October 10, 2016 By Douglas Bonderud 2 min read

Companies are getting savvier about IT spending. Despite rosy forecasts, a recent article from The Wall Street Journal noted that cloud adoption rates are actually trending down. What’s happening?

It’s not an abandonment of the cloud, but rather a refinement. CISOs and IT professionals are now better at distinguishing between what’s truly cloud-based and which providers are simply “cloudwashing” their service. Savvier IT investment also enables fundamental business transformation. As noted by CSO Online, however, this often triggers another response: increased security spending.

Security Spending Spikes

The need for intelligent business transformation makes sense, since companies that can’t keep up with the spread of the Internet of Things (IoT) or otherwise empower mobile users are at a significant disadvantage in global markets.

But adopting new technology doesn’t happen in a vacuum. According to CIO, a recent PwC survey found that 59 percent of C-suite executives plan to increase security spending to help manage new digital challenges. Their top priorities include improved business collaboration (51 percent), securing new business models (46 percent) and securing IoT deployments (46 percent).

The cloud plays a critical role here. While 63 percent of IT departments already run applications and services in the cloud, other business branches, such as marketing, customer service and finance, are starting to catch up. John Pescatore, director of emerging security trends at the SANS Institute, told CSO Online that “the increased use of cloud is having the biggest impact” on security spending.

Transforming Business

Cloud isn’t the only focus for new security investment, however. Security advocate Javvad Malik of AlienVault pointed out to CSO Online that a combination of cloud, mobile devices, API and data is now being used to improve customer service and deliver an “intuitive” experience. As a result, companies are looking for ways to abstract security controls from physical technology while simultaneously reducing consumer risk.

It’s no surprise, then, that new security investments skew toward monitoring, behavioral analysis and awareness tools, which allow companies to monitor and safeguard critical services without limiting day-to-day IT performance. According to the PwC survey, 62 percent now use managed security services and more than half leverage security analytics.

Politics also plays a role in business transformation and cybersecurity spending. As noted by FCW, the U.S. Department of Homeland Security budgeted over $470 million for its National Cybersecurity Protection System, $283 million for a critical infrastructure threat awareness program and $211 million for the National Cybersecurity and Communications Integration Center.

It’s unlikely these predicted budgets will see any reduction, no matter who wins the upcoming election. According to government research firm Govini, the increasing number of cyberthreats are “simply too large to ignore,” FCW reported.

In effect, the federal government faces the same challenge as private business. Digital transformation is a requirement to future-proof corporate systems, but it comes with the unwelcome consequence of increased attack surface, in turn prompting bigger security budgets.

Keeping Pace in a Digital-First World

Smart investments are critical in a digital-first world. As noted above, not all cloud services are truly cloud, and not all service providers are created equal. Simply throwing money at IT security during and after a business transformation won’t solve the problem. Instead, companies need to focus on addressing their most relevant and immediate threats — increased cloud access, ubiquitous mobile use and the development of intuitive customer service portals.

Bottom line? Increased cybersecurity spending is a necessity, but where companies spend that money matters more than how much they spend when it comes to keeping corporate networks safe.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today