Amid rising SaaS costs, organizations must prioritize email security
As companies struggle to contain soaring SaaS costs, email security is one area where orgs simply can’t afford to skimp
The past few years have been tough for the average consumer. According to the Bureau of Labor Statistics, consumer prices have risen by 3%, 5%, and 6% over the last three years. The consumer industry isn’t the only industry impacted either.
Just look at the world of enterprise tech, for example. In November of 2022 — back when the consumer price index was busy setting records of the worst kind imaginable — enterprise tech prices were quietly climbing at a rate 4 times higher than that of overall market inflation. What’s worse, this came at a time when organizations were setting records for average SaaS portfolio size. For a time, 1 in every 8 dollars spent by modern organizations went directly to SaaS costs.
CEO of IRONSCALES.
Gathering Economic Storm Clouds Cast Towering Tech Stacks in a New Light
That is, until, some sudden economic headwinds caused the powers that be in the business world to second guess their towering tech stacks (and the eye-watering expenses associated with them). And so, today, we find ourselves in a period of “stack streamlining” — or, for those that view the situation with a bit more vitriol, “trimming the tech fat.”
No matter what you call it, it’s a wise move for most businesses to cast a critical eye on their SaaS expenditures. However, it’s important to remember that not all SaaS solutions are built equally. While some tools undoubtedly fall into the category of fluff, others are downright indispensable. Unfortunately, it’s not always readily apparent which applications fall into which categories.
That’s why, in this article, we’ll take a look at some tips for how to conduct a measured, effective tech audit; and also make the case for why almost anything in the cybersecurity space should be considered absolutely last on the list of expendable enterprise apps in today’s rapidly evolving cyber threat landscape.
As the Consumer Price Index Cools, Enterprise Tech Costs Continue to Climb
Back in 2022, when enterprise tech prices were busy blowing overall consumer inflation out of the water, the eternal optimists of the world were probably reassuring their peers that this would be a flash in the pan. However, over the ensuing 12-month period ending in November of 2024, nearly two-thirds (73%) of all SaaS vendors raised their prices even further, at an average year-over-year increase of over 12%. Worse yet, more than a few vendors made those double-digit price hikes look like modest adjustments. Webflow, for example, hiked the price of their flagship software by a jaw-dropping 23% in 2023 alone.
Although SaaS prices continued to outpace overall market inflation by more than 200% — the size of the average corporate SaaS portfolio reached an all-time high of over 370 applications. However, this highwater mark for enterprise SaaS adoption was short-lived.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Executives Call Bloated Enterprise Tech Stacks into Question
As you’ve probably already imagined, it didn’t take long for the average business decision-maker to look upon SaaS costs (along with practically every other source of capital expenditure) with a critical eye — and they weren’t exactly pleased with what they saw.
Just as SaaS portfolios were reaching all-time highs in size, another study from the same period revealed that less than half (44%) of companies’ SaaS applications were actually being regularly used by employees. At the same time, studies showed that the U.S. IT departments were wasting roughly $85B per year on bad tech. Due in part to revelations like these (along with other internal and external forces), by year’s end 2023, the average SaaS portfolio size had suddenly fallen in size by over 10% YoY.
As Your Business Considers Tightening Its Purse Strings, Beware Sacrificing Security Posture
In case you’ve missed it, the past few years have brought about some profound changes in the world of cybersecurity. With massive increases in advanced phishing attacks — such as business email compromise (BEC), spear phishing, and advanced social engineering — along with the arrival of generative AI, deepfakes, and a slew of other cutting-edge threats, CISOs and their teams are feeling the heat, to say the least.
In fact, in Splunk’s 2024 State of Security survey report, when asked what types of cyberattacks are most concerning, “AI-powered attacks” topped the list as the number one most anxiety-inducing type of attack. In the same report, 32% of respondents were most concerned about attackers using generative AI to optimize existing attacks, such as crafting more realistic phishing emails or refining malicious scripts. Another oft-cited concern is the possibility of less skilled, opportunistic hackers exploiting generative AI to drive a significant uplift in social engineering attacks — contributing to the 28% of respondents that worry that generative AI will help adversaries increase the volume of existing attacks.
While I’d argue that this is not the time to skimp on any form of cybersecurity, the fact that email still represents the number one threat vector, playing a role in upwards of 96% of all breaches today, if one slice of your security architecture must be prioritized it ought to be protecting your employees’ inboxes, and, increasingly, security professionals are coming to the conclusion that the only way to effectively fight these new, AI-enabled threats is by leveraging the adaptive intelligence of AI themselves.
Whether Budgets Are Set to Fall or Stall, Security Postures Will Be Put at Risk
As businesses look to assess the worth of various tools in their technology stacks, you will inevitably hear calls for compromise in the form of budget freezes — that is, rather than cutting budgets, simply freezing the current state of one’s stack in order to prevent any further cost increases.
While this may sound reasonable at first blush, not every part of your stack is in a position to be frozen in time. And that holds especially true in the field of cybersecurity. As we cited earlier, the modern threat landscape is changing at breakneck speed — with new, much more advanced (and often AI-enabled) attack types being discovered by the day. In such an environment, simply sticking with one’s legacy security solutions — such as secure email gateways (SEGs) — is often just as problematic as making active cuts; as these types of tools are fundamentally unfit to defend against today’s modern, AI-driven cyberthreats.
At the end of the day, the future of cybersecurity will be a battle between offensive and defensive applications of AI. And as of today, most security professionals are torn as to which side of the battlefield will emerge victorious. In the aforementioned State of Security Report from Splunk, just 43% of respondents felt that AI would benefit defensive capabilities the most, while 45% felt adversaries would win the day with AI. This marks an encouraging uptick from just eight months ago, where a similar report found only 17% of respondents thought AI would advantage defenders.
Strap In, CISOs: Cost-Cutting, Complacency Join AI on the Rapidly-Expanding List of Existential Threats to Organizational Cybersecurity
In 2020 and 2021 — just as remote work, endless Zoom meetings, and the use of sketchy public wi-fi networks at your local Starbucks were becoming facts of life — business leaders across the private sector recognized the very real and immediate need for increased investment in cybersecurity.
And so, for two triumphant years, double-digit budget increases became the norm throughout the field of cybersecurity. But, not for long. According to research from IANS and Artico, by 2023, the average cybersecurity budget increase had fallen to just 6%. And yet, for a sizable percentage of organizations, matters were even worse. In the same study, well over a third (37%) of survey respondents said their organizations’ cybersecurity budgets had either remained flat or were reduced in fiscal year 2023.
While we’ve most certainly seen purse strings tighten as of late, most of today’s analysts are forecasting that tech budgets will in fact continue to grow — rather than contract — over the next 12 to 24 months — albeit at slower rates than we’ve seen in the past.
Perhaps most importantly, cuts and freezes won’t be instituted uniformly across operations. That’s why, as cost-cutting initiatives continue to gain steam, it’s up to the cybersecurity community to make the case to leadership that their budget is one that simply cannot be skimped on — and leading vectors such as email should be bolstered at any costs.
And for those not well-versed in the art of internal advocacy, hopefully this article gives you a good place to start.
We've listed the best secure email providers.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Eyal Benishti, CEO of IRONSCALES.