New data from ETR and theCUBE Research also shows spend matching AI security hype, Zero Trust adoption still in progress, and MFA widespread
MILFORD, CONN., USA, May 2, 2024 /etr.ai/ — Cybersecurity budgets are expected to increase, and the number of IT security-specific vendors in organizations’ tech stacks is expected to expand over the next year, according to a new survey from ETR and theCUBE Research ahead of the annual RSA Conference.
Most (87%) respondents expected their security-related budgets to increase to some degree in the coming 12 months, with 14% expecting an increase of at least 15%. This indicates a growing focus on the importance of investing in security measures.
Also, more than half (51%) of respondents expect an increase in security vendors, while only 9% expect vendor consolidation in their tech stacks. Contrary to recent statements by some large, public IT security companies about the rise in tool consolidation, this survey found expansion much more common as organizations seek specialized solutions from multiple vendors to address their growing and ever more complex security needs.
The survey of 321 IT decision makers, of which more than a fifth (22%) represent Global 2000 organizations, yielded many other cybersecurity insights, including:
- AI-related security gaining traction. The survey confirms the hype surrounding AI-enhanced security is real, with 22% of respondents already allocating dollars to AI-related security tools and 61% planning to do so over the next 12 months.
- Zero Trust adoption is still in progress. Despite the maturity of the Zero Trust philosophy, only 11% of respondents have fully deployed Zero Trust systems. However, about two-thirds (66%) have either started or plan to deploy Zero Trust systems, indicating growing recognition of the importance of adopting a Zero Trust approach to security.
- Multi-cloud/hybrid security is key driver for budget growth. More than half (55%) of respondents cited multi-cloud/hybrid security as the top driver for budget growth in the next year. Half (50%) of respondents also cited ransomware protection as a key driver for budget growth.
- Identity management, vulnerability management, and EDR/XDR are top priorities. These were tightly grouped as the top three IT security priorities. Observability and SIEM, antivirus and email security, and network security followed behind in rank order of priorities.
- MFA is widely deployed. More than two-thirds (68%) of respondents stated the majority of their applications require multi-factor authentication (MFA). App-based MFA is the most popular method, followed by SMS and token-based MFA methods.
- High interest in AI at RSA Conference. Among respondents planning to attend the RSA Conference, AI/LLM security was the most anticipated topic, with 62% expressing interest.
- Preference for in-house security over outsourcing. Respondents strongly preferred in-house security, with nearly 20% favoring total in-house staffing and 36% favoring mostly in-house security. Only 3% preferred totally outsourced security. This suggests that organizations value having control over their security operations and their own dedicated security teams.
- Skill gaps and wage expenses have biggest impact on cybersecurity hiring. When hiring new cybersecurity professionals, respondents ranked gaps in skill as the most impactful on their ability to hire, followed by wage expenses. Remote work preferences were least impactful.