Network, IAM, and cloud services are the top three cybersecurity spending priorities for 2023, according to Scale Venture Partners’ Cybersecurity Perspectives 2023 report. The study highlights the relentless innovation of attackers, with cyber defenses implemented in 2022 already weakened. The report reveals that 71% of cybersecurity leaders have experienced three or more security incidents in the past year alone. Ransomware breach attempts have decreased by 30% as attackers shift to new, more lucrative and less detectable attack strategies. Despite growing budgets, total attack activity continues to increase, presenting a challenge in an uncertain economic climate.
The report emphasizes the challenges faced by CISOs, including growing attack sophistication, talent shortages, geopolitical tensions, and overworked security teams. In response, CISOs are placing a stronger focus on network, identity and access management (IAM), and cloud security to better protect against identity-based attacks.
Attackers are targeting organizations’ increasing reliance on multiple cloud services, using tactics such as pretexting and social engineering to steal privileged access credentials. According to CrowdStrike’s 2023 Global Threat Report, 50% of security leaders reported attacks on their cloud services accounts in the past year. Exploitation of gaps in cloud infrastructure, particularly stealing credentials, identities, and data, grew by 95% in 2022.
IAM is becoming a critical priority for organizations, especially when managing multiple cloud services. Phishing attacks targeting employee credentials via cloud services have increased by 58%. With rich data at stake, identity security in multicloud tech stacks is a growing concern, as reflected in the increase of IAM investment priorities.
Large enterprises are seeing an average 20% rise in security budgets, while mid-sized enterprises are experiencing an average increase of 5%. Security budgets for emerging technologies have risen by 18% this year. Endpoint security, identity management, and security awareness training have seen the largest budget increases compared to last year.
For the first time, AI and machine learning (ML) security, as well as software supply chain security, have been included in this year’s survey, representing 6% and 5% of budgets, respectively. This reflects the growing recognition of the importance of these areas in enhancing cybersecurity.
The increase in security budget per employee, reaching $3,653 this year, signifies that boards of directors see cybersecurity spending as an investment that helps control risk. Organizations are hesitant to cut cybersecurity budgets due to the evolving nature of attacks, including the use of AI/ML, and the weaponization of old vulnerabilities.
Despite the resilience of cybersecurity budgets, security leaders face challenges in finding and hiring cloud security experts, with insufficient security personnel being the biggest obstacle to achieving desired security posture. AI/ML tools are being leveraged to bridge the talent gap and automate security processes. Security leaders believe that AI/ML will play a crucial role in improving their security posture by 2024.
In summary, organizations are prioritizing network, IAM, and cloud security as their top cybersecurity spending priorities for 2023. The report highlights the escalating challenges faced by cybersecurity leaders, the growing threat landscape, and the importance of addressing identity-based attacks. With the rise of cloud services and the increasing sophistication of attackers, organizations must focus on strengthening their IAM strategies and closing gaps in cloud configurations to enhance network security.
