Companies are going to have to change the way they implement system security in 2018.
New research from Forrester, examining how organisations will budget for security in 2018, concluded that data breaches, talent acquisition, and decentralised tech spending are still major challenges for IT organisations.

The report compares budgets of security decision makers across firms that spend anywhere from under 10% to 30% of their overall tech budget on information security technologies.

Some of the key findings include:

* Firms with larger security budgets are more likely to disclose breaches. Two-thirds of organisations spending 10% or less on information security reported zero breaches within the last 12 months. That number shrank to 41% with companies spending between 21% and 30% on information security.

* Companies spending less face poor situational awareness, while those spending more have likely been breached. Organisations that report fewer breaches are not more secure; rather, lower budgets limit the ability of an organisation to understand its true security posture. That said, those spending more than 30% of their budget on security imply a previous breach.

* Financial services has the highest share of security spenders. Financial services dominates spending within the 11% to 20% and 21% to 30% ranges, with 28% of respondents selecting each. Meanwhile, public sector and healthcare respondents led the group spending less than 10%.

* Traditional approaches to security budgets will fail in the next 12 months. Forrester anticipates that as technology initiatives quickly move from experimental to market-ready, security – which plays a minor role during the experiment stage – becomes critical if the product goes mainstream. Security and risk executives must adopt Agile development methodologies to succeed.

Photo credit: Drew Graham on Unsplash