CISOs Report Rising Cyber Budgets as Threats Rise

By Dave DeWalt, Founder and CEO, NightDragon

As our digital age continues to expand and become ubiquitous across every piece of our life, it has become inevitable that cyberattacks continue to expand. Attackers continued to target healthcare, retail, casinos and other verticals with ransomware, bots, supply chain attacks, and other forms of attack, while geopolitical tensions continued to heighten cyber risk around the world, most recently with the recent outbreak of the Israel-Hamas war.

On the front lines of these continued challenges are Chief Information Security Officers (CISOs) and their teams, who are charged with defending the organization from attack. This is an essential job, one that is expanding in responsibility as threats rise and expand across both digital and physical systems. For a sense of scale of the challenge at hand, there are an estimated 32,000 CISOs globally fighting against cyberattacks that occur on average every 39 seconds.

The good news is that the vast majority of CISOs are reporting rising budgets for cyber technology. Nearly 80% of CISOs said their budgets increased or significantly increased from 2022 to 2023, up from 66% last year, according to a recent NightDragon survey of CISOs from leading organizations. This trend shows the continued importance of cyber budgets as part of the overall business. While other budgets may be feeling the long tail of the economic downturn we’ve experienced in the last few years, cyber budgets appear to be one area that remains resilient.

CISOs reported spending on areas to manage ongoing threat categories, such as ransomware resiliency, threat detection, cloud security, and endpoint security. However, they also reported investing in new emerging categories, such as artificial intelligence, identity, operational technology security and more. They also reported leveraging budget to expand the team and enhance existing skill sets, something that is essential to successful implementation of technology.

We continue to see the ripple effects of these trends cascading across the market. Government, for example, is engaging in new regulations that could drive further spending, as well as initiatives like Secure by Design and efforts around AI that could shape how we develop and leverage new technologies. Additionally, we are seeing the same trends play out in global markets and in how vendors and startups go to market.

It's clear that the cybersecurity landscape will continue to evolve with new upcoming threats around elections, bots, artificial intelligence, ransomware and more. Damages from cyberattacks are now expected to reach $10.5 trillion by 2025, according to Cybersecurity Ventures, and continue to expand in scale and scope. In short: a world of heightened cyber risk appears to be our new permanent reality. It is encouraging to see our world’s cyber leaders increasing their defenses of our most essential assets and fighting back against bad actors wishing to do harm.

Will this trend continue into 2024? The vast majority of CISOs said they expect their budgets to increase again in the current year, with 80% reporting growing budgets, up from 67% last year. This suggests that we can expect cybersecurity to remain a priority for businesses in years to come as they recognize the importance of mitigating risk towards long term organizational health and success. As an investor, that gives me great optimism, but also as a long-term cybersecurity industry professional, it gives me hope for a bright and secure future together as an industry.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Technology