Every quarter, ETR conducts a higher-level macro survey to determine overall spending budgets and...
Today’s businesses are facing a rapidly evolving cybersecurity landscape marked by increasingly sophisticated threats, critical data privacy and governance concerns, the transformative impact of artificial intelligence (AI), and more. These themes will be at the forefront of this year's RSA Security Conference (RSAC), which is expected to draw over 45,000 cybersecurity experts under the motto "Many Voices, One Community”, highlighting the importance of collaboration in tackling shared cyber risks.
One way ETR contributes to this shared responsibility model is by conducting and releasing its annual State of Security Survey data and findings in conjunction with RSAC. This year’s iteration was launched this week. Findings release will begin with our Chief Strategist and Research Director Erik Bradley sitting down exclusively with SiliconAngle at the RSAC to break down the results and discuss what they mean for the security industry. In the meantime, let’s take a look at some of last year’s survey findings in relation to the current cybersecurity themes the enterprise technology world faces.
ETR's April 2024 Security Survey revealed that cybersecurity budgets are expected to increase significantly, with 87% of respondents planning to boost their security spending within the next year. Among these, midsize organizations reported the highest projected increases, with 23% anticipating budget expansions of more than 15%.
The top drivers of this increased spending include Multi-Cloud/Hybrid Security (55%), ransomware protection (50%), compliance (41%), and cyber insurance (41%). Among Global 2000 enterprises, multi-cloud security was cited by 61%, followed closely by compliance requirements.
AI continues to positively influence cybersecurity by enhancing threat detection and automating responses; however, it also equips cybercriminals with tools for more advanced tactics, such as adaptive malware and deepfake technology. Last year’s ETR State of Security survey further highlighted AI's prominence, noting that 61% of organizations planned to invest in AI-related security tools over the next twelve months, along with 22% who were already spending on AI-related security.
Ransomware remains a significant concern, with attackers employing double extortion tactics to pressure victims, targeting critical infrastructures, healthcare, and supply chains. This underscores the urgency for robust cloud governance, advanced vulnerability management, and AI-driven security tools. Cloud security vulnerabilities, exacerbated by the shift to cloud environments, demand increasing attention and priority in Cloud Security Posture Management (CSPM).
Meanwhile, the increasing complexity of global regulations necessitates that organizations adopt adaptable data governance frameworks. Additionally, insider threats remain a significant issue, underscoring the need for ongoing employee training and enhanced monitoring practices.
Quantum computing is making rapid strides and poses a future risk to encryption, prompting investments in quantum-resistant cryptography. Additionally, persistent cybersecurity skills shortages need to be addressed, with AI being suggested as a solution to automate routine tasks and free up security professionals for more critical responsibilities.
Harkening back to the ETR survey, only 11% of surveyed organizations have fully deployed a Zero Trust security model, though 66% have either started or plan to implement it soon. The survey also indicated significant interest among RSA attendees in AI/LLM security (62%), highlighting a strong industry trend toward these emerging technologies.
While RSAC is filled with hundreds of vendor exhibitors, they will be encouraged to know that 51% of the survey respondents from last year expected an increase in the number of security-specific vendors they engage with, signaling a continued preference for best-of-breed solutions to address evolving threats effectively. Last year’s data contradicts repeated predictions of vendor consolidation and security platformization, which are being touted by the more prominent security vendors as they push their broad portfolios of products. This will be a key data point to watch for in the 2025 iteration of the survey to gauge how this trend is unfolding.
RSAC 2025 is expected to highlight the importance of global collaboration, proactive strategies, robust data protection, regulatory adaptability, and ongoing professional development as essential components in fortifying defenses against evolving cyber threats. ETR is thrilled to be part of the community and looks forward to contributing to the collective conversation with a brand-new dataset from the 2025 Annual State of Security survey. Please reach out to us if you’d like to meet at RSA to review the key data findings.
