This depicts how organizations are realizing the importance of cybersecurity spend and the need for increased investments that will allow them to stay competitive within their industry.
Cybersecurity spending priorities
Survey respondents (n=449) were asked how important the six cybersecurity initiatives were in terms of spending priorities. The number one priority was security awareness and training, followed by next-generation tools and third-party services. This shows the growing need and importance for investments in upskilling employees as well as technologies and services to assist organizations in maturing their security posture.