Information security has always been important, but never as sexy as legacy modernization, AI, or pretty much anything else IT spends money on. In general, security is the sort of thing CIOs wish they’d invested more money on—after they’ve had a breach. But things have changed. As Merritt Baer, CISO at Reco AI, said to me, “You can’t do any other form of ‘business’ if you can’t be secure.” You can argue that this has always been true, but I’m hearing much more emphasis on security in my discussions with enterprises.
To paraphrase Baer, if security isn’t your priority, do any of your other priorities matter?
Security first
Every time I board a plane, I hear the message, “The safety of our customers is our first priority.” It’s roughly the same line whenever CIOs answer budget surveys, but look back a few years and you’ll find other initiatives (server virtualization, cloud, etc.) taking the front seat. During the past decade, however, security breaches have become so prevalent and so persistent that enterprises have stopped pretending that security is their first priority, and are actually spending accordingly. Although security spending declined globally in 2021, it’s been booming since then and is projected to top $87 billion in 2024. In a 2022 Morgan Stanley Research CIO survey, security was the top budget item that would be protected from the axe, with more than twice as many “least likely to be cut” votes as any other budget item, no matter a looming recession or other budgetary pressures.