Cyber budgets are set to increase 59 percent year-over-year, according to an independent Ponemon Institute survey of 650 IT and cybersecurity professionals.
Optiv, a cyber advisory firm, published its 2024 Threat and Risk Management Report based on survey results.
The report examines how organizations’ cybersecurity investments and governance priorities are keeping up with an evolving threat landscape.
Of organizations with more than 5,000 employees, 63 percent had an average of $26 million allocated to cybersecurity investments in 2024.
There has been a significant rise in data breaches and security incidents, with 61 percent of respondents experiencing a data breach or cybersecurity incident in the past two years, and 55 percent of respondents experiencing four or more incidents in that timeframe.
“Cyber incidents are not slowing down, which means organizations must work at a speed above those of the threat actors attacking their environments. As we see security budgets increasing, many organizations are also recognizing the need to make smart investments in process and governance assessments to ensure compliance,” says Jason Lewkowicz, executive vice president and chief services officer at Optiv. “Establishing a more consistent, strategic approach to security technology, process and people management will be essential for organizational risk management and resilience.”
With more focus on data protection there is a sense of security tool overload, the report stated, with 40 percent of respondents believing they have too many, hindering overall effectiveness.
By contrast, only 29 percent feel that they have the right number of tools, underscoring the need “for a strategic approach to cybersecurity investment, focusing on streamlining existing tools and ensuring a seamless technology stack integration,” the report stated.
The top three areas of investment for 2024 cybersecurity budgets are internal security assessments (60 percent), identity and access management (IAM) programs (58 percent), and the acquisition of additional cybersecurity tools (51 percent).
Despite increasing budgets, only 36 percent of respondents have a formal approach to determining cybersecurity budgets. The lack of formal budgeting practices can lead to inefficiencies and missed opportunities to address critical security gaps, Optiv said.
The report found that the use of security orchestration automation and response (SOAR) technology is increasing, with 73 percent of respondents leveraging SOAR to automate incident response activities.
Artificial intelligence (AI) and machine learning (ML) capabilities are another growing focal area for cybersecurity organizations searching for ways to accelerate their threat detection, prevention and process automation capabilities to keep up with threats utilizing these capabilities.
The report found that more companies are leveraging AI in the form of use and prevention:
- 44 percent of respondents use AI/ML to prevent cyber attacks.
- 35 percent purchased use-case specific tools.
- 31 percent use existing tools.
- 34 percent use automated processes and audits.
“Our independent research for Optiv reveals the positive steps organizations are taking to reduce risk, while also addressing the challenges they face in the evolving cyber threat landscape,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Part of the complexity organizations continue to face in dealing with threats is due to the number of ineffective technology tools. Recognizing this, IT professionals and senior leadership are becoming more cognizant of the importance in strengthening their security posture, resulting in the increase of cybersecurity budgets and allocating funds based on proven effectiveness in reducing security incidents.