Security Priorities 2024
Prepare your organization to respond to an evolving threat landscape.
- Constant changes in the security threat landscape have introduced priority issues in identifying what security initiatives to focus on.
- Lack of oversight and implementation strategies on these security initiatives results in challenges in developing a roadmap to develop, deploy, and monitor the initiatives to improve an organization’s security posture.
Our Advice
Critical Insight
- Responding to the cybersecurity talent shortage includes identifying methods to upskill existing employees to better equip organizations with the necessary competencies to stay competitive within their industry.
- Preparing for a world advanced through AI begins with having the right foundation to implement a framework to protect organizations against AI-based threats while leveraging AI to enhance their security operations.
- Ensuring security risks are embedded with business risks will prepare them to better respond to the rise of supply chain risks.
- Implementing a zero trust roadmap through an iterative strategy will allow for continuous improvements in an organization’s security posture.
- The rise of automated and AI-based threats indicates the importance of improving efficiencies by streamlining security operations through automation, which will equip organizations with the necessary resources to fight against these attacks.
Impact and Result
Use this report to help decide your 2024 priorities by:
- Reviewing the priorities and associated drivers to better understand what initiatives would help your organization prepare for threat landscape in 2024.
- Identifying your needs and analyzing existing capabilities. Use Info-Tech’s template to explain the priorities to your stakeholders.
- Determining next steps by referring to Info-Tech’s recommendations and related research.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
10.0/10
Overall Impact
$4,000
Average $ Saved
6
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Nieuport Aviation
Guided Implementation
10/10
$4,000
6
Ahmad was a great co-presenter and his help was instrumental to making our "Security and A.I. Lunch and Learn" a success. He provided insights on i... Read More
KELSIAN GROUP LIMITED
Guided Implementation
10/10
N/A
N/A
Being able to share ideas and bounce of Rob's experience is always very helpful.
Security Priorities 2024
Responding to an evolving threat landscape
With the constant shift in the threat landscape, it’s important to ensure organizations are equipped with the necessary measures to proactively respond to changes.
As the security world continues to respond to the various changes in the threat landscape and the advancement of new technologies, organizations are focusing on improving their security posture to prepare for the future. The threat landscape has been exacerbated with the various attack vectors emerging, such as the increase in credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks. Furthermore, the rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats. This adds to the growing complexities of the current threat landscape, which has been identified by cybersecurity professionals as the most challenging within the past five years.
The emergence of advanced technologies has also welcomed opportunities for organizations to explore unique approaches to respond to these challenges while also enhancing existing capabilities to better equip themselves with the right people, process, and technology. This includes assessing the ability to address the talent shortage through upskilling, establishing a foundation to implement AI technologies, and evaluating an organization's security risk management with respect to integrating with the enterprise. Furthermore, the increased interest in zero trust adoption, coupled with the need for improving process efficiencies through automation, depicts the importance of continuous improvements through operationalization. This report explores the five priorities, along with the drivers and recommended actions, to help organizations be prepared to confidently address these security risks for 2024 and the years to come.
The average cost of a data breach in 2023 was USD 4.35M. Up 2% from 2022 and an increase of 15% from 2020.
Source: IBM, 2023
75% of cybersecurity professionals are viewing the current threat landscape as the most challenging within the past five years.
Source: ISC2, 2023; N=14,865
Cybersecurity continues to disrupt the business
Investment on cybersecurity is increasing due to its potential impact to the organization.
As part of our research process for the 2024 Security Priorities Report, we used the results from our Future of IT Survey, which collected responses between May 23 and August 22, 2023 (total N=894, with n=496 completed surveys). The survey highlights important technology trends and how organizations are addressing their opportunities and risks as well as their strategies for implementing the different technologies.
Factors that would disrupt the business within the next 12 months
Survey respondents (n=667) were asked what factors they anticipated would disrupt their organization within the next 12 months, ranging from 1 (smallest disruptor) to 5 (biggest disruptor). The number one disruptor was cybersecurity incidents, which was ahead of government-enacted policies or regulations and changing customer behavior. This indicates the growing importance organizations are placing on improving their security maturity, which would prepare them for any potential cybersecurity incidents.
Percentage of organization's IT budget spent on cybersecurity
Survey respondents (n=448) were asked about the percentage allocation of their IT budget spent on cybersecurity during the past fiscal year. Fifty-five percent of organizations indicated an allocation of less than 10%, while 44% of organizations spent more than 10% of their IT budget on cybersecurity. Furthermore, 7% of organizations indicated an allocation of more than 20% of their technology spend was on cybersecurity.
Organizations understand the importance of adopting AI
But what is the overall perceived impact to the organization?
The evolution of AI during the past few years has resulted in organizations learning more about the technology, its capability, and the importance of assessing its potential impact to the business. This notion was posed in a question in the Future of IT Survey, where organizations were asked what potential overall impact they expect AI to have.
Overall impact of AI to the organization
Over 55% of organizations expect a positive impact from AI and were more optimistic in the benefits it will bring to the business. Likewise, only 5% of organizations expect a negative impact from AI and consider how it could be challenging and pose a threat to their business model. Irrespective of the impact, it's evident that the evolution of AI will continue to grow, and organizations should be prepared to secure the evolution through efficient investment in people, process, and technology.
30% of organizations are currently leveraging AI to help automate repetitive, low-level tasks, and 37% are planning to use AI in 2024.
Source: Future of IT Survey, n=333
Increase in investments to combat the growing threat landscape
Although a recession was anticipated in 2023, organizations are still looking into increasing their investments for the coming year and ensuring they have the resources to securely grow their business.
Expected organizational spending on cybersecurity compared to the previous fiscal year
Survey respondents (n=452) were asked how they anticipated their organization's spending on cybersecurity will change compared to the previous year. Over 60% of organizations anticipate an increase in their cybersecurity spending for next year, which was a ten-point increase from last year's response (53.4%). Furthermore, only 32% of organizations anticipate a similar budget to last year, which was a nine-point decrease from last year's response. This depicts how organizations are realizing the importance of cybersecurity spend and the need for increased investments that will allow them to stay competitive within their industry.
Cybersecurity spending priorities
Survey respondents (n=449) were asked how important the six cybersecurity initiatives were in terms of spending priorities. The number one priority was security awareness and training, followed by next-generation tools and third-party services. This shows the growing need and importance for investments in upskilling employees as well as technologies and services to assist organizations in maturing their security posture.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Talk to an Analyst
Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.
Book an Analyst Call on This Topic
You can start as early as tomorrow morning. Our analysts will explain the process during your first call.
Get Advice From a Subject Matter Expert
Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.
Unlock Sample ResearchContributors
One anonymous contributor
Design and Implement a Business-Aligned Security Program
Build an Information Security Strategy
Secure Operations in High-Risk Jurisdictions
Develop a Security Awareness and Training Program That Empowers End Users
Build, Optimize, and Present a Risk-Based Security Budget
Hire or Develop a World-Class CISO
Fast Track Your GDPR Compliance Efforts
Build a Cloud Security Strategy
Identify the Components of Your Cloud Security Architecture
Security Priorities 2022
2020 Security Priorities Report
Manage Third-Party Service Security Outsourcing
Select a Security Outsourcing Partner
Improve Security Governance With a Security Steering Committee
The First 100 Days as CISO
Determine Your Zero Trust Readiness
Cost-Optimize Your Security Budget
Threat Preparedness Using MITRE ATT&CK®
Build a Zero Trust Roadmap
Security Priorities 2023
Security Priorities 2024
Grow Your Own Cybersecurity Team
Security Priorities 2025
Create a Zero Trust Implementation Plan
