How has new or emerging technology influenced your cybersecurity budgeting decisions for upcoming years? Are you thinking about prioritization any differently?

Absolutely, the rapid pace of technological change indeed requires a dynamic approach to cybersecurity budgeting. While emerging technologies influence budget decisions, it's crucial to maintain the core objectives of your security strategy. The technology landscape is evolving at an unprecedented pace, making it challenging to anticipate future developments. Emerging technologies have significantly influenced cybersecurity budgeting decisions, leading to a shift in prioritization for many organizations. However, this doesn't mean that the core objectives of your budget requirements should change. Instead, it's essential to integrate these new technologies into your existing objectives and allocate a portion of the budget specifically for their security.
This approach not only ensures that your organization remains secure but also helps in gaining buy-in from management, who are often keen to embrace new technologies. By demonstrating that security is a fundamental part of adopting new technologies, you can align your cybersecurity strategy with the overall business goals.

Regardless of Gen AI as a new topic, cybersecurity leaders should always be good cost conscious leaders for their organizations. This means continually holding quarterly business reviews with current vendors, ensuring solutions that are owned are being consumed effectively, and that as current technologies come up for renewal (hopefully 12-18 months prior), clear architectural strategies should be applied to bring in more capability at less cost. This method has been effective for me over the years and has allowed for compression of multiple solutions into broader platforms at times. Again, always be looking forward, and engage to understand new technologies and how they may bring more controls, better operational efficiency, and new paradigm shifts for your organization.

Emerging technology absolutely has an influence. While AI isn't new, the rise of generative AI and natural language processing is transforming how we interact with machines — the evolution from analysis to autonomy is happening rapidly. Automation and speed are beneficial, but they must be balanced with quality. As adversaries exploit older technology, addressing technology debt becomes crucial. And post-quantum computing presents risks to existing cryptographic work, which highlights the need for resilience measures. Evaluating and mitigating these risks will be a priority.

In discussions with clients, we often find that the basics aren't in place. For example, although AI and machine learning are popular, foundational elements like secure coding and user awareness training should be prioritized. Before diving into emerging technologies like IoT or quantum computing, it's essential to focus on basics like backup and recovery, network segmentation, and supply chain security. Regulations like GDPR and CCPA require compliance investments, so it’s critical to consider identity and access management before cloud adoption. By focusing on the relevant fundamentals in these areas, security leaders can better prepare their organization for future investments in emerging technologies.

In the financial sector, which is heavily regulated, new technologies like AI are influencing budget decisions significantly. It's crucial to have guardrails in place and conduct thorough risk assessments. We must understand the risks and benefits before presenting use cases to management. While bad actors are leveraging AI for malicious purposes, such as phishing and deepfakes, we are also enhancing our cyber defenses. The key is understanding organizational risks and maintaining a balance in achieving our objectives.