With economic uncertainty on the horizon, cybersecurity threats mounting, and the ongoing popularity around distributed work, many of today’s businesses are challenged to build the right security strategy—one that will meet the needs of their current workforce while preparing the business for tomorrow’s challenges. Organizations’ need to effectively mitigate risks is as great as ever, but they’re also concerned with getting the most out of every dollar in their IT and technology budgets for 2023.
To better understand how IT and security decision-makers are meeting these challenges—as well as how they are leaning on managed security service providers (MSSPs) for help—we partnered with global online market research firm Op4G to survey more than 300 cybersecurity professionals tasked with influencing or making purchasing decisions in this field. We wanted to learn about what’s motivating them to invest in managed services, as well as to identify their priorities for the coming year.
It seems that there is still a residual effect coming off of the pandemic as companies are still challenged with the complexity of hybrid work and the ripple effect that supply chain issues has had on IT procurement. Among survey participants, 84% said that the shift to a distributed workforce would have a moderate or significant influence on their organization’s IT security spending in 2023 (with 48% reporting the impact would be significant), and 80% said that supply chain issues would have a moderate or significant impact (with 46% saying significant here). Only 38% said that the looming recession would have a significant impact on their company’s security spending within the next year.
Fears of a recession have had a mixed impact on IT decision makers as some of them are actively reducing spending, whereas others are rushing to secure their IT investments. Respondents indicated that they either planned to accelerate or delay cybersecurity initiatives in response to news that a recession may be coming. Interestingly, the number of companies planning to complete initiatives early – before the onset of a recession – was equal to the number planning to wait until after they understood the potential recession’s impact. Respondents at larger companies were more likely to say they’d “pulled some initiatives forward” than those at smaller companies (53% vs. 41%).
Security stakeholders recognize that no matter what happens in the broader economy, organizations must continue to proactively protect their IT ecosystems if they’re to keep ahead of threats. A majority (55%) of the participants in our survey said that their company’s total cybersecurity budget will be higher in 2023 than it was in 2022. Areas that are likely to see the greatest growth include cybersecurity software and applications (including Software-as-a-Service [SaaS]), where 51% of respondents expect to spend more, and cloud infrastructure and platforms, where 48% of respondents expect to spend more.
Larger companies are more likely to have centralized IT budgets than smaller companies, while both groups are more likely to have adopted an operating expenditures (OpEx) model rather than a capital expenditures (CapEx) within their technology budget.
When asked which challenges were likely to be more pronounced in 2023 than in prior years, survey participants mentioned “hiring qualified IT workers” more often than anything else. Close to half of respondents (44%) mentioned this difficulty, and “hiring qualified security experts” was also near the top, with 38% of respondents highlighting this challenge. “Migrating to the cloud” was another often-cited challenge, with 42% of survey participants listing it among their top concerns for 2023.
A full 50% of the respondents to our survey stated that experiencing a cybersecurity incident that would result in significant revenue loss for the organization was among their top concerns, while 47% mentioned reducing security vulnerabilities was theirs. The lesson is clear: cybersecurity decision-makers aren’t always confident that their organizations’ current investments in security capabilities and services are enough to prevent a devastating breach and the financial fallout that could result.
Among survey participants, 39% listed malware as a concerning threat, 37% mentioned ransomware and 37% indicated that data loss was among their chief concerns. These worries are hardly surprising. After all, research reveals that even while malware infection rates have trended down since 2020, ransomware attacks continue to disrupt business operations and damage victims’ reputations, and cybercriminals are leveraging thornier tactics like software supply chain attacks that are harder to block and detect. No matter how well prepared an organization may be, these attacks have the potential to be devastating, especially if an organization doesn’t have robust detection and incident response capabilities at the ready.
The biggest reason that companies who are currently leveraging managed security services have turned to their providers for help is that they want to stay ahead of new threats and to keep up with the latest trends. Another reason that they’re turning to MSSPs: network oversight and security monitoring that’s available 24x7x365. Among organizations that are considering MSS, gaining access to security coverage that’s there at all times of day and night is among their top priorities.
In fact, a full 50% of the respondents to our survey said that if a recession took place, they’d be more likely to consider or leverage managed IT services. And 16% said they’d be much more likely to consider it. Why? It’s clear that the value that managed services can provide—including 24/7 access to expertise that’s in short supply, protection against sophisticated and advanced threats, and strategic guidance—is worthwhile, even when an organization is facing headwinds in the broader economy.