Top 11 statistics on how CISOs can prioritize their 2020 security budget

By November 6, 2019 No Comments

How to prioritize a budget is not a simple question to answer. These 11 CISO statistics can help you with your security budget by 2020.


However, there are many insights We can draw on industry studies to learn how Chief Information Security Officer (CISOs) are currently spending their budgets.

overall average cost of a data breach currently is from US$ 3.92 million & #8211; an increase of 12% since 2014. Fortunately, the average cybersecurity budget is also increasing precisely for greater risk control. See here in recent research 2019 IBM Cost of a Data Breach Report.

As support information, follow below Top 11 Statistics, based on area research, on CISO's top investments that can help you think about your own cyber security budget for 2020.

1. Cyber security budgets are increasing

Worldwide, IT security spending in 2019 is projected to grow 8.7% from 2018, according to a Gartner forecast. Cybersecurity Ventures predicts that global cybersecurity spending will exceed US$ 1 trillion cumulatively from 2017 to 2021.

2. Security Services Outperform Software

The year of 2019 was nicknamed year of security service by Forrester. Four times more budget is being directed to cyber security services than anything else, and this trend is a relatively recent development. Spending on security services outpaced other investments for the first time in 2018.

Gartner Analysts also predicted that security services will be responsible for 50% cybersecurity budgets by 2020. The top three investment categories in 2019 are designed to:
• Security Services (US$ 64.2 billion)
• Infrastructure Protection (US$ 15.3 billion)
• Network Security Equipment (US$ 13.2 billion)

3. Privacy Concerns Spend Service Spending

There are numerous factors driving the rapid growth of investment in security services, including talent and regulatory pressures. Investing in services can reduce persistent talent shortages, and CISOs can fully outsource resources to managed security service providers (MSSPs) or hire specialists to train in-house staff.

As noted by the forecast of the Gartner for 2018, Privacy regulations will drive at least 10% of service investment growth this year as companies turn to outside experts for help in areas such as identity and access management (IAM), governance and identity management (IGA), and data loss prevention (DLP).

4. CISOs want visibility, alignment and analysis

Research shows there is little mystery about why CISOs are spending more on executive board blessings. A larger cybersecurity budget is a tool for addressing security risks, business needs, and industry changes. CISOs are focused on creating a better integrated security ecosystem to identify real-time threats, foster a more strategic security culture, and combat internal risks. According to Forbes, CISO's priorities in 2019 include:

• Develop a platform for visibility and analysis of security events.
• Align security operations with IT through automation and orchestration
• Address internal risks with User Behavior Analysis (UBA)

5. C-Suite Is Concerned About Compliance, Digital Business Risks

The CISOs are closer to C-Suite than ever. Although there is still a division between CISOs and other executives, this gap has become smaller. PwC noted that most CEOs agree that cyber risk is a threat to their organization's growth prospects and, according to BDO, about one-third of executive board members are informed about cyber security at least once. every quarter.

The CISOs and non-technical executives have different priorities for the cyber budget. Most executives see regulations and compliance as key factors in cybersecurity spending. Business decision makers are also concerned about ensuring that security investments address digital business risks, according to Gartner.

6. Security spending can accelerate digital transformation

CISOs can collaborate more effectively with the C-suite, understanding the priorities of non-technical executives. Most executives in 2019 are concerned with easing the way to secure digital transformation.
Recent CIO research has found that decision makers are concerned about time efficiency, business friction, and minimizing wasted time and resources. Cyber security leaders have the opportunity to start conversations about the risks of insecure digital transformation. Concepts such as security by design or Secure DevOps are not just & #8220; security issues & #8221; & #8211; Secure digital transformations can deliver better customer experiences and more advanced digital services.

7. Safety culture is a main goal

Most data breaches are caused by people or process failures. Shared risk and budget conversations can help the company work toward a more effective security culture and shared risk goals. CISOs must be prepared to justify spending by addressing gaps in the existing security ecosystem. The BCG recommended using the following three topics to guide multifunctional budget talks:
• What is our risk appetite?
• Where will our investments have the greatest impact?
• How do we get value from existing investments?

CISOs need to be prepared to handle cases where tools or solutions do not translate into reduced risk or features. Perhaps most importantly, they must also be prepared to address the reasons why previous investments have not been rewarded. These conversations can be an opportunity to present a business case to an integrated security ecosystem. Only 39% companies believe they have achieved strong automation and orchestration between key security and incident response processes, according to SANS.

8. Services are likely to stay on top

Over the next 12 months, analysts predict that investments in cyber security services will continue to be the top category of investment and will continue to grow. The five-year projections require double-digit compound annual growth in the cybersecurity market, with particular growth in data encryption.

9. Comparing the cyber security budget is not simple

It is very difficult to compare cyber security spending by factors such as industry or company size. The BCG reported that the share of cybersecurity IT budgets ranged from 300% among the top three studies by some of the largest companies. However, setting cyber security spending is not easy.
Effective cybersecurity involves IT considerations, risks, facilities, and compliance. CISOs can work with COOs or CHROs on company-wide joint security measures, such as facility security updates or more rigorous employee background checks. While risk-sharing initiatives are clearly beneficial, the multifunctional nature of risk makes it difficult to accurately compare security spending.

10. Healthcare cyber investments lag behind

IDC's five-year spending projections (categorized by sector) showed faster growth in the government, manufacturing, education, and finance sectors. Health is still behind, although threat research reveals that health organizations are disproportionately more threatened.

11. SMEs spend less on safety

Similarly, business organizations devote more budget to cyber security than small and medium enterprises (SMEs). A Keeper Security survey of companies with 500 or fewer employees found that most do not have a dedicated cyber security team or incident response plan. Only 7% of small and medium-sized CEOs say a cyber attack is very likely, despite the fact that 67% of smaller organizations were targeted last year. No organization is immune to underestimate the risks of cyber crime.

How to prioritize your budget in 2020?

Although CISOs have more budgets than ever before, they need to protect themselves against overspending. Research confirms that today's CISOs are spending in different directions from previous years. Budgets are increasingly focused on cross-functional services and initiatives to create a better security culture - rather than deploying software. Collaborating with C-suite can help CISOs direct their budget toward a better integrated security ecosystem and address priorities around risk, compliance, and digital transformation.
A Safeway survey in Brazil regarding compliance with BC 4,658 for financial institutions shows that the vast majority of 65% has risk and vulnerability management but less than half of senior management has clearly been responsible for information security in their organizations.

For Safeway's Umberto Rosti, CISOs need to show results with the basics, which is where major data leaks and attacks occur, as well as the requirement of new regulations such as LGPD, BC 4,658, among others. That is why the trend is service and not the acquisition of expensive and complex systems to maintain.


* Text based on article:


Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!