The surge in breaches, ransomware, legislation, and third-party requirements over the last five years has forced executives outside the security organization to recognize the importance of comprehensive cybersecurity controls. This has led to a significant increase in cybersecurity budgets, and today, security, privacy, and other risk leaders find themselves in high demand, from the boardroom all the way down through the organization. As CISOs’ security and risk (S&R) leaders’ profiles rise, however, so have new challenges within the organization. These challenges include a growing list of cybersecurity technologies and vendors necessary to provide protection; continued staffing shortages, which compromise the ability to roll out new technologies and support existing ones; and extensive rework and customization to integrate specific technologies to meet business requirements.

Forrester’s Planning Guide 2023: Security & Risk highlights the dominant trends facing chief information security officers (CISOs) and chief privacy officers and provides key recommendations for spending priorities. The guide highlights which cybersecurity products/services S&R pros should prioritize and which ones can be divested from their existing security technology portfolio.

The guide also pulls in Forrester’s IT security spending benchmarks to guide S&R pros through current enterprise security budgetary allocations. This data enables you to compare your current cybersecurity spending against our data and uncover areas where you may be over- or underspending.

For example, the key cybersecurity functions that Forrester recommends increasing or defending investment in include: API security, cloud workload security, multifactor authentication, security analytics, Zero Trust network access, and crisis simulation exercises. These functions all deliver demonstrable value and are serviced by a diverse range of solution providers.

Forrester’s Planning Guide 2023: Security & Risk also identifies several promising emerging security technologies that S&R pros should consider evaluating and funding proofs of concept for — even in a downturn. These technologies include extended detection and response, attack surface management, and privacy-preserving technology.

Lastly, this guide also recommends decreasing or avoiding investment in the coming year in several security technologies, such as legacy network security controls like IPS and NAC as well as standalone data loss prevention.

To get more detail about the rationale behind these recommendations, Forrester clients can access the guide here.