5 key considerations for your 2023 cybersecurity budget planning (2024)

An evolving threat landscape, regulatory requirement changes, and increases in cyber insurance are among leading factors that will impact next year's security budget.

As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming.

Nevertheless, security leaders need to begin thinking about how much funding they will need and how they will allocate their budgets. “At a macro level, when defining strategic goals and developing budgets for security, CISOs should know that the status quo will likely leave security leaders with an impossible mission ahead—constrained to maintain operations and new initiatives,” says David Chaddock, director of cybersecurity for consultancy West Monroe.

“While some organizations with elevated maturity or those that have been hit by a cyberattack have since learned the value of change and may be prepared, the unfortunate fact is the majority still struggle to meet demand with traditional budgets, and the need for security is only increasing,” Chaddock says.

The key factors that might determine funding for next year will likely fall under these five categories:

  • The changing threat landscape
  • Economic trends and their effect on threat actor behavior
  • Geo-political events such as the Russia-Ukraine war
  • Changing governmental and other regulation and guidance
  • Changing cyber insurance requirements

CISOs need to keep these in mind as they figure out the best ways to keep their organizations safe.

1. Changing threat landscape

The cybersecurity threat landscape is constantly changing, and the pace of change seems to have picked up with the emergence of new types of ransomware threats, the ongoing move toward the cloud, and shifting workforce models. Then there is the aim among many companies to become digital businesses.

“Digital transformation initiatives are driving the expansion of the attack surface that malicious actors are set to target,” says Ruggero Contu, senior research director at Gartner. “CISO budgets will have to cater [to] new requirements coming from external exposure from what was a traditional focus of concentrating on internal infrastructures.”

Exposed vulnerabilities such as unpatched servers and open ports in Internet-connected devices, cloud systems misconfigurations, leaked critical information such as credentials and compromised assets such as spoofed domains and corporate mobile apps are examples of areas that will be increasingly targeted in years to come, Contu says.

The rapid rise in endpoint devices, including the growth of the internet of things (IoT), and the inherent security risks will also impact spending.

“Security budgets within manufacturing, energy, transportation and healthcare will have to focus on securing industrial environments and systems impacted by the vulnerabilities introduced by IoT” as well as the IT and operating technology (OT) convergence, Contu says.

2. Scarce cybersecurity resources due to economic trends

Economic trends, not the least of which is inflation, could have a big impact on cybersecurity spending as well as threat actor behavior. The scarcity of cyber resources combined with inflation will be the most significant factor for higher cybersecurity budgets and spending in the next 12 to 18 months, says Raj Patel, partner and cybersecurity practice leader at consulting firm Plante Moran. “Basically, what everyone hears is that cyber budgets are going up,” he says.“The question is what categories are going up?”The answer is security team staffing and security tools.

“Cyber talent is hard to come by and companies are willing to pay for it,” Patel says.“This has increased salary cost by at least 10% to 15%. Employees with eight to 12 years are seeing a larger increase due to scarce resources.” As for security products and services, “over the last four years the tools and technology to better manage cyber risk has increased significantly,” he says.

Additionally, the gap between the rich and poor and the economic uncertainty that it introduces “will inevitably lead to an increase in hacktivism and other potentially destabilizing cybersecurity incidents,” Chaddock says. “This is now compounded by the influx of initiatives as companies become more digital and are increasingly more vulnerable [to] security breaches.”

3. Geo-political events that increase security risks

Events around the world, perhaps most notably the war between Russia and Ukraine, are likely to continue having a significant impact on cybersecurity and risk. This is especially true for certain industries such as government and others considered to be supporting national critical infrastructures, Contu says.

“The current geo-political events changes attackers’ profile to state-sponsored hackers who have deep technical skills and [the] needed resources to attack critical infrastructure and companies in United States and Europe,” Patel says

West Monroe’s latest quarterly executive poll, which gathers results each quarter from 250 C-level executives at companies with more than $500 million in revenue, asked what actions executives’ company were considering taking this year because of geopolitical and supply chain instability. Most of the executives (60%) said they are considering increasing spending or focus on cybersecurityas cyberwarfare becomes an increasingly used tool to gain competitive advantage.

Nation-state sponsored attack tools used against Ukraine are now readily available to a broader audience, Chaddock says. “Most organizations are not adequately protected against a nation state-sponsored exploit,” he says. “This means most security programs are already behind the curve and need significant investment above and beyond operational funding to ‘keep the lights on.’”

4. Changing regulatory requirements

Change has been a constant with regulatory requirements over the past several years, including laws that deal with data privacy. The cost of complying with various privacy regulations and security obligations in contracts is going up, Patel says.“Some contracts might require independent testing by third-party auditors.Auditors and consultants are also raising fees due to inflation and rising salaries,” he says.

Organizations should focus on building strong security, not on specifically on regulatory compliance, Chaddock says. “When an organization is truly secure, the cost to achieve and maintain compliance should be reduced,” he says.

Evolving regulatory compliance requirements, especially for those organizations supporting critical infrastructure, require significant support, Chaddock says. “Even the effort to determine what needs to happen can be costly and detract from daily operations, so plan for increased effort to support regulatory obligations if applicable,” he says.

5. Changing cyber insurance requirements and rising costs

More organizations have been purchasing, or at least considering, cyber insurance plans in the wake of highly publicized attacks such as ransomware. If paying for such policies comes out of the security budget, CISOs will need to take into consideration the rising costs of coverage and other factors.

“True cyber insurance costs are going up 20% to 25%,” Patel says. “Companies can reduce the cost by reducing coverage levels or increasing deductible amounts.That would mean taking more risk.Some insurance companies will evaluate your cyber controls to gauge your premiums.With better controls, you could lower your premium.”

Companies should be sure to include the cost of cyber insurance over time, and more important the costs associated with maintaining effective and secure backup/restore capabilities, Chaddock says.

“The shift toward combining ransomware with extortion to not publicly disclose sensitive information has put many organizations in a financial bind if they are a target,” Chaddock says. “Organizations with secure and resilient backup and restore capabilities are far less likely to be materially impacted by a cyber event, and therefore able to advance new initiatives and stay ahead of their competitors irrespective of their cyber insurance coverage being a limiting factor.”

Related content

  • featureHow to choose a SIEM solution: 11 key features and considerations Get a clear, consolidated view of events and threats across your entire enterprise with SIEM (security and event management). Here’s how to select the best SIEM solution based on your company’s unique assortment of needs.ByTim FerrillMar 13, 202411 minsSecurity Information and Event Management SoftwareSecurity SoftwareSecurity
  • featureWhat is SIEM? How to choose the right one for your business Security information and event management software collects information to help identify and track cyber breaches. Here’s how to select the best SIEM product based on your company’s needs. ByJosh Fruhlinger and Tim FerrillMar 13, 202412 minsSecurity Information and Event Management SoftwareNetwork SecuritySecurity
  • newsGoogle’s Security Command Center Enterprise fills gaps across cloud security lifecycle Google Cloud's SCC Enterprise aims to streamline response to threats and misconfigurations across IaaS platforms, including AWS and Azure.BySascha BrodskyMar 12, 20244 minsThreat and Vulnerability ManagementCloud Security
  • newsRussia-aligned hackers take down French state services in massive DDoS attack The group used InfraShutdown DDoS kit to take several French websites hostage in a large-scale DDoS attack.ByShweta SharmaMar 12, 20244 minsDDoSHacker Groups
  • PODCASTS
  • VIDEOS
  • RESOURCES
  • EVENTS

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

5 key considerations for your 2023 cybersecurity budget planning (2024)

FAQs

5 key considerations for your 2023 cybersecurity budget planning? ›

Below is a summary of the post: Confidentiality, integrity, availability, authentication, and non-repudiation are the five elements of security that are crucial for any organization to maintain a secure environment.

What are the 5 essential elements of cyber security? ›

Below is a summary of the post: Confidentiality, integrity, availability, authentication, and non-repudiation are the five elements of security that are crucial for any organization to maintain a secure environment.

What are the five essential cyber security requirements? ›

It gives your business an outline of best practices to help you decide where to focus your time and money for cybersecurity protection. You can put the NIST Cybersecurity Framework to work in your business in these five areas: Identify, Protect, Detect, Respond, and Recover.

What are the 5 steps cybersecurity? ›

For more information about each of these steps, see our downloadable documents section at the bottom of this page.
  • Protect your data. Strong passwords and additional account security measures are an effective way. ...
  • Prevent Malware. ...
  • Avoid Phishing Attacks. ...
  • Backup your data. ...
  • Keep your devices safe.

What are the 5 C's of cybersecurity? ›

Understanding the 5 C's of cybersecurity—Change, Continuity, Cost, Compliance, and Coverage—provides a structured approach towards building a robust cybersecurity framework.

What are the 5 D's of cyber security? ›

The 5 Ds of perimeter security (Deter, Detect, Deny, Delay, Defend) work on the 'onion skin' principle, whereby multiple layers of security work together to prevent access to your site's assets, giving you the time and intelligence you need to respond effectively.

How much does cybersecurity cost per month? ›

Minimum costs for outsourced cybersecurity services start around $2,000 - $3,500 per month and go up from there. On a per-user basis, that breaks down to a range between $195 and $350 per user, including support and maintenance.

Can you make 500k in cybersecurity? ›

For example, in security operations (SecOps) and governance, risk and compliance (GRC) roles, the top 25% averages around $523,000 per year in cash compensation. That figure drops to $447,000 for product security department heads, $465,000 for deputy CISOs and $360,000 for identity and access management leaders.

What is the basic cyber security plan? ›

A cyber security plan is a written document comprising information about an Organization's security policies, procedures, and remediation plan concerning countermeasures. This plan aims to ensure the integrity of operations and the security of the Organization's critical assets.

What are the 5 cyber essentials? ›

What Are the 5 Controls of Cyber Essentials?
  • Firewalls.
  • Secure Configuration.
  • Use Access Control.
  • Malware Protection.
  • Patch Management.
Jul 31, 2023

What are the five pillars of cybersecurity? ›

The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.

What are five key elements of a cybersecurity strategic plan? ›

Building a Strong Cyber Security Strategy: A Five Step Approach
  • Security Awareness. When it comes to cyber security, awareness is critical. ...
  • Risk Prevention. ...
  • Data Management. ...
  • Establish Network Security and Access Control. ...
  • Regularly Monitor and Review Security Measures.
May 10, 2024

What are the 5w in cyber security? ›

Who, what, where, when and why? Pretty much anything you need to do can be clarified and distilled by isolating the issues into the 5 W's.

What are the 3 C's of cyber security? ›

The 3 Cs of Enterprise Security: Communicate, Coordinate and Collaborate. As technology continues to evolve and become more interconnected, the line between cyber and physical security is increasingly blurred.

What are the 4 P's of cyber security? ›

Bringing People, Process, Policy and Partners together to build a cyber risk aware culture. Technology controls are an important pilar of any cyber security strategy, whether it be small to medium businesses, larger organisations or government agencies.

What are the five key principles of cyber security? ›

These cyber security principles are grouped into five functions:
  • GOVERN: Develop a strong cyber security culture.
  • IDENTIFY: Identify assets and associated security risks.
  • PROTECT: Implement controls to manage security risks.
  • DETECT: Detect and analyse cyber security events to identify cyber security incidents.
Jun 13, 2024

What are the 5 great functions of cybersecurity? ›

The framework core is a set of cybersecurity activities, desired outcomes and applicable references that are common across critical infrastructure sectors. It consists of five concurrent and continuous Functions: Identify, Protect, Detect, Respond and Recover.

What are top 5 key elements of an information security? ›

The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.

Top Articles
CoinMarketCap Earn Launches $5 Earn Campaign With REVV | CoinMarketCap
How to Set Up Port Forwarding on a Router: Open Ports Easily
Is Paige Vanzant Related To Ronnie Van Zant
Belle Meade Barbershop | Uncle Classic Barbershop | Nashville Barbers
The Potter Enterprise from Coudersport, Pennsylvania
Optimal Perks Rs3
Big Y Digital Coupon App
Our History | Lilly Grove Missionary Baptist Church - Houston, TX
Espn Expert Picks Week 2
Does Publix Have Sephora Gift Cards
3656 Curlew St
TS-Optics ToupTek Color Astro Camera 2600CP Sony IMX571 Sensor D=28.3 mm-TS2600CP
Chastity Brainwash
1773X To
Moving Sales Craigslist
Dallas Craigslist Org Dallas
Dover Nh Power Outage
Keci News
Xsensual Portland
Marion City Wide Garage Sale 2023
Scheuren maar: Ford Sierra Cosworth naar de veiling
Craigslist Illinois Springfield
Toothio Login
Rs3 Ushabti
Bj타리
manhattan cars & trucks - by owner - craigslist
Craigslist Efficiency For Rent Hialeah
Taylored Services Hardeeville Sc
Six Flags Employee Pay Stubs
Stolen Touches Neva Altaj Read Online Free
Rust Belt Revival Auctions
Mgm Virtual Roster Login
Rise Meadville Reviews
Drabcoplex Fishing Lure
Agematch Com Member Login
Usf Football Wiki
Manatee County Recorder Of Deeds
Sc Pick 4 Evening Archives
Indiana Jones 5 Showtimes Near Cinemark Stroud Mall And Xd
B.C. lightkeepers' jobs in jeopardy as coast guard plans to automate 2 stations
Bartow Qpublic
Weather In Allentown-Bethlehem-Easton Metropolitan Area 10 Days
Sofia Franklyn Leaks
Penny Paws San Antonio Photos
Uc Davis Tech Management Minor
Yourcuteelena
News & Events | Pi Recordings
Bedbathandbeyond Flemington Nj
Okta Hendrick Login
ESPN's New Standalone Streaming Service Will Be Available Through Disney+ In 2025
Runelite Ground Markers
91 East Freeway Accident Today 2022
Latest Posts
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 6270

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.