Nearly half (49%) of cybersecurity professionals citied digital business transformation issues as the top factor driving an increase in cybersecurity costs, according to a survey conducted by Dimensional Research on behalf of Deepwatch, a provider of managed detection and response services.
The survey of 107 IT security professionals working at organizations with more 1,000 employees also identified regulation and compliance requirements (36%) as the second biggest driver of increased security spending (36%), followed by a greater focus on security breaches and incidents at (30%).
Bill Bernard, an area vice president for security strategy at DeepWatch, said those results indicated that cybersecurity is becoming better aligned with business initiatives. However, all too often, security is still being bolted on to the back end of IT initiatives, Bernard said.
That better business alignment, however, comes at a cost. More than three-quarters of respondents (78%) said they expected breach and incident reporting requirements to create more work for their teams, with 55% saying they don’t have the resources or budgets to meet those requirements.
Those breach and reporting requirements are being driven by everything from a set of policies expected to be implemented by the Securities and Exchange Commission (SEC) to privacy regulations being implemented worldwide, noted Benard.
The survey found 77% of respondents expected privacy requirements to increase work for their teams, with 44% reporting they are not resourced or budgeted to support those additional requirements.
Respond (46%) and detect (42%) were generally cited as the top cybersecurity functions organizations are looking to improve. Naturally, cybersecurity teams are looking to fill open positions to meet those requirements. The survey found that security architects and security engineers are the most difficult positions to hire and train at 44% each. The survey also found a full 82% of respondents are looking to rely more on managed security services, with 46% of organizations currently using managed services and 36% considering it.
Bernard said that while managed security service providers (MSSPs) have historically had a bad reputation, many have invested heavily in recent years to improve the quality of their services. It’s simply not going to be feasible for organizations to staff a security operation center (SOC) on a 24/7 basis, so managed services have become a critical element of any cybersecurity strategy, he noted.
Finally, the survey found nearly two-thirds of respondents (64%) currently work for organizations that buy cybersecurity insurance. However, well over a third (39%) said it’s already too expensive, while another 39% said that while they believe cyberinsurance offers value today, that won’t be true if prices increase.
In the longer term, it will be interesting to see what impact the current valuation of cryptocurrency has on ransomware attacks, noted Bernard. Cybercriminals may soon determine that the mechanism for collecting ransomware payments is no longer a viable option, he said.
The coming year is already shaping up to be one filled with profound changes to cybersecurity. The issue, of course, is whether organizations will be able to fund those changes as cybersecurity continues to evolve into an arms race against well-funded cybercriminals.