The 2023 Security Priorities study reveals that 88% of security leaders believe their organizations are falling short when it comes to addressing cyber risk. However, security leaders are making efforts to address their challenges by investing in new technology, increasing security budgets, and adopting AI, while also recognizing the importance of engaging with their board of directors to address security concerns effectively.

Most security leaders, 85%, report regular or frequent engagement with their board of directors. Nearly half meet with the board one or more times a month. One reason this communication has become more frequent may be that 25% of security leaders now report directly to the board, which is up from 20% a year ago. More security leaders have also centralized operations to unify and coordinate all security technologies and improve the organization’s threat detection, response and prevention. Ninety-one percent of organizations have a security operations center, either in-house or outsourced, or plan to add one.  

These are all main points in Foundry’s 2023 Security Priorities study which explores the various security projects organizations are focused on now and in the coming year, challenges, budget drivers, and investment plans. A total of 790 security leaders from North America (49%), EMEA (18%) and APAC (33%) provided their feedback.

Key takeaways:

  • Top security priorities for 2023 include being appropriately prepared to respond to security a incident, improving the protection of confidential data, and upgrading security to boost corporate resiliency.

  • Challenges faced by security leaders include meeting governance and compliance regulations, budget constraints, employee awareness & training, and IT audits.

  • 98% of security leaders expect their organization’s overall security budgets to either increase or remain stable over the next 12 months. They plan to increase their spending in many areas, such as authentication, data analytics, cloud data protection, and cyber risk insurance.

  • Artificial intelligence is being leveraged in security technologies by 67% of security leaders. They are leveraging it in threat detection, malware detection, automated alerts, and real-time risk prediction. 72% of security leaders report they have already seen the benefits from AI-enabled security tech.

  • Investment in cyber insurance policies is on the rise, with some organizations considering them a necessary part of risk management. 58% of security decision-makers have cyber risk insurance on their radars, and 58% are already using it.

View the sample slides below for additional insight and download the full report to better understand and engage with security leaders as they build out their strategies in 2023 and beyond. 

Click to enlarge

Security related blogs

How do security leaders view AI and cyber risk insurance?

Blog written by Foundry’s Enterprise Consulting Director, Bob Bragdon, shares key takeaways from the 2023 research and explores security leaders’ emerging concerns, such as the viability of cyber risk insurance, and the transformative impact of artificial intelligence. Continue reading.

The evolving challenges and growing risks of the CISO

It has never been more challenging to be a chief information security officer. But it has also never been a more important role to successfully manage business risk. Gather insights from Foundry’s research and industry insights in this comprehensive blog.


About the research

Foundry’s 2023 Security Priorities Study was conducted among the audience of five Foundry brands (CIO, Computerworld, CSO, InfoWorld and Network World). The survey was fielded online to gain a better understanding of the various security projects organizations are focused on now and in the coming year. The research also explores the issues that will demand the most time and strategic thinking for IT and security teams, as well as the investments security executives are expecting to make. Results are based on 790 global respondents who are involved in IT and/or corporate/physical security decisions.