Network, IAM, cloud are 2023’s top cybersecurity spend priorities

Attackers are so relentless at innovating new breach techniques that cyber-defenses implemented in 2022 have already weakened, with yet more severe attacks coming in 2024. Most cybersecurity leaders (71%) say their organizations have experienced three or more security incidents in the last year alone.

Ransomware breach attempts fell by 30% last year as attackers pivoted to new attack strategies that are proving more lucrative and less detectable. As attackers out-innovate the current generation of security platforms, total attack activity continues to grow, despite budgets growing too in an uncertain economic climate.

Scale Venture Partners’ (SVP) Cybersecurity Perspectives 2023 report provides insights into the many challenges CISOs face. These include growing attack sophistication, talent shortages, geopolitical tensions and overworked security teams. The report found that CISOs are doubling down on network, IAM and cloud security to better protect against identity-based attacks.

CISOs battling identity theft 

Organizations’ growing reliance on multiple cloud services creates an attractive breach target for attackers, who use pretexting and social engineering to steal privileged access credentials. SVP’s survey found that 50% of security leaders say their cloud services accounts have been attacked in the last year. That’s consistent with CrowdStrike’s 2023 Global Threat Report. 

CrowdStrike found that exploitation of gaps in cloud infrastructure — most often the stealing of credentials, identities and data — grew 95% in 2022, with cases involving “cloud-conscious” threat actors tripling year-over-year. Attackers are seeking to modify authentication processes in order to attack identities.

“An especially popular tactic was the abuse of compromised credentials acquired via information stealers or purchased on the criminal underground, reflecting a growing interest in targeting identities that we also saw last year: Our 2022 report found 80% of cyberattacks leveraged identity-based techniques,” writes CrowdStrike cofounder and CEO George Kurtz.

Identities are under siege, and CISOs are prioritizing their spending in response. Getting identity and access management (IAM) under control is a challenging problem, especially when an organization relies on multiple cloud services, said Ariel Tseitlin, partner at SVP, in a recent interview with VentureBeat. The number of firms compromised by phishing attacks that stole employee credentials via cloud services rose 58%.

“Identity is where security is going … because there’s just so much more rich data there,” Tseitlin told VentureBeat. IAM jumped from eighth place to second in this year’s investment priorities ranking, reflecting increasing market concerns about identity security in multicloud tech stacks. Network security and cloud infrastructure security remain from last year’s survey, joining IAM as enterprises’ top three cybersecurity spending priorities in 2023. (Leading IAM providers include AWS Identity and Access Management, CrowdStrike, Delinea, Ericom, ForgeRock, Google Cloud Identity, IBM Cloud Identity, Microsoft Azure Active Directory, Palo Alto Networks and Zscaler.)

Enterprise cybersecurity budgets averaging a 20% increase 

Large enterprises are seeing a 20% average rise in security budgets, though mid-sized enterprises are averaging only a 5% increase. SVP’s survey of security leaders also found that security budgets for emerging technologies rose 18% this year, down 27% from 2022. That’s consistent with what many other surveys are seeing, including Ivanti’s State of Security Preparedness 2023 Report, which found that 71% of CISOs and security professionals predict their budgets will jump an average of 11% this year, well above the projected inflation rate.

Data, application, cloud and endpoint security are getting, on average, 10% of companies’ total cybersecurity budgets this year. Compared to last year, budgets for endpoint security, identity management and security awareness training are seeing the biggest increases.  

Artificial Intelligence (AI) and machine learning (ML) security and software supply chain security were included for the first time in this year’s survey, accounting for 6% and 5% of budgets respectively.

A sure sign that boards of directors see cybersecurity spending as an investment that helps control risk is the increase in security budget per employee, rising to $3,653 this year, up 20% from $3,033 per employee last year.

Cybersecurity’s resilient budgets reflected in fast-growing revenue forecasts 

Organizations are reluctant to cut cybersecurity budgets for fear of falling too far behind as attackers use new technologies, including AI/ML, to launch attacks while weaponizing old vulnerabilities at the same time. SVP notes that CISOs are preparing for greater scrutiny of their spending decisions and longer decision-making timeframes, however.

Throughout the last three years, cybersecurity budgets have been among the most resilient across every size of organization. The aggregated effects of continued spending and what Gartner is hearing from its enterprise clients about planned purchases led the analysis company to predict that end-user spending on the information security and risk management market will grow to $188.1 billion this year and reach $288.5 billion in 2027. That’s a compound annual growth rate (CAGR) of 11.0% from 2022 to 2027.

Gartner’s latest forecasts [client access required], by selected enterprise information security and risk management markets, include the following, further reflecting how resilient budgeting is driving market growth:

• Application security is predicted to grow from $5.7 billion in revenue this year to $9.6 billion in 2027, attaining a 13.6% CAGR.   
• Cloud security is predicted to grow from $5.6 billion in revenue this year to $12.8 billion in 2023, attaining a 22.8% CAGR. 
• Data security is predicted to grow from $3.6 billion in 2023 to $6.1 billion in 2027, attaining a 13.6% CAGR. 
• Identity access management is predicted to grow from $16.1 billion in 2023 to $24.8 billion in 2027, attaining an 11.4% CAGR.

Enterprises look to AI/ML to close the talent gap 

Security leaders responding to PVC’s survey said finding and hiring cloud security experts is the most challenging role to fill. More than half of organizations (57%) said the biggest obstacle to achieving their desired security posture was insufficient security personnel, up 42% from last year. Security teams struggle with, among other things, too many alerts, too many false positives and too many tools.

AI/ML tools are helping security leaders fill the talent gap and scale their understaffed teams. Four out of five security leaders (79%) believe AI/ML will be “important” or “extremely important” for improving their security posture by 2024. More than 60% of cybersecurity leaders rely on cybersecurity tools with AI /ML-based capabilities to further offset talent shortages. And 62% of security leaders are using AI/ML-based tools to automate security processes.

Meanwhile, CISOs tell VentureBeat they are piloting generative AI-based platforms with ChatGPT capabilities to reduce SecOps workloads. Emerging from the initial pilots are ten use cases that show the potential to offload SecOp’s teams’ workloads.

Who owns a business’ identities, owns the business 

SVP’s study reflects how critical it is for every organization to get in control of IAM and have a solid strategy for hardening their every vulnerable threat surface. Identities are the most vulnerable security perimeter there is.

Attackers know gaps exist in cloud configurations, and by stealing privileged access credentials they can, in effect, take control of an entire business before anyone realizes it. That’s why IAM is critical to get right, and why it is seeing rapid growth. CISOs and CIOs continue collaborating toward the goal of closing cloud configuration gaps and strengthening network security.

And it all needs to start with identities — attackers’ primary target today.