Increased Regulation And Threats Are Driving CISO Spend in 2023

According to PwC, 65% of executives expect to grow their cybersecurity spending in the near term as 50% of businesses say they are most worried about a “catastrophic cyber attack”, ahead of recession, inflation, supply chain issues and geo-political conflicts, to name a few and simultaneously reacting to a new regulation landscape where only 9% feel highly confident that they can effectively manage to all the new requirements and disclosures.
Of the threat scenarios, executives say they expect the following types of attacks to increase in 2023:

  • 33% – Business email compromise / Account takeovers
  • 32% – Ransomware
  • 31% – Attacks against cloud management interfaces
  • 30% – Hack-and-leak operations
  • 29% – Third-party breach

To combat these threats, organizations surveyed say spending in 2023 will be focused on the following top strategies:

  • 39% – Technology solutions
  • 37% – Coordination with engineering / OT teams
  • 36% – Upskilling and hiring of cyber talent
  • 33% – Governance, risk and compliance

I have two views on this. The first is from Roy Akerman, Co-Founder & CEO, Rezonate:

   “As we learn from the study, securing identities remains a top priority for security teams. With the increasing number of identities to manage, both human and machine, the attack surface is continuously growing, the infrastructure is constantly changing, and ownership is distributed across different teams.

   “Attackers can exploit identity gaps and gain access faster than security teams can respond. This change requires a change in approach as well as the introduction of new tools. Technologies that go beyond visibility to provide a complete understanding of enterprise-wide identities, their behaviors, potential gaps and can stop active attacks to truly reduce cybersecurity risk.”

The second is from Byron Rashed, Sr. Director, SCYTHE:

“Cyber attacks have increased in volume and sophistication over the past few years and now more than ever C-Levels are focusing on mitigating these risks since they are now viewed as a true business risk. Non-compliance, reputation damage, liabilities, litigations and decreased revenue are all issues that arise if the organization suffers a successful cyber attack. Executives are becoming more aware of the holistic approach to combat cyber threats and are now realizing how important it is to have a high cyber security posture within their organizations.”

I am glad that businesses are finally getting the message that they have to spend money in order to protect themselves. Businesses for too long have tried to fly under the radar when it comes to cybersecurity. And that approach appears to finally be changing.

Leave a Reply

%d bloggers like this: