Executive Summary
Examines key CISO investment priorities for 2023. CISOs and CIOs view cybersecurity as a significantly higher priority than two years ago and are investing in multiple areas to meet escalating regulatory demands, protect new digital channels, and counteract ongoing cyber incidents. Improving protections for cloud services and platforms is the top-rated priority (attacks against cloud services were the most-seen incident type during the past year), followed by protections against ransomware attacks. CISOs and CIOs see a range of issues within apps, cloud platforms, data, and on-premises infrastructure requiring ongoing and higher investment in 2023. They are budgeting accordingly.
The data presented in this white paper is from a survey of CISO and CIO respondents at 284 organizations in the United States with more than 1,000 employees.
KEY TAKEAWAYS
- Regulation, digital channels, and economics driving cybersecurity
The top trends and challenges driving how organizations approach cybersecurity in 2023 are escalating regulatory demands for cybersecurity and data privacy; growing use of digital channels for engagement with customers, employees, and partners; and the declining economic outlook. CISOs attribute greater impact to all trends and challenges than the CIO (with one exception). - Top priorities are cloud security, ransomware protections, and data
Cloud security and ransomware protections are the top two investment priorities in 2023 out of more than 20 areas. For the investment priority to be high, the most common pre-conditions are high concern that the current security protections are insufficient along with the requirement for a significant financial outlay to bring the area up to the internal standard of the organization. - Better risk management leads to higher security prioritization and budget
Organizations with a greater ability to manage the business risks associated with apps, cloud platforms, data, and on-premises infrastructure assigned higher security prioritization to the key issues associated with each area, as well as a higher budget, compared to organizations with lower risk management efficacy. - Budgets have increased 11% since last year and are expected to increase further
The average budget increase from 2022 to 2023 is 11%, with a further average increase of 19% forecast for the 2023 to 2024 budget cycle. However, CISO and CIO respondents believe they could put an average of twice as much budget to productive and effective use in 2023. Some CISOs and CIOs say they could put three to five times as much budget to productive use in 2023. - How the board views cybersecurity has significant flow-on effects
Boards that view cybersecurity as a business risk show greater proclivity toward proactive investment, concern with technical risks, and approval of funding. Among these boards, fewer take a reactive approach to cybersecurity threats. If the board only pays attention to cybersecurity threats after a breach or incident, cybersecurity is viewed as a technical risk and budget is approved only grudgingly.
This white paper has been prepared by Osterman Research
Related Posts
The State of Ransomware 2025
BlackFog's state of ransomware report 2025 measures publicly disclosed and non-disclosed attacks globally.
Iran Hacked Trump Campaign: A Deep Dive into the Cyberattack
An overview of how Iranian IRGC hackers penetrated Trump's campaign through spear-phishing, leaked sensitive data to influence opponents, and the DOJ's subsequent response.
Microsegmentation: Strengthening Network Security Against Zero Day Exploits
Find out why microsegmentation is an increasingly popular option for supporting zero trust networking approaches.
Patch Management: An Essential Part of Data Security
Ensuring you have a strong patch management strategy in place is essential in minimizing the risks posed by known vulnerabilities.
Layered Security – How a Defense-in-Depth Approach Guards Against Unknown Threats
Make sure your systems are fully protected from threats at every level by incorporating these six key layered security defense strategies.
Zero Trust Data Protection: Securing Your Data in a Perimeterless World
What should firms know about zero trust data protection and how can they ensure it is implemented effectively?