Most cybersecurity investments aren’t used to their full advantage

While organizations are slashing budgets across other departments, IT and security budgets are growing to address evolving IT infrastructure and rising threats from new tactics such as AI-based attacks, according to Axonius.

Budget growth in IT and security

In fact, 74% of IT and security decision makers said their organization’s IT or security budget increased compared to the year prior, and 63% said their organization’s IT or security team headcount increased. However, for those that did see decreases in either budget or headcount, they reported severe impacts: 51% said their organization experienced an increase in security risks, and 49% experienced an increase in attacks or vulnerabilities.

“Cybersecurity is critical, even in times of economic uncertainty – as clearly evidenced by our research,” said Dean Sysman, CEO at Axonius. “But an increase in budget or headcount won’t solve all your problems. While you might find yourself with more tools to get the job done, the reality is that most security investments aren’t used to their full advantage. As we head into 2024, where it’s likely security budgets could increase again, it’s important for organizations to focus on optimizing their resources rather than wasting them.”

For survey respondents, the answer to optimization appeared in the promise of artificial intelligence. 76% of IT and security decision makers said their organizations are spending more on AI/ML compared to 12 months ago, and 85% of respondents said they were interested in applying AI in their organization’s IT and security operations in the coming year.

Generative AI raises concerns

For many organizations, the attractiveness of AI lies in being able to keep pace with cybersecurity workload. 39% of IT and security decision makers whose organizations have reduced their IT or security headcounts in the last 12 months say their organizations have adopted AI-based tools to streamline tasks to keep pace with workload in light of reduced headcounts.

“AI might be able to free up practitioners from more menial tasks, but the reality is that AI in its current form still comes with a lot of inaccuracies and errors that need to be corrected by a human,” continued Sysman.

This belief might also be why 72% of IT and security decision makers reported being concerned about the potential adverse effects of generative AI (e.g., ChatGPT) on their organization’s cybersecurity. Generative AI might not be able to stand in for an actual human practitioner, but it can write a very compelling phishing email.

For years, burnout has been a concern for cybersecurity professionals. But research found 66% of IT and security decision makers say they are not experiencing burnout at work and 40% report they are feeling less burned out today than they did a year ago.

Even with increasing budgets, cost optimization remains a top priority for IT and security decision makers globally. 87% are prioritizing enhancing cloud infrastructure and 85% are prioritizing optimizing IT costs over the next 12 months.

IT and security decision makers are embracing change as they evolve, adapting to new skill demands and the rise of emerging tech. Nearly three in five IT and security decision makers think that the future of IT and security work will involve a growing demand for specialized skill sets (58%) and adoption of emerging technologies for advanced security measures (58%).