Skip to content

Posts tagged ‘CloudSecurity’

Nov 3

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

Top 10 Insights from Forrester’s 2026 Cybersecurity Budget Report

“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” states Forrester’s 2026 Budget Planning Guide.

The research firm’s planning guide for next year provides security leaders with new insights into how their clients are allocating budgets, which gives a helpful overview of the next 12 months of cybersecurity spending.

Implicit in the guide is the need for new technologies that enable organizations to be more adaptive to threats and take action on them before they become breaches. There’s also a strong focus on getting a head start on new technologies, anticipating the severity of threats new developments in AI, generative AI (genAI), deepfakes, and all other forms of weaponized technologies can pose to an organization.

Software is a solid 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points. Meanwhile, security leaders face escalating threats, with generative AI attacks executing in milliseconds, a stark contrast to the average Mean Time to Identify (MTTI) of 181 days, according to IBM’s latest Cost of a Data Breach Report.

A fast-changing threatscape is changing spending priorities

Three converging threats are flipping cybersecurity on its head. What once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST’s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

1.     Software now claims 40% of cybersecurity budgets, surpassing personnel spend. Forrester’s budget planning guide reports that software now accounts for approximately 40.2% of cybersecurity spending, eclipsing combined hardware and outsourcing budgets. It’s noteworthy that software spending is surpassing personnel costs by 11 percentage points.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report
Source: Forrester Budget Planning Guide 2026: Security and Risk

2. Security budgets are accelerating, with 55% of global security and tech leaders forecasting significant increases next year. A robust 15% anticipate their budgets jumping more than 10%, and another 40% project hikes between 5% and 10%. Regional outlooks vary sharply: APAC is most bullish, with 22% expecting double-digit growth, compared to a cautious 9% in North America and just 12% in EMEA. However, nearly half (45%) remain reserved; 30% predict minimal budget bumps of 1%–4% or barely keeping pace with inflation, while another 10% expectSource: Forrester Budget Planning Guide 2026: Security and Risk no change, and 5% foresee cuts.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report
Source: Forrester Budget Planning Guide 2026: Security and Risk

3. Cloud security, on-prem tech, and security awareness training are set to lead cybersecurity spending in 2026. Decision-makers are doubling down on cloud security, with 12% boosting budgets in this area by 10% or more, 11% doing the same for new on-premises solutions, and another 10% ramping up security awareness programs. Notably, investments in on-premises security technology appear twice among the top priorities, as 36% plan at least a 5% increase for both new deployments and upgrades to existing infrastructure. The numbers reflect an uneven global adoption of cloud strategies, driven by persistent concerns around cost, security, and data sovereignty. APAC is exceptionally bullish. 78% of companies there plan increased spending on new on-prem security, outpacing EMEA by 10% and North America by 8%.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report
Source: Forrester Budget Planning Guide 2026: Security and Risk

4. Forrester recommends that security leaders broaden AI and ML security throughout the enterprise in 2026 as generative AI moves from standalone apps to essential business systems. Productivity suites, CRM platforms, and service tools now embed genAI natively, transforming workflows and widening potential attack surfaces. Enterprises urgently need comprehensive protection across AI models, data, applications, and user identities to counter risks such as model vulnerabilities, data leakage, and prompt jailbreaking. Hyperscalers like Google Cloud and Microsoft are responding quickly, while cybersecurity incumbents, notably Palo Alto Networks with its Protect AI acquisition, actively expand their footprint. Meanwhile, innovative startups, including Knostic and CalypsoAI, both featured at RSA’s Innovation Sandbox, target niche but critical genAI security gaps. Enterprises investing strategically now will securely scale genAI deployments and establish a clear competitive advantage.

5. Standalone SSE spending will sharply decline in 2026 as enterprises shift to unified SASE platforms, streamlining security operations and accelerating Zero Trust initiatives. Initially positioned to fill security gaps left by SD-WAN deployments and the surge in remote work, standalone SSE and isolated ZTNA solutions have now reached their functional limits. Leading companies increasingly adopt integrated platforms like Cato Networks’ cloud-native SASE, which consolidates SD-WAN, ZTNA, SWG, CASB, and firewall capabilities within a single, unified framework. As I’ve noted in VentureBeat, CISOs who pivot to unified SASE platforms benefit from simpler integration, superior AI-driven threat detection, and significant operational efficiencies that isolated solutions cannot deliver. Organizations proactively embracing integrated SASE from providers like Cato Networks will immediately enhance security resilience, improve operational agility, and significantly reduce vendor complexity.

6. Forrester predicts that by 2026, security leaders will seize a critical advantage by accelerating the adoption of post-quantum cryptography (PQC). With NIST’s landmark release of three core PQC standards in August 2024, organizations now have clear guidance to protect their data and applications against emerging quantum threats. Most governments align with NIST timelines, targeting legacy encryption deprecation by 2030, while Australia’s ASD urges adoption of approved PQC algorithms even sooner. Enterprises should immediately focus efforts on securing their most sensitive asymmetric cryptography, covering data at rest, data in transit, and data actively used within applications. Comprehensive cryptographic discovery and inventory tools provide the visibility required to assess readiness. Strategic partnerships with cryptoagility innovators, including Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales, enable organizations to define a clear, secure migration path. Organizations acting decisively now will confidently navigate the quantum transition and fortify their competitive edge.

7. Machine identity management will become essential by 2026 as automated identities multiply rapidly across the IT infrastructure. Apps, AI agents, IoT devices, containers, cloud environments, and infrastructure scripts now generate identities faster than humans can manually track or manage. Enterprises urgently require solutions capable of managing these identities throughout their lifecycle, automating key rotations, and enforcing role-based access. Leading vendors, including Akeyless, BeyondTrust, CyberArk, Delinea, HashiCorp, Keyfactor, AppViewX, and emerging startups like Aembit, Astrix, Clutch, Entro, and Oasis Security, offer robust platforms to meet this challenge.

8. There will be a significant reallocation away from standalone interactive application security testing (IAST) in 2026, as operational hurdles continue to limit adoption. Originally designed to blend the runtime accuracy of dynamic application security testing (DAST) with static application security testing’s (SAST) code-level insights, standalone IAST has proven overly complex. Forrester recommends shifting budgets toward integrated IAST and DAST platforms, such as those from Invicti and HCLSoftware, that simplify deployment. Alternatively, APIs, microservices, and containers provide more transparent and consistent returns.

9. Consolidation of endpoint security and SIEM tools will accelerate in 2026. As extended detection and response (XDR) platforms gain momentum, security leaders have a clear opportunity to reduce agent sprawl, improve analyst efficiency, and lower the total cost of ownership. Vendors, including Microsoft, CrowdStrike, and Palo Alto Networks, now embed critical SIEM functions such as detection, correlation, third-party data ingestion (particularly from cloud, identity, and email), and response directly within their XDR offerings. While these integrated solutions currently don’t fully match standalone security analytics platforms, they deliver compelling advantages: simplified deployments, centralized threat context, and measurable operational savings. Organizations consolidating around unified XDR solutions today will streamline security operations and achieve faster, higher-quality threat detection.

10. By 2026, rapidly evolving generative AI will make deepfakes virtually indistinguishable from authentic media, rendering simplistic identity checks obsolete. Enterprises must proactively deploy sophisticated detection platforms using advanced ensemble modeling—spectral analysis, image artifacts, skin tone consistency, lighting anomalies, audio echo patterns, and device reputation, to ensure trusted employee verification and transaction authentication. Vendors such as GetReal Security, Sensity, and Reality Defender already offer real-time risk scoring, transparent reasoning, and integrated case management. Early adopters will safeguard identity security, sustain customer trust, and remain resilient against future deepfake threats.

Jul 7

Forrester's top ten trends defining identity and access management in 2024

Forrester’s top ten trends defining identity and access management in 2024

Stolen identity and privileged access credentials now account for 61% of all data breaches. This figure continues to increase as nation-state attackers, cybercrime groups, and rogue attackers integrate AI into their attack tradecraft.

Adversarial AI is taking aim at identities

 80% or more of breach attempts aim first at identities and the systems that manage them. CrowdStrike’s 2024 Global Threat Report found that identity-based and social engineering attacks are reaching a new level of intensity. CrowdStrike found that attackers are using AI to launch advanced phishing attacks to impersonate legitimate users and infiltrate secure accounts. Attackers have long sought account credentials, but in 2023, their goals centered on authentication tools and systems, including API keys and OTPs.

“What we’re seeing is that the threat actors have really been focused on identity, taking a legitimate identity. logging in as a legitimate user. And then laying low, staying under the radar by living off the land by using legitimate tools,” Adam Meyers, senior vice president counter adversary operations at CrowdStrike, told VentureBeat in an interview early this year. Two of the most infamous Russian nation-state attackers, Fancy Bear and Cozy Bear, led these efforts, with the former exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) for unauthorized server access.

Top ten trends defining identity and access management (IAM) in 2024

Forrester’s recent report, The Top Trends Shaping Identity And Access Management In 2024, provides an insightful view into the future of Identity and Access Management (IAM) and Privileged Identity Management (PIM). The report predicts that threat detection and remediation will improve with the help of A.I. Forrester also predicts that FIDO passkey authentication will go mainstream. In contrast, biometric authentication will slow down due to concerns regarding deepfakes.

Leading IAM providers include AWS Identity and Access Management, CrowdStrike, Delinea, Cradlepoint, ForgeRock, Ivanti, Google Cloud Identity, IBM Cloud Identity, Microsoft Azure Active Directory, Palo Alto Networks, and Zscaler.

Here is a summary of the top ten trends Forrester believes will shape IAM in 2024:

Trend 1: AI Will Improve Identity-Based Threat Detection and Remediation. Generative AI (genAI) is helping to redefine the future of IAM by improving outlier behavior analysis, increasing alerts’ accuracy, and streamlining administrative tasks while guarding against new threats.

98% of security professionals believe AI and machine learning (ML) will be beneficial in fighting identity-based breaches and see it as a pivotal technology in unifying their many identity frameworks. The majority, 63%, predict AI’s leading use case will be greater accuracy in identifying outlier behavior. 56% believe AI will help improve the accuracy of alerts, and 52% believe AI will help streamline administrative tasks.

Forrester asserts that AI will help short-staffed security teams triage alerts and automate time-consuming, mundane aspects of their jobs. Forrester also envisions genAI being used to query, “Which five applications are the riskiest from an identity entitlement perspective?” CrowdStrike announced at RSAC 2024 that Charlotte AI, CrowdStrike’s Generative AI security analyst, can automatically correlate all related contexts into a single incident and generate an LLM-powered incident summary for security analysts.

Trend 2: IAM Platforms Face Increased Scrutiny Of Their Underlying Security. High-profile breaches that began with impersonation leading to identity theft, including MGM and Okta, reflect how social engineering can still bypass IAM safeguards. CISOs are pushing back on their IAM vendors to improve operational processes and security practices and prioritize security for cloud-based SaaS applications and multi-cloud configurations. Forrester writes that their clients running IAM systems expect their vendors to comply with standards like SOC 2, FedRAMP, ISO 27002, and PCI. CISOs and security teams are also asking to vet a vendor’s workforce, including both employees and contractors and understand how the vendor communicates about and addresses security issues.

Forrester’s advice to security and risk management professionals is to “Demand multifactor authentication for all workforce business and admin users, without exception. Prioritize IAM vendors that embrace secure-by-design and secure-by-default principles and value continuous two-way customer engagement to improve their overall cybersecurity posture.”

Trend 3: IAM And Non-IAM Vendors Respond To Identity-Centric Threats. More CISOs and their security teams are taking a zero trust mindset to breaches. They see them as inevitable, and as part of their zero trust frameworks, they’re looking to shut down lateral movement after an intrusion. Forrester observes that “both IAM vendors and non-IAM cybersecurity vendors keep making advances in identity threat detection and response (ITDR). As a result of organic development and acquisitions, ITDR capabilities are being incorporated in platforms from privileged identity management (PIM) vendors like ARCON, BeyondTrust, CyberArk, and Delinea, as well as XDR vendors, such as Cisco, CrowdStrike, Proofpoint, and SentinelOne.”

Trend 4: FIDO Passkey Authentication Goes Mainstream For Workforce And B2C Uses. Forrester notes that a large number of customer-facing sites, including H&R Block, PayPal, and Verizon, are moving to passwordless authentication. At the same time, smaller financial institutions like coinbase.com offer optional fast identity online (FIDO) Authentication and FIDO passkey-based authentication. The research firm expects 30% of B2C websites and apps to offer FIDO passkeys by the end of 2024.

Trend 5: Biometric Adoption Slows Due To Concerns Around Deepfakes. Despite biometric authentication being a security standard on smartphones, CISOs and consumers alike are becoming more concerned about deepfakes. Designing liveness detection and other advanced features for facial and fingerprint recognition systems reduces the threat of spoofing generated by deepfake technology.

As multiple breach attempts have proven, voice biometrics are more susceptible to attack. Forrester notes that in response, the FTC set a Voice Cloning Challenge to “encourage the development of multidisciplinary solutions—from products to procedures—aimed at protecting consumers from artificial intelligence-enabled voice cloning harms, such as fraud and the broader misuse of biometric data and creative content.” Vendors will add additional deepfake detection to their solutions in 2024, resulting in a rebound in biometrics adoption in 2025.

Trend 6: IMG And PIM Vendors Expand Coverage Of Cloud Administrator Identities. Getting multicloud and hybrid cloud security right is getting more challenging and complex to achieve at scale due to configuration complexity. Forrester notes that “zero trust in the cloud starts with understanding the data access entitlements of identities like cloud infrastructure administrators, SaaS administrators, and business users.” Security and risk management professionals need to review cloud administrators’ entitlements that grant access to sensitive data assets and, when necessary, cancel them. Forrester writes, “While tools offer detection and remediation automation, they are no substitute for documented and consistent identity governance processes.”

Trend 7: Government-Issued Digital Identities Continue To Spread. Forrester believes acceptance of government-issued decentralized digital identities (DDIDs) beyond government use cases will grow in 2024. Mobile digital identities, including driver’s licenses, are now available in the US states of Arizona, California, Florida, and Iowa. Jurisdictions that have or will soon issue mobile driver’s licenses include the European Union (based on the eIDAS 2.0 approved set of standards), Estonia, Hungary, and Sweden. Nigeria and the Philippines have digital identities active today. .

Trend 8: B2B IAM Becomes A Differentiating Feature. Security teams and CISOs running them who are operating without an extended IAM ecosystem for partners like contractors, suppliers, and resellers face more severe security risks. B2B IAM involves managing joiner, mover, and leaver (JML) processes differently than internal employees. Forrester predicts that in 2024, IAM vendors will enhance platforms with features like simplified federation onboarding, verifiable credentials for ID verification, and improved access review processes for the extended enterprise.

Trend 9: Commercial and homegrown IAM Solutions Face Growing Demand For Upgrades. Maintaining on-premises IAM systems is becoming more costly and inefficient, making it more attractive to move to a cloud-based platform. Forrester is finding that the brittle, less secure nature of on-premise legacy systems also makes them more difficult to upgrade. Demand is so high for replacing legacy systems that a recent Forrester survey found that the intention to replace homegrown solutions jumped from 4% in 2022 to 18% in 2023.

Trend 10: The Fine-Grained Authorization Market Heats Up. As digital platforms and business app creation continue to proliferate, the need for dynamic and fine-grained access controls is extending beyond security. Forrester says that the IAM market is moving toward centralized and external authorization patterns because of B2B2E and B2B2C relationships and the possibility that genAI could make it easier to create and manage authorization policies.