Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Sometimes it Takes a Crisis – Security Budgets on the Rise

By all accounts 2014 proved to be another monstrous year for security breaches. At times it seemed we couldn’t go a week without another company falling victim to the monetary ambitions of a cybercriminal, or the political agenda of a nation.

By all accounts 2014 proved to be another monstrous year for security breaches. At times it seemed we couldn’t go a week without another company falling victim to the monetary ambitions of a cybercriminal, or the political agenda of a nation.

As we look ahead into this next year I’m reminded of a quote from Charles Moulton – “Every crisis offers you extra desired power.” As a psychologist and inventor, Moulton understood human nature and how we traditionally respond to crisis.

As we look to some of the predictions for 2015, all indicators seem to point to a new power to be instilled when it comes to security investment. Over the last few weeks, several financial analyst firms conducted extensive studies, surveying over a thousand CIOs and CSOs cumulatively, to gain a better understanding of how these breaches are impacting spending behaviors.

Here’s a quick review of those studies and what you can expect:

Security will remain as the top spending priority

Piper Jaffray’s fourth annual CIO survey (PDF) indicated that 75 percent of CIOs were expecting to increase their security spending in 2015, up from 59 percent in 2014. 68 percent of Northland Capital Markets CIO respondents cited security as their top spending requirement. 31 percent of Pacific Crest Securities CIO respondents cited Network Security, and 27 percent cited Data Security (number one and number two priorities respectively, overall).

IT Security Budget Allocation 2015Morgan Stanley’s CIO survey followed suit with security increasing its lead as the top priority. And Wells Fargo’s Decision Maker Survey drew similar conclusions with 21 percent of respondents viewing security as their top spending priority versus 15 percent in the previous year.

Wells Fargo also expects to see security budgets increase in the “teens” this next year. Nomura’s survey of CIOs and CSOs suggests a security budget increase of 11 percent year over year. Morgan Stanley expects an 8.4 percent increase. This growth is higher than the overall IT budget which consensus points to a 2 percent to 5 percent year-over-year growth rate, suggesting a material shift in spending as some IT projects get de-prioritized to make room for increased security spending.

Does this provide the “extra desired power” we’re looking for? The fact remains that while security is a top IT spending priority, it only received 5 percent (Wells Fargo) to 9 percent (Nomura) of the overall IT budget. There’s no question we’re headed in the right direction. Only time will tell whether this is the right proportional investment given the new cyber threat landscape.

Advertisement. Scroll to continue reading.

Network Security and Advanced Endpoint Security cited as the top two investment segments

Piper Jaffray’s survey indicated that 88 percent of CIOs cited Network Security as their top priority for 2015, and 78 percent cited Advanced Endpoint Security as their top priority. Morgan Stanley also confirmed Network Security and Endpoint Security as top spending growth categories at 9.1 percent growth and 8.4 percent growth respectively.

Within Network Security, expect to see continued investment in the adoption of next-generation firewall capabilities to prevent both known and unknown threats, and an increased emphasis on analytics to improve detection and mitigation rates. And while security wasn’t specifically called out, Piper Jaffray also cited networking as the area most in need of a refresh within the data center (35 percent versus 26 percent in 2014). This of course has implications towards network security, as firewall infrastructure must be upgraded to accommodate new data center performance speeds without forcing compromise on security efficacy.

Today, the endpoint in particular is viewed as the weakest part of today’s enterprise IT infrastructure. As Wells Fargo points out, for just $50 anyone can go to the web and download malware that comes with a “money-back guarantee” that it will evade the top 20 anti-virus solutions. The market transition away from anti-virus towards more advanced endpoint-based security is expected to pick up steam in 2015.

Security breaches could chill ambitions towards public cloud in 2015

35 percent of the CIOs surveyed by Piper Jaffray cited security as their primary reason for keeping data on premise. This is up from 31 percent in 2014.  The assumption here is the magnitude and visibility of security breaches in 2014 are driving companies to take a closer look at their public cloud strategy. That’s not to say organizations are backing away from public clouds.

Cloud Computing was the number two priority behind Security in Morgan Stanley’s CIO survey. And in their annual CIO survey, Pacific Crest Securities found that cloud remained a core theme amongst organizations planning for budget cuts. Of the CIOs surveyed they found that 16.1 percent of organization’s applications will be moved to the public cloud in 2015, up from 5.3 percent in 2014.

The economics are simply too attractive to pass up. So, expect continued exuberance with a heightened eye and interest towards some of the new cloud-based security technologies that hit the market in 2014.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights