• by Ray Schultz , September 15, 2022

IT security teams are ramping up their capabilities and spending large sums to do it, judging by Security Priorities Study, a paper from Foundry.  

Annual security budgets average $16 million at small businesses and $122 million at enterprise firms. For SMBs, that total has grown from $5.5 million in 2020.  

To a large extent, those monies are being spent on upgrades. For instance, 22% plan to upgrade/refine their authentication technology (i.e., multifactor, role-based) and access controls (i.e., network data). Another 21 expect to upgrade data backup and recovery technology.  

Still, 90% of organizations believe they are falling short in addressing cyber risks. 

One thing that gets in the way is a shortage of security skills. To address this, firms are:

• Asking current staff to take on more responsibility — 45%
• Utilizing technology to automate security practices — 45% 
• Outsourcing security functions — 42%

Many security breaches, whether caused by employees opening malware or more systemic attacks, start close to home. The main causes are: 

• Non-malicious user error — 34%
• Security vulnerabilities at third-party individuals or organizations — 28% 
• Unpatched software vulnerabilities — 27% 
• Misconfiguration of services or systems either on- or off-premises — 26% 
• Software supply chain breaches — 17%

The top security technologies are:

• Security Orchestration, Automation and Response (SOAR0 — 34%
• Zero Trust technologies — 32%
• Secure Access Service Edge (SASE) — 32% 
• Deception technologies — 30%
• Ransomware broker — 30%

Foundry surveyed 872 security leaders worldwide.