Security Priorities 2024

Responding to an evolving threat landscape

With the constant shift in the threat landscape, it’s important to ensure organizations are equipped with the necessary measures to proactively respond to changes.

As the security world continues to respond to the various changes in the threat landscape and the advancement of new technologies, organizations are focusing on improving their security posture to prepare for the future. The threat landscape has been exacerbated with the various attack vectors emerging, such as the increase in credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks. Furthermore, the rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats. This adds to the growing complexities of the current threat landscape, which has been identified by cybersecurity professionals as the most challenging within the past five years.

The emergence of advanced technologies has also welcomed opportunities for organizations to explore unique approaches to respond to these challenges while also enhancing existing capabilities to better equip themselves with the right people, process, and technology. This includes assessing the ability to address the talent shortage through upskilling, establishing a foundation to implement AI technologies, and evaluating an organization's security risk management with respect to integrating with the enterprise. Furthermore, the increased interest in zero trust adoption, coupled with the need for improving process efficiencies through automation, depicts the importance of continuous improvements through operationalization. This report explores the five priorities, along with the drivers and recommended actions, to help organizations be prepared to confidently address these security risks for 2024 and the years to come.

The average cost of a data breach in 2023 was USD 4.35M. Up 2% from 2022 and an increase of 15% from 2020.
Source: IBM, 2023

75% of cybersecurity professionals are viewing the current threat landscape as the most challenging within the past five years.
Source: ISC2, 2023; N=14,865

Cybersecurity continues to disrupt the business

Investment on cybersecurity is increasing due to its potential impact to the organization.

As part of our research process for the 2024 Security Priorities Report, we used the results from our Future of IT Survey, which collected responses between May 23 and August 22, 2023 (total N=894, with n=496 completed surveys). The survey highlights important technology trends and how organizations are addressing their opportunities and risks as well as their strategies for implementing the different technologies.

Factors that would disrupt the business within the next 12 months

Survey respondents (n=667) were asked what factors they anticipated would disrupt their organization within the next 12 months, ranging from 1 (smallest disruptor) to 5 (biggest disruptor). The number one disruptor was cybersecurity incidents, which was ahead of government-enacted policies or regulations and changing customer behavior. This indicates the growing importance organizations are placing on improving their security maturity, which would prepare them for any potential cybersecurity incidents.

Percentage of organization's IT budget spent on cybersecurity

Survey respondents (n=448) were asked about the percentage allocation of their IT budget spent on cybersecurity during the past fiscal year. Fifty-five percent of organizations indicated an allocation of less than 10%, while 44% of organizations spent more than 10% of their IT budget on cybersecurity. Furthermore, 7% of organizations indicated an allocation of more than 20% of their technology spend was on cybersecurity.

Organizations understand the importance of adopting AI

But what is the overall perceived impact to the organization?

The evolution of AI during the past few years has resulted in organizations learning more about the technology, its capability, and the importance of assessing its potential impact to the business. This notion was posed in a question in the Future of IT Survey, where organizations were asked what potential overall impact they expect AI to have.

Overall impact of AI to the organization

Over 55% of organizations expect a positive impact from AI and were more optimistic in the benefits it will bring to the business. Likewise, only 5% of organizations expect a negative impact from AI and consider how it could be challenging and pose a threat to their business model. Irrespective of the impact, it's evident that the evolution of AI will continue to grow, and organizations should be prepared to secure the evolution through efficient investment in people, process, and technology.

30% of organizations are currently leveraging AI to help automate repetitive, low-level tasks, and 37% are planning to use AI in 2024.
Source: Future of IT Survey, n=333

Increase in investments to combat the growing threat landscape

Although a recession was anticipated in 2023, organizations are still looking into increasing their investments for the coming year and ensuring they have the resources to securely grow their business.

Expected organizational spending on cybersecurity compared to the previous fiscal year

Survey respondents (n=452) were asked how they anticipated their organization's spending on cybersecurity will change compared to the previous year. Over 60% of organizations anticipate an increase in their cybersecurity spending for next year, which was a ten-point increase from last year's response (53.4%). Furthermore, only 32% of organizations anticipate a similar budget to last year, which was a nine-point decrease from last year's response. This depicts how organizations are realizing the importance of cybersecurity spend and the need for increased investments that will allow them to stay competitive within their industry.

Cybersecurity spending priorities

Survey respondents (n=449) were asked how important the six cybersecurity initiatives were in terms of spending priorities. The number one priority was security awareness and training, followed by next-generation tools and third-party services. This shows the growing need and importance for investments in upskilling employees as well as technologies and services to assist organizations in maturing their security posture.