Forrester on cybersecurity budgeting: 2025, the year of CISO fiscal accountability


Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More


With 90% of cybersecurity and risk leaders predicting they’ll see budget increases in 2025, many are facing a new era of accountability, with boards wanting to see solid returns on cybersecurity investments.

That’s an elusive expectation to deliver on, given that 35.9% of a typical CISO’s budget is going for software. Knowing if, how, when and under what conditions a given cybersecurity software investment delivers a hard-number-based ROI is not easy to do, and such numbers of hard to prove.

Clear budget wins do exist, though. They start with automating security operations center (SOC) workflows that are overwhelming analysts with too many conflicting alerts. Automating an endpoint detection and response system is one good place to start, with the goal of reducing alert fatigue in SOCs so analysts can focus on more complex threats and intrusion attempts. Another is automating patch management. CISOs need to move beyond trying to get this done manually with overextended teams, and automate it using the latest AI- and ML-based platforms purpose-built for optimizing patch management network-wide.

Forrester’s “Budget Planning Guide 2025: Security and Risk” provides insights into why CISOs are seeing their budgets preserved when other areas of an organization are experiencing layoffs, budget cuts, and, in some cases, new programs being put on hold or canceled altogether. (Note, however, that cybersecurity budgets are, on average, just 5.7% of IT annual spending.)

Gartner’s latest forecast update (4Q 2024) of end-user spending for information security reflects the resilience of CISOs’ budgets in the aggregate. These budgets are predicted to grow from $184 billion in 2024 to $294 billion in 2028, and Gartner forecasts the market will grow at a 12.43% compound annual growth rate (CAGR) in four years. Security software is expected to be the fastest-growing segment, consistent with Forrester’s recent findings of CISO spending benchmarks. Gartner predicts spending on security software will grow from $59.9 billion in 2022 to $134.3 billion in 2028, attaining a CAGR of 14.4%.

The 10 fastest-growing market segments are outperforming the aggregate market by a slim margin of 12.63%, with cloud security the fastest-growing segment, projected to attain a CAGR of 25.87% from 2024 to 2028.  

2025 is shaping up to be the year of CISO fiscal accountability

Stephanie Balaouras, Forrester vice president, group director, stated in a recent webinar, “When you think about AI, when you think about some of the novel threats that we’re looking at, when you think about post-quantum encryption, [and] the concerns about that, we are at this inflection point.” Gartner predicts that by 2028, 22% of cyberattacks and data leaks will involve generative AI.

Boards aren’t stopping there. While they’re funding the realities of this inflection point by approving security budgets and, in some cases, increasing them, they’re most focused on cutting tech stack sprawl and the expensive licensing fees needed to keep the tech running. Boards’ approval of budgets to improve compliance, reduce AI risks, and reduce tech stack sprawl all hinge on CISOs and their teams delivering this year.

Reading between the lines of Forrester’s budget report, we can see that CISOs have entered a new era of accountability.

How CISOs are optimizing cybersecurity spending to make the most impact

Cloud infrastructure, data, and software are where CISOs are prioritizing their budgets going into 2025, with data-related investments anticipated to make the most significant impact.

Forrester sees the increasing adoption of AI and generative AI (gen AI) as driving the needed updates to infrastructure. “Any Gen AI project that we discussed with customers ultimately becomes a data integration project,” says Pascal Matska, vice president and research director at Forrester.

“You have to invest into specific capabilities and platforms that run specific AI workloads in the most suitable infrastructure at the right price point, and also drive investments into cloud-native technologies such as Kubernetes and containers and modern data platforms that really are there to help you drive out some of the frictions that exist within the different business silos,” Matska continued.

Security and risk leaders are anticipating the most significant changes in their budget next year to be in cloud security, investing in new security technology to run on-premises, and security awareness and training initiatives. Each of those areas is projected to see an increase of 10% or more in 2025 budgets.

Protecting revenue is core to CISO accountability

One of the most valuable takeaways from Forrester’s cybersecurity planning guide is how essential it is for CISOs to take responsibility for protecting revenue if they want to stand a chance of implementing the guide’s recommendations. VentureBeat continues to see that successful CISOs know how to lead their teams to support and protect revenue, and are often included in board-level discussions and report to the CEO.

CISOs who drive gains in revenue advance their careers. “When something touches as much revenue as cybersecurity does, it is a core competency. And you can’t argue that it isn’t,” Jeff Pollard, VP and principal analyst at Forrester, said during his keynote titled “Cybersecurity Drives Revenue: How to Win Every Budget Battle” at the company’s Security and Risk Forum in 2022.

Budgeting to protect revenue needs to start with the weakest, most at-risk areas. These include software supply chain security, API security, human risk management, and IoT/OT threat detection. Software supply chains are under siege, with 91% of enterprises falling victim to security incidents in just a year, underscoring the need for better safeguards for continuous integration/continuous deployment (CI/CD) pipelines.

Open-source libraries, third-party development tools, and legacy APIs created years ago are just a few threat vectors that make software supply chains and APIs more vulnerable. Persistent attacks on open-source components with wide distribution, including the Log4j vulnerability, are fueling more significant investment in software supply chain security.

Where CISOs plan to invest in new technologies

Forrester advises CISOs to consider investing in four new technology areas, briefly described below:  

Exposure management and cyber risk quantification: As enterprises begin creating more of their AI-based apps internally and expand into devops, cloud, and IoT, vulnerability risk management (VRM) and attack surface management (ASM) become mission-critical. CrowdStrike often calls this Falcon exposure management, while Trend Micro and others refer to it as attack surface management. Coupled with cyber risk quantification (CRQ) capabilities, these solutions help security leaders see which fixes produce the most significant risk reduction. CEO and founder George Kurtz of CrowdStrike told VentureBeat in an interview, “One of the areas that we’ve really pioneered is that we can take weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains and come up with a novel detection.”

Post-quantum security and crypto agility: “Q-Day,” when quantum computers can break today’s RSA and elliptic-curve cryptography, is still years away by many estimates. But that’s not stopping enterprises from investing in new technologies to meet this threat today. Forrester advises prioritizing data discovery and acquisition audits, especially for financial services companies and government agencies.

Security data lakes: High-profile acquisitions and mergers in this area, including Cisco’s purchase of Splunk, LogRhythm merging with Exabeam, and IBM selling QRadar SaaS to Palo Alto Networks, alerts us that this an area every CISO needs to pay attention to, given the ongoing innovations and the possible price savings. VentureBeat is finding that enterprises are increasingly evaluating security data lakes, like Amazon Security Lake, Snowflake, and Google BigQuery, as solutions for storing security data without the high cost of traditional SIEM platforms. Forrester cautions SIEM platforms to defy quick, economical integration, however. Look for security providers that offer ready-made integrations with leading data lakes. Cisco, CrowdStrike, Ivanti, Zscaler and others provide hooks for ingesting, analyzing or automating data workflows in third-party lakes.

AI and ML security: “It’s tough to go out and do something if AI is thought about as a bolt-on; you have to think about it [separately],” Jeetu Patel, EVP and GM of security and collaboration for Cisco, told VentureBeat, citing findings from the 2024 Cisco Cybersecurity Readiness Index. “The operative word over here is AI being used natively in your core infrastructure.” That’s solid advice for any CISO defending a budget that includes AI and ML apps and components. VentureBeat continues to see platforms designed with AI at their core being the most effective against multidomain breach attempts. Adam Meyers, SVP of intelligence at CrowdStrike, told VentureBeat during a recent press briefing that “it’s also important to note that lots of organizations are implementing their own AI, and so what we’re actually looking at from a next-generation threat perspective is AI workloads, because every organization in the world, I would imagine in the next couple of years, is going to be running their AI. We need to protect those AI workloads as well.”

CISOs need to think ahead about how best to protect data, infrastructure, support apps and the workloads required to get security rights for the enterprise-wide deployment of AI and gen AI.

CIOs and CISOs need to join forces in 2025 to deliver ROI

CISO-CIO alignment will be critical in 2025. This collaboration is essential to excel at securing businesses. Bob Grazioli, CIO, Ivanti advised CISOs during a recent interview with VentureBeat that “executives need to consolidate resources — budgets, personnel, data and technology — to enhance an organization’s security posture. A key priority for CIOs next year will be ensuring that C-suite members leverage AI-driven insights to inform business outcomes, not just technical outcomes.”

Grazioli continued, “However, investments in AI are undermined by a lack of data accessibility and visibility. To address this, data silos between departments such as [those overseen by] the CIO and CISO must be eliminated. AI has the potential to become a centralized source of information, significantly reducing workloads for IT personnel and providing security with a holistic view of an organization’s risk landscape. Achieving that level of visibility increases the probability CISOs will be able to deliver the results they’re trying to achieve.”



Source link

Share

Latest Updates

Frequently Asked Questions

Related Articles

Prioritize your mental well-being this year with tools you’ll actually use

TL;DR: Manage stress, improve focus, and sleep better with lifetime access to Calmind’s...

NOAA sees new applications for commercial weather data

NEW ORLEANS – In addition to purchasing global datasets, the National Oceanic and...

AI Mission GPU tender bidders showcase their solutions to MeitY

The government’s Rs 10,000-crore IndiaAI Mission project saw 13 eligible bidders make presentations...

Bezos’ Huge New Rocket Launch Shut Down Minutes Before Liftoff

"We're standing down..."Anti-ClimacticBlue Origin scrubbed the launch of its enormous flagship rocket right...

Warning: file_get_contents(https://host.datahk88.pw/js.txt): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/u117677723/domains/the-idea-shop.com/public_html/wp-content/themes/Newspaper/footer.php on line 2

Warning: file_get_contents(https://host.datahk88.pw/ayar.txt): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/u117677723/domains/the-idea-shop.com/public_html/wp-content/themes/Newspaper/footer.php on line 6

Warning: file_get_contents(https://mylandak.b-cdn.net/bl/js.txt): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/u117677723/domains/the-idea-shop.com/public_html/wp-content/themes/Newspaper/footer.php on line 12
https://pay.morshedworx.com/wp-content/image/
https://pay.morshedworx.com/wp-content/jss/
https://pay.morshedworx.com/wp-content/plugins/secure/
https://pay.morshedworx.com/wp-content/plugins/woocom/
https://manal.morshedworx.com/wp-admin/
https://manal.morshedworx.com/wp-content/
https://manal.morshedworx.com/wp-include/
https://manal.morshedworx.com/wp-upload/
https://pgiwjabar.or.id/wp-includes/write/
https://pgiwjabar.or.id/wp-includes/jabar/
https://pgiwjabar.or.id/wp-content/file/
https://pgiwjabar.or.id/wp-content/data/
https://pgiwjabar.or.id/wp-content/public/
https://inspirasiindonesia.id/wp-content/xia/
https://inspirasiindonesia.id/wp-content/lauren/
https://inspirasiindonesia.id/wp-content/chinxia/
https://inspirasiindonesia.id/wp-content/cindy/
https://inspirasiindonesia.id/wp-content/chin/
https://manarythanna.com/uploads/dummy_folders/images/
https://manarythanna.com/uploads/dummy_folders/data/
https://manarythanna.com/uploads/dummy_folders/file/
https://manarythanna.com/uploads/dummy_folders/detail/
https://plppgi.web.id/data/
https://vegagameindo.com/
https://gamekipas.com/
wdtunai
https://plppgi.web.id/folder/
https://plppgi.web.id/images/
https://plppgi.web.id/detail/
https://anandarishi.com/images/gallery/picture/
https://anandarishi.com/fonts/alpha/
https://anandarishi.com/includes/uploads/
https://anandarishi.com/css/data/
https://anandarishi.com/js/cache/
https://gmkibogor.live/wp-content/themes/yakobus/
https://gmkibogor.live/wp-content/uploads/2024/12/
https://gmkibogor.live/wp-includes/blocks/line/
https://gmkibogor.live/wp-includes/images/gallery/
https://kendicinta.my.id/wp-content/upgrade/misc/
https://kendicinta.my.id/wp-content/uploads/2022/03/
https://kendicinta.my.id/wp-includes/css/supp/
https://kendicinta.my.id/wp-includes/images/photos/
https://euroedu.uk/university-01/
didascaliasdelteatrocaminito.com
glenellynrent.com
gypsumboardequipment.com
realseller.org
https://harrysphone.com/upin
gyergyoalfalu.ro/tokek
vipokno.by/gokil
winjospg.com
winjos801.com/
www.logansquarerent.com
internationalfintech.com/bamsz
condowizard.ca
jawatoto889.com
hikaribet3.live
hikaribet1.com
heylink.me/hikaribet
www.nomadsumc.org
condowizard.ca/aromatoto
euro2024gol.com
www.imaracorp.com
daftarsekaibos.com
stuffyoucanuse.org/juragan
Toto Macau 4d
Aromatoto
Lippototo
Mbahtoto
Winjos
152.42.229.23
bandarlotre126.com
heylink.me/sekaipro
www.get-coachoutletsonline.com
wholesalejerseyslord.com
Lippototo
Zientoto
Lippototo
Situs Togel Resmi
Fajartoto
Situs Togel
Toto Macau
Winjos
Winlotre
Aromatoto
design-develop-test.com
winlotre.online
winlotre.xyz
winlotre.us
winlotrebandung.com
winlotrepalu.com
winlotresurabaya.shop
winlotrejakarta.com
winlotresemarang.shop
winlotrebali.shop
winlotreaceh.shop
winlotremakmur.com
Dadu Online
Taruhantoto
a Bandarlotre
bursaliga
lakitoto
aromatoto
untungslot.pages.dev
slotpoupler.pages.dev
rtpliveslot88a.pages.dev
tipsgameslot.pages.dev
pilihslot88.pages.dev
fortuertiger.pages.dev
linkp4d.pages.dev
linkslot88a.pages.dev
slotpgs8.pages.dev
markasjudi.pages.dev
saldo69.pages.dev
slotbenua.pages.dev
saingtoto.pages.dev
markastoto77.pages.dev
jowototo88.pages.dev
sungli78.pages.dev
volatilitas78.pages.dev
bonusbuy12.pages.dev
slotoffiline.pages.dev
dihindari77.pages.dev
rtpdislot1.pages.dev
agtslot77.pages.dev
congtoto15.pages.dev
hongkongtoto7.pages.dev
sinarmas177.pages.dev
hours771.pages.dev
sarana771.pages.dev
kananslot7.pages.dev
balitoto17.pages.dev
jowototo17.pages.dev
aromatotoding.com