Cloud Security Budgets Increase Substantially in 2018 as CISOs Recognize the Dangers Out There

Cloud security has finally become a big-enough blip on IT professionals’ radar to be taken seriously. Almost all respondents in a recent cybersecurity study revealed that their organization has agreed to increase the resources allocated to protecting the company’s assets from bad actors – and to great extent, too.

In late 2017 and early 2018, the Enterprise Strategy Group (ESG) engaged 413 IT and cybersecurity professionals in a study of planning, implementation, and/or operations of their organization’s security policies, processes, or technical safeguards. Respondents were based in the United States, U.K., and Australia, and worked at enterprise organizations in industries like financial services, insurance, manufacturing, retail, healthcare, IT, with some also working in government segments.

Researchers found that 92 percent of the organizations surveyed will increase their cybersecurity budgets in 2018 (or have possibly done so at the time of this writing). Most of the spending will be allocated to cloud security, network security, and application testing, as the chart below shows.

Over half (52%) said that their cybersecurity budget will increase “significantly” while another 40% expected their cybersecurity budgets to increase “somewhat.” 46% of organizations are poised to make a significant increase in network and cloud security budgets, while 36% are planning a significant increase in application security budgets.

34% of organizations will allocate most of their cybersecurity budget to application testing, while 50% said this area will see “somewhat” of a budget increase. Interestingly, 1% said their training budgets will “significantly” decrease from 2017, and a few more percent said their overall cybersecurity budgets will “somewhat” decrease from last year.

“Based upon this data, it appears CISOs can articulate the importance of increasing the need for more security testing […] Unfortunately, the data also shows that many organizations will not invest more in training and/or personnel in 2018. These spending deficits could exacerbate skills shortages and increase risk,” ESG researchers said.

But why are IT leaders suddenly so aware of the importance of these investments? After all, not too long ago most security chiefs were complaining about tight budgets. The answer may come in the form of another data point from the same study.

Researchers found that IT professionals today are regarding cybersecurity as “increasingly difficult,” with 79 percent of security professionals believing that cybersecurity (i.e., knowledge, skills, operations, management, etc.) is more complex today than it was just two years ago. Survey respondents pointed to increases in malware volume and sophistication, the rise of targeted cyber-attacks, the number of new IT initiatives, and the number of devices connected to the network as key factors that are making cybersecurity such a chore.

And, if we are to look at another data point, at least one problem that always crops up in such studies is still as present as ever:

"Organizations don’t have adequate security staff levels and skills with regards to the intersection of networking and security," ESG researchers penned the issue. "CISOs need help to bridge these skills gaps," they said.