Investments will increase, but CISOs will be more selective, driving the need for federated technology architectures. Credit: MicrostockHub / Getty Images Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research.First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023.These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning.While the data points to fairly robust cybersecurity spending increases, it also indicates some caution. Seventy percent of survey respondents say that budget cuts or freezes are likely or possible this year. If cuts occur, IT and security professionals claim they will trigger hiring freezes, project delays, and greater vendor scrutiny. How CISOs will respond in 2023So, spending increase predictions must be tempered as organizations are prepared to step on the brakes if need be. Based on all the ESG data, I believe:CISOs will focus inward. With IT spending slowing, CISOs will assess their existing security programs with a fine-tooth comb. This will lead them to concentrate their efforts in two areas: security hygiene and posture management and improving existing processes and controls. Security hygiene and posture management initiatives will include discovering, analyzing, and monitoring all IT assets, so technology vendors such as Axonius, Brinqa, Detectify, JupiterOne, Noetic Cyber, Panaseer, and Sevco should benefit. ServiceNow should also see activity, especially with existing customers looking to consolidate security and IT operations. In terms of the second initiative, improving existing processes and controls will include process automation and SOAR, operationalizing MITRE ATT&CK, and more frequent security testing.Investments will be more tactical than strategic. Security teams are already eschewing long-term contracts and postponing complex resource-intensive projects. This means they’ll break project and platform initiatives into digestible bites, investing in high-priority needs. Rather than big bang zero-trust plans, security and IT teams will focus on application and data classification, access policies, policy enforcement, and network segmentation. Similarly, security operations teams may be reluctant to replace legacy SIEM platforms in 2023. Rather, they’ll surround SIEM with security data lakes, XDR, and SOAR tools, supporting them with a greater emphasis on security engineering, homegrown analytics, and staff augmentation services. While economic downturns often lead to training budget slashing, this won’t happen in 2023. To drive employee retention and improved productivity, CISOs tell me they plan to increase investments in staff training and education.Consolidation will give way to federation. Yes, organizations will continue to consolidate vendors and integrate technologies, but at a more gradual pace. Meanwhile, they’ll focus their efforts on individual security domains—cloud security, email security, endpoint security, network security, etc. This will lead to more open domain-based platforms, stitched together through APIs and a growing array of open standards. I believe 2023 will be a big year for the Open Cybersecurity Schema Framework (OCSF), introduced at Black Hat 2022. Security technology federation will be part of the day-to-day lexicon before 2024 arrives. Hmm, sounds a bit like security operations and analytics platform architecture (SOAPA) to me.Services spending will dominate budgets. The ESG research indicates that nearly half (45%) of organizations say they have a problematic shortage of cybersecurity skills. This means they don’t have an adequately sized staff and they lack some advanced but necessary cybersecurity skills. Despite industry layoffs, cybersecurity professionals will remain in high demand. CISOs have no choice but to augment internal staff and skills with service providers in areas like managed threat intelligence programs, managed detection and response, and identity as a service.Cybersecurity is a business priority, and many organizations need a lot of help here. Investments will continue but they’ll be a “back-to-basics” vibe throughout the year. CISOs will also fine-tune planning as the year unfolds. Some hyperbolic vendors will eat humble pie in 2023 while VCs find themselves drinking house wine at the Rosewood hotel in Menlo Park. Alternatively, security professionals and CISOs will benefit from more practical programs focused on priorities, existing resources, and getting the biggest bang for their security spending bucks. Related content news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Malware Cybercrime news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe