October 10, 2016 By Douglas Bonderud 2 min read

Companies are getting savvier about IT spending. Despite rosy forecasts, a recent article from The Wall Street Journal noted that cloud adoption rates are actually trending down. What’s happening?

It’s not an abandonment of the cloud, but rather a refinement. CISOs and IT professionals are now better at distinguishing between what’s truly cloud-based and which providers are simply “cloudwashing” their service. Savvier IT investment also enables fundamental business transformation. As noted by CSO Online, however, this often triggers another response: increased security spending.

Security Spending Spikes

The need for intelligent business transformation makes sense, since companies that can’t keep up with the spread of the Internet of Things (IoT) or otherwise empower mobile users are at a significant disadvantage in global markets.

But adopting new technology doesn’t happen in a vacuum. According to CIO, a recent PwC survey found that 59 percent of C-suite executives plan to increase security spending to help manage new digital challenges. Their top priorities include improved business collaboration (51 percent), securing new business models (46 percent) and securing IoT deployments (46 percent).

The cloud plays a critical role here. While 63 percent of IT departments already run applications and services in the cloud, other business branches, such as marketing, customer service and finance, are starting to catch up. John Pescatore, director of emerging security trends at the SANS Institute, told CSO Online that “the increased use of cloud is having the biggest impact” on security spending.

Transforming Business

Cloud isn’t the only focus for new security investment, however. Security advocate Javvad Malik of AlienVault pointed out to CSO Online that a combination of cloud, mobile devices, API and data is now being used to improve customer service and deliver an “intuitive” experience. As a result, companies are looking for ways to abstract security controls from physical technology while simultaneously reducing consumer risk.

It’s no surprise, then, that new security investments skew toward monitoring, behavioral analysis and awareness tools, which allow companies to monitor and safeguard critical services without limiting day-to-day IT performance. According to the PwC survey, 62 percent now use managed security services and more than half leverage security analytics.

Politics also plays a role in business transformation and cybersecurity spending. As noted by FCW, the U.S. Department of Homeland Security budgeted over $470 million for its National Cybersecurity Protection System, $283 million for a critical infrastructure threat awareness program and $211 million for the National Cybersecurity and Communications Integration Center.

It’s unlikely these predicted budgets will see any reduction, no matter who wins the upcoming election. According to government research firm Govini, the increasing number of cyberthreats are “simply too large to ignore,” FCW reported.

In effect, the federal government faces the same challenge as private business. Digital transformation is a requirement to future-proof corporate systems, but it comes with the unwelcome consequence of increased attack surface, in turn prompting bigger security budgets.

Keeping Pace in a Digital-First World

Smart investments are critical in a digital-first world. As noted above, not all cloud services are truly cloud, and not all service providers are created equal. Simply throwing money at IT security during and after a business transformation won’t solve the problem. Instead, companies need to focus on addressing their most relevant and immediate threats — increased cloud access, ubiquitous mobile use and the development of intuitive customer service portals.

Bottom line? Increased cybersecurity spending is a necessity, but where companies spend that money matters more than how much they spend when it comes to keeping corporate networks safe.

More from

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today