European CISOs are facing headwinds in geopolitics and workforce retention. Making wise decisions is straitened but crucial in such turbulent times, which puts additional pressures on security pros. We analysed annual Forrester Security survey results to provide insights on cybersecurity budget planning in Europe to help guide conversations about priorities. We found that:
While tech layoffs are dominating the headlines, cybersecurity hiring remains strong.
2022 was dominated by headlines about drastic tech industry layoffs. Twitter, Meta and Amazon were some of the big tech that significantly cut its workforce. The percentages have gone up to 80% of the workforce and for some the numbers are still growing due to cuts made in 2023. But if you look closely, the earlier hiring’s were based on rushed decisions to meet the demand for digital services. Only recently, RedHat announced the decision to lay off 700 employees, with sales and engineering positions untouched. Forrester data shows that cybersecurity hiring rose in comparison to last year and the demand for cybersecurity skills is still high as cloud migration isn’t slowing down.
Cloud security and managed security services remain the top investments
Cloud security investments remain stable as well as spending on managed security services. However, Forrester Security Survey, 2022, reveals that security pros are stretched thin with having to juggle many strategic priorities at the same time. Security leaders are increasing their investments in threat intelligence and addressing numerous security challenges. Given the commonality of hybrid or anywhere work in the past two years, identity and access management security is the key top strategic priority.
Supply chain attacks are taking centre stage in 2023
Supply chain attacks got famous in 2021 – think SolarWinds and the Kaseya breach. Supply chain did not leave the stage and they are the top breach cause, according to Forrester Security Survey, 2022. Learning from news headlines, CISOs should be now accustomed to preparing for different scenarios that might be results of breached partners or third parties. But everyone is wise after the event, and our survey results show that security pros recalibrate their strategies once a breach already occurs. Supply chain breaches can mean various things due to the plethora of possible smoke points. CISOs must focus on digging deeper to understand the true root causes of breaches and set themselves up for success in offensive efforts.
It’s a cost saving time, and CISOs want to know the ROI
We live in hard times, so do CISOs. Budget battles have become more complex as organizations are trying to get through the economic headwinds. According to Forrester Security Survey, 2022, security decision makers use customer case studies with proven business metrics or a return on investment as a primary source when taking budget decisions. This trend is in line with our observations in the Q1 2023 earnings report, which highlights that CISOs frequently ask cybersecurity vendors to help them “save money”. Security pros should play with open cards with vendors and use this time to their advantage to get most of their investments.
To learn about all data points and advice, read the full report (available to Forrester clients): European Cybersecurity Budgets, 2023 | Forrester