Like many industries today, security departments are short staffed and struggling to fill their open headcount with skilled employees. This also comes at a time where cybersecurity attacks continue to be at the forefront and IT and business leaders recognize the drastic effects these have for their organization, especially when not readily equipped to tackle. Skills gaps, security incidents and more – these are all main points in Foundry’s 2022 Security Priorities study which explores the various security projects organizations are focused on now and in the coming year, challenges, budget drivers, and investment plans, to name a few. A total of 872 security leaders from North America (55%), EMEA (18%) and APAC (27%) provided their feedback.

A majority of the survey questions are asked on an annual basis to gain a better understanding of how security priorities and trends are changing year over year, however a few new questions were added to the mix this year. While reporting to the Board of Directors has also been measured, results this year found that 82% of top IT security executives have regular engagement with the board (at least once a quarter to multiple time a month). This supports the fact that security is recognized as a business need and concern that needs to be addressed. But there is still work to be done.

Ninety percent of security leaders believe their organization is falling short in addressing cyber risk, specifically when it comes to convincing all parts of the organization of the severity of the risks and investing in enough resources to address the risks. To overcome these obstacles, security leaders are prioritizing becoming prepared to respond to security incidents, upgrading their IT and data security, and improving the security awareness among their end-users.

Read on for more key data points from the 2022 Security Priorities Study:

Key Takeaways:

  • 87% of security leaders are aware of what caused their security incidents in the past year, with the majority saying they are due to non-malicious user error (34%.)

  • When asked what security-related challenges are most often forcing leaders to redirect their time, meeting the demands of regulatory compliance is at the top (28%), next to employee awareness and training issues (27%), and unanticipated business risks (25%.)

  • To overcome their challenges, security leaders continue to allocate a significant amount of their overall IT budget to security – an annual average of $65 million. This number increases for enterprises to $122 million and decreases for small businesses at $16 million. The small business budget has tripled from 2020 from $5.5 million.

  • Security leaders are researching various technologies to spend their budget on and to help them mitigate corporate risk. The top 5 are: SOAR (34%), Zero Trust technologies (32%), SASE (32%), deception technologies (30%), and ransomware brokers (30%.)

  • For risk protection, about half of respondents now hold a cyber insurance policy or policies. On a scale of 1 (least satisfied) to 10 (most satisfied), respondents’ average rating of the cyber insurance process is 7.9 —a number that would indicate high satisfaction with this coverage overall.

View the sample slides below for additional insight and download the full report to better understand and engage with security leaders as they build out their strategies in 2023 and beyond. To request a meeting with a Foundry sales executive to walk through the full study, please complete the form to the right.