Main Menu

Budgets are tightening in 2023: It’s time to streamline security

Last Modified: February 28, 2023

As important as cybersecurity is to today’s organizations, it’s not immune to the gathering macro-economic storm clouds. New research reveals that in many businesses, budgets may be flatlining, or even declining. That’s bad news for IT and security leaders faced with an increasingly forbidding set of circumstances. Unfortunately, the cybercrime community does not have the same budgetary constraints. It continues to collaborate, innovate, and probe for weaknesses wherever it can find them.

For IT bosses, the way to cope with these twin pressures may be to revisit vendor relationships. If business leaders want efficiency, productivity, and fiscal discipline, the best way to deliver without compromising on security may be to consolidate onto fewer products and suppliers.

Time to tighten the purse strings

The economic outlook for most of the world is pretty gloomy for the coming year. The IMF recently revised down its growth forecast to 2.9% for the year, although it drops even further (to 1.2%) for advanced economies. In big European markets like France, Germany, Italy, and the UK, GDP is not predicted to exceed 1% this year, and some economies may even dip into recession. High inflation and interest rates are hitting businesses where it hurts, especially the surging cost of energy. And the same macro-economic factors are also depressing consumer spend.

This matters for IT security leaders already struggling to secure an expansive attack surface and ensure digital transformation projects do not expose their organization to excessive risk. Recent research reveals that only half (49%) of organizations in EMEA and the U.S. believe they have sufficient budget to meet current requirements. Worse still, 11% claim they only have enough to protect their most critical assets, while 35% believe budgets will stay the same or decline in 2023.

The report claims that these budget constraints are coming despite most IT respondents appreciating that their C-suite understands the gravity of the cyber threat and that cuts to spending may impact digital transformation. It would seem to indicate that no amount of pleading with the business will release more funds.

The challenge is particularly acute for SMBs. Separate research from late 2022 revealed that over half (56%) of smaller businesses in the U.S., UK, and Australia are concerned about budget cuts.

Threats keep coming

They’re right to be. Even if budgets were to stay flat, they might not be enough to mitigate the challenges many face today. They are broadly two-fold:

  1. An advanced cybercrime underground where it has become child’s play to source the tools and services needed to launch fairly sophisticated threats. Just witness the growth of ransomware-as-a-service — which still impacts more SMBs than large organizations.
  2. A growing corporate attack surface, expanded by pandemic-era investments in cloud computing and a shift to hybrid working. One study finds 43% of global firms are afraid their attack surface is “spiralling out of control.”


For these and other reasons, potentially business-critical breaches continue to occur on a regular basis. Over a quarter (27%) of global CFOs have suffered a significant data breach in the past three years, costing their organization over $1 million, according to PwC. In fact, the global average cost of a breach now stands at nearly $4.4 million. Of those polled by PwC in the UK, around a quarter expect threats to increase significantly this year, with ransomware, “hack and leak” attacks, cloud-based threats, and business email compromise (BEC) among those they’re most concerned about.

More with less

All of which suggests that SMB IT leaders need to start thinking about ways to make more of the limited resources at their disposal. On the one hand, this shouldn’t be too much of a break from the norm — even during the boom years small businesses had to optimize their resources in a way their larger counterparts perhaps did not. However, the current economic backdrop may require more discipline still.

According to one study, the majority of SMBs have fewer than five people working on cybersecurity. Half spend less than $20,000 annually on the function, with only a tenth shelling out more than $50,000 per year. So how can they do more with less? Vendor consolidation, where appropriate, may be a relatively quick win. Even SMBs may have found they’re running a surfeit of tools bought to fix specific problems or acquired during M&A activity over the years.

Yet potentially overlapping point solutions are bad for several reasons. They can:

  • Create security coverage gaps due to siloed data
  • Add management overheads for stretched IT teams, which have to learn how to use each tool
  • Add costs, in terms of additional licenses that may not be required
  • Be a poor fit for modern, dynamic cloud environments



    • By consolidating more of their security on fewer vendors, IT security leaders could reduce these costs without compromising on threat defense. They may even find that a more platform-based approach enhances their ability to see and manage risk. Combined with low-cost cyber-hygiene best practices, this approach could help organizations to weather the economic storm and emerge in even better shape on the other side. Even Gartner is talking about it.

    Related Articles.

    Secured.22: Optimize SD-WAN and SASE adoption
    The need for Barracuda Cloud-to-Cloud Backup for Microsoft 365
    Five security trends to look out for in 2023
    aBarracudaSolutions.com.au is a division of Attainable Cyber Solutions Pty Ltd, an authorised Barracuda Networks online reseller.
    Facebook-f Twitter Linkedin-in

    Quick links

    Support

    Subscribe

    Subscribe to email alerts. We promise not to spam your Inbox

    Copyright @2023 | All Right reserved

    Search Products