Cybersecurity Top Investment Priority in 2023 for CIOs

Source: WSJ | Published on October 25, 2022

Insurers on cyber insurance standardization

Chief information officers have stated that cybersecurity will be their top investment priority in 2023, demonstrating how businesses are racing to manage the business risk posed by escalating threats.

Companies are facing an increase in cyberattacks, such as the 2021 Colonial Pipeline ransomware attack, which impacted fuel distribution in the eastern United States. This month, hospital operator CommonSpirit Health disclosed an attack that brought down systems and disrupted patient care. According to the FBI’s Internet Crime Complaint Center, it received an all-time high of 847,376 complaints in 2021, with potential losses exceeding $6.9 billion.

Corporate CIOs play an important role in a variety of critical business initiatives, from cloud computing to advanced data analytics and the modernization of productivity, collaboration, and commerce platforms that impact customer and employee experience. Since 2020, cyber and information security has been at the top of their priority list.

“When it comes down to the CIO, it is cybersecurity.” Absolutely… “That is the top priority,” said Chris Howard, chief of research at technology research and consulting firm Gartner Inc., referring to the findings of the firm’s most recent CIO Survey. The results of the annual CIO survey, which had approximately 2,200 respondents, were announced Monday at the 2022 Gartner IT Symposium/Xpo, which is currently taking place in Orlando, Fla.

In the survey, which asked CIOs whether they planned to increase or decrease their investments in a variety of areas, 66% said they planned to increase their investments in cybersecurity.

According to that metric, it was the top investment priority for CIOs, surpassing business intelligence and analytics, where 55% of respondents said they planned to increase investment. Cloud computing platforms, application modernization, and artificial intelligence were among the other investment priorities.

Gartner predicts that end-user spending on information security and risk management will reach $188.336 billion in 2023, up 11.3% from this year. Gartner predicts that security spending will increase 7.2% this year compared to 2021. According to the company, security spending increased 14.3% in 2021 compared to 2020.

According to global CIO Lesley Salmon, safety and security account for roughly 15% of Kellogg Co’s total corporate information and technology spend.

“From an expense standpoint, not a capital investment standpoint, it will be going up proportionately more than any of my other areas next year,” Ms. Salmon, who is based in the United Kingdom, said.

Furthermore, Ms. Salmon stated that if the need to cut expenses arises, she leaves that portion of the budget alone.

“I never go to that hunting area to save money.” “If I receive a budget challenge, it does not come from cyber,” said Ms. Salmon, who joined the company in 2014 and has been in her current position since March 2019. Kellogg CEO Steve Cahillane reports to her.

Ms. Salmon has spent the last year or so expanding the company’s use of the Amazon Web Services cloud, as well as its use of analytics and artificial intelligence. “But the one constant in all of this is cyber,” she said.

Her strategy has been to strengthen security at the network’s perimeter and work inward from there. In addition, the company is working to implement a cybersecurity framework known as Zero Trust, in which users and applications must constantly reauthenticate themselves.

She reports to the company’s chief information security officer, but she emphasizes that cybersecurity is a collaborative effort involving many roles throughout the organization.

The collaborative emphasis on cybersecurity is visible across healthcare and financial services companies, where executives in a variety of roles, both technical and nontechnical, are now on the front lines of securing networks and data.

“We’re both concerned about cybersecurity.” “It’s what the boards are talking about,” said Howard Whyte, Chief Information Security Officer at Truist Financial Corp. He and Truist CIO Scott Case collaborate closely to understand the bank’s changing attack surface and cybersecurity risk in Charlotte, N.C. They are specifically updating digital capabilities while monitoring technology integration at the bank as a result of BB&T Corp.’s $28.2 billion acquisition of SunTrust Banks Inc. in 2019.

According to Michael Levin, senior vice president for global cyber risk and defense at UnitedHealth Group, a managed healthcare and insurance company based in Minnetonka, Minn., companies are in the midst of a long-term effort to develop more effective conceptual approaches to cybersecurity.

Mr. Levin said the 2015 medical data breach of Anthem Inc., now known as Elevance Health, was a watershed moment in healthcare.

According to Mr. Levin, there has been a shift away from a compliance-only approach to cybersecurity based on a checklist of what companies must do.

He claims that more forward-thinking companies are now adopting a newer risk- and outcome-based approach. However, much more work remains to be done as businesses figure out how to best deal with a constantly shifting landscape of cyber threats.

“Many organizations are still focused on previous checklists and compliance.” “I did everything you told me to do, so I’m safe, rather than wondering how I can be safe,” he explained.