Investments will increase, but CISOs will be more selective, driving the need for federated technology architectures. Credit: MicrostockHub / Getty Images Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research. First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023. These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning. While the data points to fairly robust cybersecurity spending increases, it also indicates some caution. Seventy percent of survey respondents say that budget cuts or freezes are likely or possible this year. If cuts occur, IT and security professionals claim they will trigger hiring freezes, project delays, and greater vendor scrutiny. How CISOs will respond in 2023 So, spending increase predictions must be tempered as organizations are prepared to step on the brakes if need be. Based on all the ESG data, I believe: CISOs will focus inward. With IT spending slowing, CISOs will assess their existing security programs with a fine-tooth comb. This will lead them to concentrate their efforts in two areas: security hygiene and posture management and improving existing processes and controls. Security hygiene and posture management initiatives will include discovering, analyzing, and monitoring all IT assets, so technology vendors such as Axonius, Brinqa, Detectify, JupiterOne, Noetic Cyber, Panaseer, and Sevco should benefit. ServiceNow should also see activity, especially with existing customers looking to consolidate security and IT operations. In terms of the second initiative, improving existing processes and controls will include process automation and SOAR, operationalizing MITRE ATT&CK, and more frequent security testing. Investments will be more tactical than strategic. Security teams are already eschewing long-term contracts and postponing complex resource-intensive projects. This means they’ll break project and platform initiatives into digestible bites, investing in high-priority needs. Rather than big bang zero-trust plans, security and IT teams will focus on application and data classification, access policies, policy enforcement, and network segmentation. Similarly, security operations teams may be reluctant to replace legacy SIEM platforms in 2023. Rather, they’ll surround SIEM with security data lakes, XDR, and SOAR tools, supporting them with a greater emphasis on security engineering, homegrown analytics, and staff augmentation services. While economic downturns often lead to training budget slashing, this won’t happen in 2023. To drive employee retention and improved productivity, CISOs tell me they plan to increase investments in staff training and education. Consolidation will give way to federation. Yes, organizations will continue to consolidate vendors and integrate technologies, but at a more gradual pace. Meanwhile, they’ll focus their efforts on individual security domains—cloud security, email security, endpoint security, network security, etc. This will lead to more open domain-based platforms, stitched together through APIs and a growing array of open standards. I believe 2023 will be a big year for the Open Cybersecurity Schema Framework (OCSF), introduced at Black Hat 2022. Security technology federation will be part of the day-to-day lexicon before 2024 arrives. Hmm, sounds a bit like security operations and analytics platform architecture (SOAPA) to me. Services spending will dominate budgets. The ESG research indicates that nearly half (45%) of organizations say they have a problematic shortage of cybersecurity skills. This means they don’t have an adequately sized staff and they lack some advanced but necessary cybersecurity skills. Despite industry layoffs, cybersecurity professionals will remain in high demand. CISOs have no choice but to augment internal staff and skills with service providers in areas like managed threat intelligence programs, managed detection and response, and identity as a service. Cybersecurity is a business priority, and many organizations need a lot of help here. Investments will continue but they’ll be a “back-to-basics” vibe throughout the year. CISOs will also fine-tune planning as the year unfolds. Some hyperbolic vendors will eat humble pie in 2023 while VCs find themselves drinking house wine at the Rosewood hotel in Menlo Park. Alternatively, security professionals and CISOs will benefit from more practical programs focused on priorities, existing resources, and getting the biggest bang for their security spending bucks. Related content how-to Download the hybrid cloud data protection enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand the issues their organizations face around protecting corporate data in a hybrid cloud environment and how to By Neal Weinberg May 20, 2024 1 min Cloud Security Data and Information Security Enterprise Buyer’s Guides news analysis Global stability issues alter cyber threat landscape, ESET reports With conflict on the rise, regional APT groups are increasing activity, altering focus, and putting specific industries in their crosshairs. Here’s what CISOs should know. By Evan Schuman May 20, 2024 4 mins Advanced Persistent Threats Cyberattacks Threat and Vulnerability Management feature The inside story of Cyber Command’s creation Cartoons, Starbucks cards, and Hollywood storyboards: The ‘Four Horsemen of Cyber’ — CISA’s Jen Easterly, Lt. Gen. S.L. Davis, retired US Navy Vice Admiral T.J. White, and former NSA chief Paul Nakasone — revealed at RSA By Cynthia Brumfield May 20, 2024 8 mins Aerospace and Defense Industry CSO and CISO Military news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe