As more organizations encounter economic headwinds, the rate at which cybersecurity budgets have been increasing is slowing down. A survey of 550 Chief Information Security Officers (CISOs) conducted by IANS Research and Artico Search finds cybersecurity budgets only increased an average of 6 percent year over year. Previously, cybersecurity budgets increased an average of 17 percent.
A third of respondents (33 percent) reported having either frozen or cut cybersecurity budgets, the survey also finds.
A separate survey of 14,865 cybersecurity professionals conducted by ISC2 finds just under half (47 percent) reporting layoffs, budget cuts, or freezes on their teams, with almost a third (31 percent) expecting additional cutbacks next year. Well over half (57 percent) said their response to threats had been inhibited by cutbacks.
A full 92 percent report skills gaps at their organization, with cloud computing security (35 percent), artificial intelligence/machine learning (32 percent), and zero trust implementation (29 percent) topping the list. Nearly half (47 percent) see cloud computing security as the most sought-after skill for career advancement, but an equal percentage note they have either no or minimal artificial intelligence (AI) expertise, with 45 percent expecting that securing AI applications will be a major challenge in the next two years.
Many organizations are also shifting cybersecurity responsibilities to IT operations teams to make up for those skills shortages, but ISC2 estimates there is still a global shortage of four million cybersecurity professionals.
Expanded attack surfaces and immune cybercriminals
No one knows for sure which direction the global economy is headed in next, but two things are certain. The overall size of the attack surface that needs to be defended will only increase. The second is that cybercriminals are largely impervious to any contraction that might occur in the global economy. If anything, downturns benefit them because, in the absence of legitimate employment, there are more people willing to engage in cybercriminal activity.
Managed service providers (MSPs) are, of course, feeling the impact of cutbacks. Still, overall, cybersecurity budgets tend to be cut back less than other IT functions anytime there is a downturn. Of course, all cybersecurity spending plans are immediately tabled whenever a major breach occurs. It’s not uncommon in the wake of a cybersecurity breach for organizations to increase spending on cybersecurity and be more receptive to relying on external expertise. Savvy MSPs that have the necessary resources with response teams standing by often benefit in the wake of a significant cybersecurity incident.
MSPs must weather the storm
The challenge is that as spending fluctuates, MSPs will need to navigate demand for services that are likely to be less consistent. There will always be a natural temptation to make cuts anytime the economy softens. Still, when it comes to cybersecurity, there is always a need to be able to respond to a crisis without reducing the level of service being provided across the entire customer portfolio. In effect, MSPs are the last line of defense organizations count on in a crisis. If that line doesn’t hold, most customers will undoubtedly look to move on and look to spread as much blame as possible in the wake of a breach.
Photo: SvetaZi / Shutterstock