2022 cybersecurity spending trends: Where are organizations investing?
IT spending has had its ups and downs over the past few years. 2020 wasn’t a good year. 2021 was a bit better. And in 2022 cybersecurity is expected to be the top area of increased spending, according to an Enterprise Strategy Group (ESG) study released earlier this year.
According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022. Another 29% say cybersecurity spending will be approximately the same as in 2021. The rest (2%) intend to pay less for cybersecurity in 2022 compared to 2021.
“The research shows that cyber threats like ransomware have become a top priority for business executives and boards of directors,” said Jon Oltsik, an analyst with ESG.
These survey results highlight how the recent upsurge in cyberattacks has impacted the IT mindset. Organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation and application development. Sixty-nine percent of organizations plan to increase cybersecurity spending in 2022 compared to 65% for cloud and 62% for AI.
ESG delved further into the reasons for this raised spending on security. Fifty-four percent stated that strengthening cybersecurity and improving resiliency against attacks were the primary business issues driving technology spending at the moment. The threat of impending cyber danger, then, is far more important than other pressing business issues, such as:
- Improving the customer experience (33%)
- Increased employee productivity (32%)
- Enabling digital transformation (31%)
- Improve business processes (28%)
This is a big change from last year when the cloud and digital transformation were considered the highest priorities. But the rise of cybersecurity awareness isn’t difficult to comprehend. When your house or that of a neighbor has been burgled, home security systems suddenly seem like a smart investment. Ransomware has a similar impact. In the ESG survey, a staggering 64% said their organization had paid a ransom to regain access to data, applications or systems. Accordingly, 22% named ransomware defense, protection and remediation as their most important business priority. Another 46% placed it as one of their top five priorities.
Cybersecurity status quo won’t do
“In many cases, status quo solutions won’t do, so organizations need to think in terms of transformative security solutions that add intelligence and automation for improving security efficacy and efficiency,” said Oltsik. “That means plenty of funding in 2022 for security technologies and services that can help to offset this personnel shortage while making the existing staff more productive.”
There definitely is a need to take precautions against ransomware and other potential threats by implementing systems such as threat intelligence, intrusion detection, ransomware prevention, strong backup and patch management. But such systems are unlikely to succeed unless backed by effective user education.
The U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) stresses training and the raising of user awareness as key aspects of organizational security readiness. To reduce the risk of phishing and ransomware attacks, for example, CISA encourages public and private sector organizations to implement best practices, tools and resources to educate people about the various attack vectors and how to avoid falling prey to them.
“Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems,” said CISA Director Brandon Wales. “As the nation — from employers to employees and from teachers to students — is faced with new methods of teleworking and distance learning, it is increasingly important for all of us to be aware of some best practices for staying safe online.”
Addressing the cybersecurity skills shortage
The ESG survey on IT spending added some questions on the skills shortage. Researchers found a distinct parallel between the areas of higher spending and the pain organizations face on the personnel and talent acquisition front.
“The technology areas that top the list for expected spending increases are also ones in which many organizations face a problematic skills shortage, as the demand for skilled workers in those areas continues to outpace the available supply,” said Oltsik.
Those surveyed admitted to severe stress on recruitment and retention of trained IT personnel. More than half of respondents (54%) in the ESG survey said their organization has a shortage of cloud/IT architecture skills. Forty-eight percent said they lacked people with the needed mix of cybersecurity skills.
But the personnel problems are not restricted to security. AI/machine learning skills shortages were present in 36% of organizations. IT orchestration and automation talent was lacking in 37% of businesses. Further areas of skills deficiencies were data analytics, data protection and application development. Oltsik added that only 8% of organizations said they had no IT skills shortages.
Clearly, then, training and certification of personnel is going to have a direct impact on IT spending. Those organizations investing in education are likely to recoup their investment in terms of lowered IT budgets in the years ahead.