• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   How To Budget For Cyber Security in 2018 

How To Budget For Cyber Security in 2018 

  • Posted on:November 15, 2017
  • Posted in:Industry News, Security
  • Posted by:
    Trend Micro
0
Putting together your cyber security budget? Here's a few important considerations to make.

 

As Q4 begins in earnest, now is the time to start making considerations for next year’s budgets. This is especially true for the company’s IT and cyber security budgets – a difficult decision with so many robust technologies and new threats emerging.

Compounding this problem is the fact that many businesses are operating under plateaued or shrinking budgets, creating a situation in which they have to protect against a wider range of vulnerabilities with fewer resources.

With all this being said, the C-suite has its work cut for it heading into 2018. In order to support and streamline these efforts, we’ve put together a list of top considerations that should be included in next year’s budget. Taking these into account will help ensure that your organization is protected, and is using available cyber security budget to the fullest.

By The Numbers: Spending On Security Increases

Although some companies are working with smaller IT budgets this year, it appears much of the focus of spending this capital is on robust information security products. According to a report from Gartner, overall global spending on security solutions and services is on track to reach $86.4 billion in 2017, representing a 7 percent increase over last year.

What’s more, this trend will continue into 2018. Gartner estimates that $93 billion will be spent on security solutions across the globe next year, Forbes contributor Tony Bradley reported.

“[S]ecurity services will continue to be the fastest growing segment – especially IT outsourcing, consulting and implementation services,” Bradley wrote. “However, hardware support services will see growth slowing, due to the adoption of virtual appliances, pubic cloud and software as a service (SaaS) editions of security solutions, which reduces the need for attached hardware to support overall.”

Whether your organization is looking to support a managed security provider partnership, or leverage leading software solutions, there are a few budget challenges that you should be aware of. Thinking about these ahead of time will help ensure that you allocate your available resources in the best way possible, and aren’t surprised by these potential struggles later on down the line, when the budget has been exhausted.

Digital lock in file drawer coming out of lap top screen.How is your business allocating next year’s security budget?

Security Solution Sprawl

IT sprawl is something that’s becoming more common, particularly as enterprises continually shift workloads off premise and into the cloud. Without proper consolidation, the IT architecture can include unnecessary environments that only increase the overall complexity and make infrastructure more difficult to secure.

Sprawl isn’t unique to IT platforms themselves, however. Many businesses today have more than a few security solutions in place, and while some – or all – of these systems may be highly specialized and applied to particular areas of the infrastructure, security solution sprawl does more harm than good.

Too many network security solutions can easily translate to numerous protection issues, especially in regards to visibility, training, manageability and updating. If employee users aren’t trained properly, they will not leverage solutions in the most valuable way for protection. What’s more, a lack of visibility can mean that updates and patches aren’t applied quickly, creating added vulnerabilities and openings for cyber criminal activity.

It’s also important to consider the effectiveness of older solutions – some systems simply can’t properly guard against today’s advanced and sophisticated threats. Other legacy security solutions were created to protect against a certain threat, which is no longer relevant to hackers and no longer used.

Before budgeting for additional solutions, it’s imperative that executives take a close look at the security systems they already have in place. Instead of simply adding new solutions, organizations should take the time to remove or modify legacy systems, consolidate those with overlapping capabilities and then work to fill in the gaps.

Lack of Security Personnel

“Not having the necessary expertise in places puts an organization at serious risk.”

Another pervasive issue to consider as you contemplate your 2018 budget is the fact that many businesses don’t have the security personnel they need to support defenses. As Trend Micro noted in the blog, “Lack of Internal IT Security Expertise Requires Connected Threat Defense,” this issue could extend to not being able to support an internal IT team, or being unable to find security employees with the right expertise for specialized needs.

Trend Micro reported that this IT security talent shortage was something felt by 48 percent of companies, and that not having the necessary expertise in places puts an organization at serious risk.

With unchanged or shrinking budgets, it can be difficult – if not impossible – to find the resources to support the salary of a new security focused team member. Thankfully, as the blog points out, a lack of security personnel is a gap that can be bridged with robustly intelligent security solutions.

“IT security solutions that create cohesive protection across a company’s attack surface can be of great benefit, especially for organizations impacted by the cyber security skills shortage,” Trend Micro reported. “As this lack of skilled talent persists, security professionals are relying more on their existing security platforms, which help support reduced management and more proactive, automatic protection.”

Budget Best Practices

Having too many security products in place and a lack of proper personnel management can spell disaster for your company’s IT protection in 2018. As you move forward with budget considerations, here’s a few more insights to keep in mind:

  • Avoid partnering with multiple security vendors: An outdated best practice approach used by many organizations was using the services of many different vendors to guard against the same threat. While this “leave no stone unturned” strategy may have worked in the past, it’s particularly foolish when you consider resource spending.
  • Audit current security solutions: Before consolidating, ripping or replacing, you must have a full idea of the security solutions already being used and the capabilities these provide. Once you understand their effectiveness, work to consolidate wherever possible.
  • Dig deeper: Overall, the best approach to IT security in 2018 is to identify one or a small few security firms that you want to partner with. In this way, you can leverage these partnerships to dig deeper into emerging threats and create the most cohesive protection stance possible

To find out more, check out our white paper on coordinated threat defenses today.

Related posts:

  1. Demand for cyber security skills booms as threats evolve
  2. Lack of Internal IT Security Expertise Requires Connected Threat Defense
  3. How the government shutdown is putting U.S. cyber security at risk
  4. IT spending in 2016: Top budget considerations

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.