Industry news

Where does cybersecurity fit in 2022 budget priorities?

by Egress
Published on 23rd Sep 2021

As tech budgets start to return to a pre-pandemic state, it will be interesting to see where priorities have shifted to over the past year and a half – especially when it comes to cybersecurity.

We’ve taken a look at a few major industry reports to give you an idea of shifting plans, and where cybersecurity sits as a priority in 2022 budgets.

Have tech budgets increased in 2021?

According to Gartner, spending has been much healthier in 2021 than it was during 2020. Their research predicted that spending on IT devices in 2021 would see a nearly $100bn rise – but this still doesn’t quite take us to pre-pandemic levels. Global tech spending was down 3.3% on pre-pandemic levels, although that was a marked rise on the 7.3% slump we saw in 2020.

Gartner have divided the business world’s response to COVID-19 into four distinct phases:

  • Phase 1: React and respond
  • Phase 2: Redirect to new realities
  • Phase 3: Rebound to the future
  • Phase 4: Accelerate opportunities

The latest report suggests that we’re getting close to the end of Phase 3 and almost ready to enter Phase 4. The most important concerns for CEOs in 2020 included remote working, supply chains, and a fair amount of ‘wait and see.’ With vaccinations rolling out and economies showing signs of recovery, 2021 has been a year of stabilisation.

So what does 2022 hold? Will there be new goals, and bigger tech budgets to reach them?

Shifting budget priorities in 2022

Flexera’s 2021 State of Tech Spend Report noted what most people already know: the pandemic has greatly accelerated digital transformation. They surveyed 474 businesses and found that nearly half of IT staff members now work from home – and 20% said they plan to work from home permanently after the pandemic ends. They also believed that “the long-term advantages of earlier digital transformation are likely to lead to enhanced business success over the next few years.”

Another report by market research firm Computer Electronics took a similar view. They’ve been publishing their annual IT Spending & Staffing Benchmarks Report since 1990 to provide a source of IT budgeting metrics for North American businesses. Their findings showed an overall trend of a ‘remarkable bounce back’ from the pandemic.

The report showed that three-quarters of organizations were planning to increase their IT budgets for 2022, with the biggest increases to be found in technology that support digital transformation. They expect continued heavy investment in SaaS, cloud infrastructure, and data analytics.

According to Computer Electronics’ research, organizations won’t be holding back on new IT investments and trying to position themselves as leaders in a digital future. In terms of risks to new investment, the report called out skills shortages, inflation, and residual effects from the pandemic. Of course, the other main threat to a rosy digital future is cybercrime.

Where does cybersecurity rank as a budget priority for CEOs?

IoT Analytics perform a useful quarterly study titled “What CEOs talked about in…” which is generated from a keyword analysis of earnings call from around 2,500 US-listed companies. The results are then ranked into four quadrants:

  • Small and fading importance
  • Small and growing importance
  • High and fading importance
  • High and growing importance

Pandemic-related issues such as remote working and vaccination have fallen into the ‘High and fading importance’ category. Cybersecurity on the other hand fell under ‘Small and growing in importance’ – but with the rise in ransomware and remote working, we expect that to shift to the ‘high and growing in importance’ category on CEO’s radars very soon.

Flexera’s 2021 State of Tech Spend Report found cybersecurity to be higher on the agenda for businesses. Out of their 474 surveyed organizations, they noted that after digital transformation, cybersecurity was the top IT initiative. Cybersecurity also had the highest planned increase in external IT resources among the surveyed businesses.

Microsoft 365 adoption continues to accelerate

The race to Microsoft 365 continued in 2021, made clear by the company’s 2021 Q4 and fiscal year results (published at the end of July).

In Q4, the company’s revenue grew by 21% to $46.2bn compared with the year-ago quarter, and for the entire fiscal year, revenue was recorded at $168.1bn and increased 18% to the previous period.

Also in Q4, Office Commercial products and cloud services revenue increased 20% (up 15% in constant currency) driven by Office 365 Commercial revenue growth of 25% (up 20% in constant currency).  Server products and cloud services revenue increased 34% (up 29% in constant currency) driven by Azure revenue growth of 51% (up 45% in constant currency).

Five recommendations to help shape your 2022 priorities

All signs point to larger cybersecurity budgets in 2022 (and beyond). Here are our top five recommendations for CISOs and their teams as you align your priorities to match changes in your budgets:

1. Protect your people: Your people are your greatest security vulnerability: they fall victim to targeted attacks, they make mistakes and they break the rules. Organisations need security controls that work with the user to ensure they can continue to work effectively without putting data at risk.

2. Layer an Integrated Email Security Solution (IESS) into your Microsoft 365 security: Microsoft has developed its anti-spam and antivirus security, but organisations require the additional security provided by an IESS to tackle the advanced and sophisticated inbound phishing attacks, as well as enhance DLP capabilities for outbound email.

3. Double down on your phishing defences: Cybercriminals don’t hack in, they log in. As you continue to battle a rising tide of phishing and ransomware attacks, particularly those that originate from cybercriminals using compromised supply chain accounts, your organisation will need intelligent defences in place.

4. Keep monitoring the regulatory horizon: As the UK Government re-examines the UK GDPR in 2022, stay informed on the impact this will have for the way your organisation operates, your current cybersecurity investments, and potential future investments that will be required.

5. Integrate and automate: Time-saving automations and integration are crucial for productivity and success, and CISOs need to ensure they’re using technologies that can reduce the administrative burden on their teams.