Spending on information security continues to increase, but those gains may decelerate as companies become more confident in their security posture. Maybe too confident.
Although many reports show that cybersecurity is a top driver of technology spending, Scale Venture Partners’ recent survey of 300 executives responsible for security decisions also found that they are increasingly confident in their ability to handle a variety of risks. In fact, 78 percent of the survey believes they are well equipped to handle cybersecurity risks, up from 61 percent when the question was asked in 2017. While confidence has risen across the board, the ability to handle threats from nation-states and financially-motivated hacking have seen some of the steepest increases.
Sentiment about security may be due to increased spending in previous years. For example, only 12 percent said their security strategy is driven by budget and resource constraints, down dramatically from 31 percent in the previous year. Furthermore, those thinking lack of budget was a top three obstacle to achieving a successful security posture dropped from 41 percent in 2017 to 30 percent in 2018. Increased attention, as well as spending on GDPR compliance and cloud infrastructure security in 2018, may be causes of the increased confidence. No matter the reason, sentiment about security has improved, as shown by Accenture’s analysis of earnings calls, which that since 2016 CEOs have increasingly been positive about cybersecurity.
We cannot remember seeing a report showing a net decrease in security spending. For example, a survey of eSecurity Planet subscribers found that 54 percent expect increased spending on IT security. In that report, two-thirds believed their company is prepared for security threats. Almost every midsize or large company in that that was not confident in their security posture is increasing its spending in 2019. Unfortunately, two-thirds of the companies that are unprepared happen to be small, and among this group only 30 percent expect increased spending.
Even if your company has focused on information security, we warn readers and executives against overconfidence. Hands-on security practitioners are much more likely to be scared about their company’s security. Smaller companies continue to struggle with data privacy and security issues. Security products, strategies and practices need to keep up as security threats evolve and grow. Most importantly, throwing money at the problem won’t solve the ongoing shortage of trained information security professionals or insufficient end-user security awareness training.
3 More Takeaways from the Scale Venture Partners Report
- Drop in Hiring: Executives that hired more security talent dropped from 54 percent in 2017 to 40 percent in 2018. The drop in hiring is more likely due to a lack of qualified candidates rather than less actual demand.
- Legacy is an Obstacle: 53 percent said complex, legacy data center infrastructure was a top obstacle to security, up from 37 percent in the prior year.
- Cloud Infrastructure Security Spending Decelerates: In 2017, 83 percent said cloud infrastructure was a top priority for security spending, but that dropped to 66 percent in 2018. Looking forward, only 58 percent believe cloud infrastructure spending is a priority investment for 2019. Those are strong numbers, just not as strong as before.
Originally published in The New Stack.
