Security budgets continue to rise in support of hybrid workforce

Introduction

Reevaluating information security architecture to accommodate the hybrid workforce, in addition to resuming security initiatives disrupted in the rush to support off-site workers during the pandemic, continues to drive an increase in overall security spending. The 451 Research Voice of the Enterprise: Information Security, Budgets & Outlook 2022 study examined information security budget priorities, strategic objectives and the evolving perceptions of cloud security.

The vast majority (94%) of information security leaders responding to our latest enterprise end-user survey say their security budgets are increasing this year. Amid the massive shift to remote and hybrid work, just over 16% of survey respondents now cite securing remote work as a key strategic objective, while nearly 17% identify improved identity management and access control as a top security goal. The footprint of IT architecture that must be secured remains complex, often involving both on-premises infrastructure and multiple cloud environments. The percentage of security spending allocated to the cloud continues to increase as a result, now averaging 37% of overall security budgets.

Summary of Findings

Information security budgets continue an upswing, with 94% of our survey respondents reporting an increase in spending this year. The net change is an average increase of 26%. Only 1% of those surveyed plan to reduce security spending, with 4% projecting no change. About 20% say the largest increase in spending will be on people, an indicator of the continued difficulty in recruiting and retaining security personnel.

Meanwhile, 19.6% of those surveyed say managed security services will be their largest area of increased spending. MSS offerings can create an economy of scale around common security monitoring tasks across different customers, off-loading some portion of security operations analyst work. Every major product category here shows planned spending increases. Security information and event management and analytics platforms lead the way with 36% of respondents noting a significant increase in spending in this area.

Information security managers note that 37% of their security spending is being allocated to securing cloud infrastructure. The majority of respondents (65%) say that leveraging tools and services provided by default with their cloud subscription is the most common approach to security. Yet an equal 65% note that their approach in 2022 will extend to premium security services from the cloud providers. Two in five surveyed enterprises indicate planned spending on third-party security tools and services that they will apply to their cloud infrastructure.

Cloud security remains a significant pain point among respondents, trailing only user behavior. Top-cited cloud security issues include managing cloud configurations, selected by 30% of respondents, and managing identities and permissions for accessing cloud resources (27%). On a related note, identity management, at 37%, is the top technology that surveyed enterprises have implemented from a cloud marketplace.

A little more than half (51%) of respondents note that third-party cloud infrastructure can be used to host any application workload, independent of risk requirements or mission criticality. Only one-third of respondents limit their use of cloud resources based on application risk. More than half (55%) say the first indicator of a potential breach in the cloud would most likely come from the security monitoring capabilities they have set up for their cloud infrastructure.

About three-quarters (74%) of respondents have implemented additional third-party security controls for cloud-based productivity suites such as email. Of the cohort that has not, 25% plan to implement such controls in the coming year. The top drivers for these implementations include better recognition of malicious content, selected by 51% of respondents, and better recognition of suspicious senders (39%).

^{The 451 Research Voice of the Enterprise: Information Security, Budgets & Outlook 2022 survey was carried out between November 23, 2021, and January 5, 2022. The survey represents approximately 538 completes from prequalified IT decision-makers in our proprietary global panel of enterprise end users.}