Panaseer, a leader in security posture management powered by Continuous Controls Monitoring (CCM), launched its report on Cybersecurity Optimization for 2023. The survey of over 400 cybersecurity decision makersย and practitioners across theย USย andย UKย identifiedย nearly one-thirdย have concerns around a lack of security skills and lack of security training budget, andย over one-quarterย are worried about low security team headcount and low overall security budget. Yet adoption of processes to ease these concerns remains slow, asย more than three-quartersย of respondents express concerns that approaches like vendor consolidation will negatively impact security posture.
It is estimated there will be aย skills gapย ofย 3.5 millionย unfilled positions in cybersecurity by 2025 and at the same time, enterprises across the technology and cyber industries have been forced to make significant cutbacks andย lay-offsย inย 2023.Despite an average cybersecurity budget increase ofย 29%ย in 2023, respondents to theย Panaseerย survey say they need a furtherย 40%ย rise to be confident in their ability to mitigate security risks. With this,ย more than halfย would spend money on hiring more security specialists, shortly followed by investment in security awareness training (50%) and upskilling security teams (44%).
CIO INFLUENCE: Top Challenges for CTOs in 2023
“This requirement for more investment may be a result ofย 35%ย of cyber budgets not going towards improving security posture and therefore possibly being considered as wasted. The true figure could be even higher than this, and I’m doubtful that the remaining 65% is being spent on strategicย risk reduction, even in largeย financial sectorย organizations,” statesย Andreas Wuchner, Field CISO atย Panaseer. “The worry is the impact this is having on security posture:ย 74%ย of respondents to our survey stated their ability to manage cybersecurity posture in their organization is being negatively impacted by a lack of security resources. But the answer is not simply finding more people. Instead, we need to look at where technology can be optimized, where automation can ease workload, and where consolidation can reduce complexity and enable aย single source of truthย across theย IT infrastructure.”
Gartnerย foundย three timesย as many organizations were pursuing consolidation in 2022 than were in 2020 and, according to theย Panaseerย survey,ย 86%ย of organizations are currently consolidating their security stack.Anxiety is evident around the consequences of consolidation given thatย 35%ย ofย USย respondents are very concerned, along with almost 1 in 5 (18%) in theย UK. However, it seems fears don’t match reality. Onlyย 19%ย of those that haven’t started the process of vendor consolidation expect it would improve their security posture, yetย 42%ย whoย haveย begun this journey are now seeing a measurable improvement.
CIO INFLUENCE: General Data Protection Regulation (GDPR) Anniversary
Further automation required to support regulation
Theย Panaseerย report found that automation is more commonplace than consolidation in easing industry concerns:ย 96%ย automateย at least one aspect of their cybersecurity. According toย Marie Wilcox, VP of Marketing atย Panaseer and Board Memberย at theย Chartered Institute of Information Securityย (CIISEC), “This is hugely positive given automation’s role in compliance with evolving legislation.Alongside more stringent mandates in theย USย National Cybersecurity Strategy around MFA and EDR, and proposals from theย Securities and Exchange Commission (SEC)ย for cyber risk disclosure, theย EU‘s Digital Operational Resilience Act (DORA) requires thatย financial servicesย organizations continuously monitor their security and IT systems and tools.To make this possible, automation will be crucial.”
In general, regulation is being welcomed by cybersecurityย decision-makersย and practitioners. Three quarters of respondents (74%) believe there will be a positive effect on their ability to manage security posture due to new regulations. In theย US,ย 35%ย see regulation as extremely positive, compared toย 12%ย in theย UK. Yet while 82%ย are confident they’re able to meet deadlines for compliance,ย 49%ย still mostly or solely rely on manual,ย point-in-timeย audits.
Onlyย 5%ย rely solely on continuously auditing using automation to demonstrate compliance, indicating the scale of change that needs to occur. It is possible that more budget needs to be given to enable automated processes. Fortunately,ย 80%ย of respondents state they have an explicit budget line item for monitoring the effectiveness of security tools, which may include a CCM solution to turn data into powerful insights and replace manual processes with automation.
CIO INFLUENCE: Nextira Selected by Ansys Technology Partner Program to Support Customers Implementing Ansys Gateway Powered by AWS
[To share your insights with us, please write toย sghosh@martechseries.com]
