Forrester today released research examining how organizations will budget for security in 2018, concluding that data breaches, talent acquisition, and decentralized tech spending are still major challenges for IT organizations.

The report compares budgets of security decision makers across firms that spend anywhere from under 10% to 30% of their overall tech budget on information security technologies. Here are some of the key findings:

  • Firms with larger security budgets are more likely to disclose breaches. Two-thirds of organizations spending 10% or less on information security reported zero breaches within the last 12 months. That number shrank to 41% with companies spending between 21% and 30% on information security.
  • Companies spending less face poor situational awareness, while those spending more have likely been breached. Organizations that report fewer breaches are not more secure; rather, lower budgets limit the ability of an organization to understand its true security posture. That said, those spending more than 30% of their budget on security imply a previous breach.
  • Financial services has the highest share of security spenders. Financial services dominates spending within the 11% to 20% and 21% to 30% ranges, with 28% of respondents selecting each. Meanwhile, public sector and healthcare respondents led the group spending less than 10%.
  • Traditional approaches to security budgets will fail in the next 12 months. Forrester anticipates that as technology initiatives quickly move from experimental to market-ready, security — which plays a minor role during the experiment stage — becomes critical if the product goes mainstream. Security and risk executives must adopt Agile development methodologies to succeed.

Click here for more information, and please contact us if you’d like a copy of this report.