This year's RSA Conferencewhich The survey, held in early May, served as both a scorecard of how the cybersecurity industry will perform in the first half of 2024 and a handy guide to where things will be heading over the next six months.
Experts and stakeholders at the San Francisco event agreed that three issues will drive the cybersecurity conversation for the rest of the year: Security budgets and the leaders who manage them will continue to come under pressure while organizations increase investments in artificial intelligence, while at the same time, costs associated with data breaches and other cyber threats will continue to rise.
“Cybercrime and cyberattacks are on the rise, but security budgets aren't keeping up. To make matters worse, many organizations are seeing budget cuts as a result of poor business performance,” said Dave Gerry, CEO of Bugcrowd, which helps organizations crowdsource vulnerabilities.
These overlaps will likely impact the cybersecurity industry for the remainder of 2024 and possibly into early 2025, so tech and security professionals in particular will need to adjust their skills and outlook to stay ahead in the market. Technology Labor Market It remains unstable.
“The rising costs of data breaches combined with shrinking security budgets are having a major impact on the marketplace, as well as on the staff supporting organisations who are facing cuts,” said George Jones, CISO at Critical Start.
Several cybersecurity experts and industry players attending this year's RSA conference shared their insights with Dice on the three factors of budgets, AI, and breaches, how they're impacting the industry, and how tech and cybersecurity professionals should view their career options in the coming months.
Budget and Cybersecurity Impacts
Over the past decade, cyber threats have increased (and companies' reputations have risen or fallen depending on their response) and cybersecurity budgets have grown, but that has changed in 2022 and 2023 due to inflation, interest rates, and vendor consolidation. The Wall Street Journal The September report put the average security budget increase for 2023 at about 6%, but many security leaders noted their budgets have remained flat or been cut.
It's a trend that continues to grow as security leaders face pressure to cut spending and consolidate vendors, while at the same time, technology and security professionals are tasked with protecting their platforms and systems. Including cloud and AI technologies It is increasingly being used in enterprises.
“At this year's RSA conference, it became clear that achieving cyber resilience is not just a collective goal, but a critical necessity, especially given ongoing budget constraints,” said Jagdish Mahapatra, chief revenue officer at security company ColorTokens. “In conversations with customers and partners, the challenge of balancing limited security budgets with rising cyber incident costs came up repeatedly. It's clear that addressing these financial hurdles is essential to maintaining a robust cybersecurity posture and avoiding further costly expenses from a potential breach.”
In an era of budget cuts and spending reductions, CISOs and their security teams must demonstrate the business importance of their investments, whether in technology or people.
“Protecting the business is a CISO's number one concern, but in this macro environment, CISOs must continue to adapt to demonstrate their value as business enablers and further their mission of protecting customers and the company,” Bugcrowd's Gerry added. “Over the next decade, I believe CISOs will be elevated to equal status with their business colleagues and will be seen as enablers of revenue growth and protection rather than cost centers.”
AI Investments Increase Cyber Liability
For nearly two years now, the entire cybersecurity industry has been inundated with product pitches and promises about AI and generative AI tools, software, and platforms. While businesses and even government agencies are eager to invest in AI, Technology risks Learn about your enterprise infrastructure, networks, and data, and how bad actors are using them.
Nevertheless, the market continues to grow IDC Estimates Generative AI Spending It is expected to reach about $40 billion in 2024 and surpass $150 billion three years later.
At the RSA conference, experts noted that security teams are facing concerns about how to secure the AI technologies that business units are beginning to explore and adopt. At the same time, security leaders are making plans to demonstrate how these platforms can automate many routine cybersecurity tasks.
“By implementing technology that empowers IT and security teams, they can stay ahead of threats, even with budget constraints. The solution is not just adding more tools or more talent, but a strategic shift to a data-driven approach,” said Chris Morales, CISO at Netenrich.
In the coming years, Morales and his colleagues predict that AI will not only change the skills needed in cybersecurity, but also fundamentally alter the way technology professionals approach security.
“This approach empowers IT and security professionals to extract greater value from existing investments while enhancing the working environment for security and operations teams,” Morales added. “By investing in AI-enabled security technologies and transforming security operations centers, CISOs and CIOs within their organizations, they can build a resilient security posture that supports broader business objectives while addressing the root causes of security burnout.”
Speaking with cybersecurity experts at the expo, Piyush Pandey, CEO of security firm Pathlock, said he recommends that organizations take a risk-based approach focused on addressing vulnerabilities and threats that directly impact the business. From there, security teams can deploy AI-based tools as needed.
“This often means investing in identity and application access control, focusing first on core business applications that house critical and sensitive data,” Pandey notes. “This approach allows you to effectively allocate limited resources and mitigate risks where they have the most impact. Incorporating automation and AI-driven capabilities into your access governance strategy can improve the efficiency and effectiveness of your security operations, further mitigating the impact of budget cuts.”
Violations and costs: a major concern
The costs of responding to and mitigating data breaches and other threats continue to rise as organizations seek to reduce or flatline cybersecurity budgets while increasing investments in AI.
In 2023, IBM Security Estimates Data breaches cost an average of $4.35 million per incident, up 3% from last year, and at the RSA conference, several recent attacks demonstrated how costs associated with threats and breaches can spiral out of control.
Decreasing or flat cyber budgets as a result of rising data breach costs, combined with executive focus on AI, will leave organizations less able to address vulnerabilities and threats. This won't just affect technical experts, but the entire workforce, who will be less trained and prepared, said Critical Start's Jones.
“The impact of shrinking cybersecurity budgets can leave organizations more vulnerable and limit employee training and development. The combination of these factors can result in staff not staying up to date on the latest threats and defenses, increasing organizational risk, increasing the likelihood of exploitation, and making organizations more vulnerable to attack,” Jones said. “When you add to this the rising costs of a data breach, including direct and indirect financial costs, regulatory and compliance fines, legal fees and litigation costs, and reputational damage, the impact can be devastating.”
One way to communicate the cost of data breaches and other threats is for security teams to explain these incidents in business terms so the rest of the organization, especially leadership and C-level executives, can understand the consequences.
“Cybersecurity is a critical component of overall business resilience and trust. Additionally, security burnout has reached critical levels in the cybersecurity community, particularly for security analysts and managers responsible for an organization's security operations,” said Morales. “This burnout is primarily due to an increase in security events, exacerbated by a skills shortage and the complexity of managing these new threats.”
