October 10, 2016 By Douglas Bonderud 2 min read

Companies are getting savvier about IT spending. Despite rosy forecasts, a recent article from The Wall Street Journal noted that cloud adoption rates are actually trending down. What’s happening?

It’s not an abandonment of the cloud, but rather a refinement. CISOs and IT professionals are now better at distinguishing between what’s truly cloud-based and which providers are simply “cloudwashing” their service. Savvier IT investment also enables fundamental business transformation. As noted by CSO Online, however, this often triggers another response: increased security spending.

Security Spending Spikes

The need for intelligent business transformation makes sense, since companies that can’t keep up with the spread of the Internet of Things (IoT) or otherwise empower mobile users are at a significant disadvantage in global markets.

But adopting new technology doesn’t happen in a vacuum. According to CIO, a recent PwC survey found that 59 percent of C-suite executives plan to increase security spending to help manage new digital challenges. Their top priorities include improved business collaboration (51 percent), securing new business models (46 percent) and securing IoT deployments (46 percent).

The cloud plays a critical role here. While 63 percent of IT departments already run applications and services in the cloud, other business branches, such as marketing, customer service and finance, are starting to catch up. John Pescatore, director of emerging security trends at the SANS Institute, told CSO Online that “the increased use of cloud is having the biggest impact” on security spending.

Transforming Business

Cloud isn’t the only focus for new security investment, however. Security advocate Javvad Malik of AlienVault pointed out to CSO Online that a combination of cloud, mobile devices, API and data is now being used to improve customer service and deliver an “intuitive” experience. As a result, companies are looking for ways to abstract security controls from physical technology while simultaneously reducing consumer risk.

It’s no surprise, then, that new security investments skew toward monitoring, behavioral analysis and awareness tools, which allow companies to monitor and safeguard critical services without limiting day-to-day IT performance. According to the PwC survey, 62 percent now use managed security services and more than half leverage security analytics.

Politics also plays a role in business transformation and cybersecurity spending. As noted by FCW, the U.S. Department of Homeland Security budgeted over $470 million for its National Cybersecurity Protection System, $283 million for a critical infrastructure threat awareness program and $211 million for the National Cybersecurity and Communications Integration Center.

It’s unlikely these predicted budgets will see any reduction, no matter who wins the upcoming election. According to government research firm Govini, the increasing number of cyberthreats are “simply too large to ignore,” FCW reported.

In effect, the federal government faces the same challenge as private business. Digital transformation is a requirement to future-proof corporate systems, but it comes with the unwelcome consequence of increased attack surface, in turn prompting bigger security budgets.

Keeping Pace in a Digital-First World

Smart investments are critical in a digital-first world. As noted above, not all cloud services are truly cloud, and not all service providers are created equal. Simply throwing money at IT security during and after a business transformation won’t solve the problem. Instead, companies need to focus on addressing their most relevant and immediate threats — increased cloud access, ubiquitous mobile use and the development of intuitive customer service portals.

Bottom line? Increased cybersecurity spending is a necessity, but where companies spend that money matters more than how much they spend when it comes to keeping corporate networks safe.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today