Five key considerations for network security budget planning in 2023

Planning 2023 Network security budget in , some CISO May be confused by “ Where to start ”. The ways to protect enterprises from cyber threats are diverse and rapidly changing , Therefore, the task of identifying the most urgent risks is crucial .

however , Security leaders also need to start thinking about how much money they need and how to allocate budgets . Consultancy, West Monroe Director of network security David Chaddock Express ,“ At the macro level , When defining strategic objectives and developing security budgets ,CISO You should know , The current situation of network security may cause security leaders to fall into ‘ Maintain operations and promote new initiatives ’ My dilemma . Although some enterprises with high maturity or have suffered network attacks , You have understood the value of change and may be ready , But the unfortunate reality is , Most enterprises are still struggling to meet their needs with traditional budgets , And the demand for security will only grow .”

Here are the possible decisions 2023 Annual budget 5 Big key factors ：

• The changing threat situation .
• Economic trends and their impact on the behavior of threat actors .
• Geopolitical events , For example, the war between Russia and Ukraine .
• Changing government and other regulations and guidance .
• Changing cyber insurance requirements .

CISO These factors need to be carefully considered , In order to find the best way to ensure the safety of the enterprise .

1、 The changing threat situation

The pattern of network security threats is constantly changing , With the emergence of new blackmail software threats 、 The continuous development of cloud computing and the transformation of labor model , The pace of change seems to have accelerated . secondly , Many companies are accelerating their digital transformation .

Gartner Senior Research Director Ruggero Contu Express ,“ The digital transformation plan has further expanded the attack surface .CISO The budget must meet new requirements from external risks , The traditional budget focuses on internal infrastructure .”

Contu added , Exposed loopholes ( For example, unpatched servers and open ports in Internet connected devices )、 Cloud system configuration error 、 Key information leaked ( For example, credentials ) And damaged assets ( For example, spoofing domains and enterprise mobile applications ) Will be the key target of attack in the next few years .

Besides , The rapid growth of endpoint devices —— Including the Internet of things (IoT) The growth of —— And the inherent security risks will also affect the budget .

Contu Express , manufacture 、 energy 、 The safety budget in transportation and healthcare will have to focus on protecting the industrial environment and systems from IoT The impact of introducing vulnerabilities , as well as IT And operational technology (OT) Fusion .

2、 Economic trends lead to the scarcity of network security resources

Economic trend ( Especially inflation ) It may have a significant impact on cybersecurity expenditure and the behavior of threat actors . Consultancy, Plante Moran Partner and head of network security practice Raj Patel Express , The scarcity of network resources and inflation will be the future 12 To 18 The most important factor in the increase of network security budget and expenditure in the past month .

He thinks that ,“ Network talents are hard won , Enterprises are willing to pay for this . This has also led to an increase in wage costs by at least 10% To 15%. Because of the scarcity of resources ,8-12 The salary increase of employees with years of work experience is greater . As for safety products and services , In the past four years , Tools and techniques for better managing cyber risks have increased significantly .”

Chaddock added , The gap between the rich and the poor and the economic uncertainty it brings will inevitably lead to further increases in hacker behavior and other network security incidents that may destabilize . Now? , As enterprises become more digital and more vulnerable to security vulnerabilities , This situation will only worsen .

3、 Geopolitical events exacerbate security risks

Events around the world , Perhaps the most striking is the war between Russia and Ukraine , This may continue to have a significant impact on network security and risk . This is especially true for some industries , For example, the government and other industries supporting the country's key infrastructure .

Patel Explanation ,“ Current geopolitical events have transformed the image of attackers into state funded hackers , They have deep technical skills and the resources they need to attack critical infrastructure and companies .”

West Monroe Through quarterly revenue over 5 Billion dollar company's 250 name C Level executives to investigate , The latest quarter formed 《 Executive survey report 》 Show , When asked “ Due to geopolitical and supply chain instability , What actions are executives' companies considering this year ” when , Most executives (60%) Express , They are considering increasing spending or paying attention to network security , Because network warfare has become an increasingly common tool to gain competitive advantage .

Chaddock added , The nation-state sponsored attack tools against Ukraine can now be easily made available to a wider audience . And most enterprises do not have sufficient protection capabilities to resist attacks funded by the nation state . This means that most safety plans have fallen significantly behind , A lot of investment outside of working capital is required to maintain normal operation .

4、 Changing regulatory requirements

In the past few years , Regulatory requirements have been changing , Including laws dealing with data privacy .Patel Express , The cost of complying with various privacy regulations and security obligations in contracts is rising . for example , Some contracts may require independent testing by third-party auditors . Due to inflation and rising wages , Auditors' and consultants' fees are also rising .

Chaddock Think , Enterprises should focus on building strong security , Instead of focusing on compliance . When an enterprise is really safe , The cost of implementing and maintaining compliance should also be reduced . Especially for enterprises that support critical infrastructure , The evolving regulatory compliance requirements require a lot of support .

5、 Changing online insurance requirements and rising costs

After experiencing well-known attacks such as ransomware , More and more enterprises begin to buy or at least consider buying online insurance plans . If the cost of paying for such policies exceeds the security budget ,CISO Rising coverage costs and other factors will need to be considered .

Patel Express ,“ The cost of online insurance is rising 20% To 25%. Enterprises can reduce costs by reducing coverage levels or increasing deductibles . however , That would mean taking more risks . Some insurance companies will evaluate your network control to measure your premium . Through better control , You can also reduce the premium .”

Chaddock added , as time goes on , The company should ensure that the cost of online insurance is included , What is more important is to maintain effective and safe backup / Costs associated with resilience .“ Double blackmail ” The arrival of the times has caused many target enterprises to fall into financial difficulties . Enterprises with secure and resilient backup and recovery capabilities , It is much less likely to be materially affected by network events .