First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content

Amid rising SaaS costs, organizations must prioritize email security

The past few years have been tough for the average consumer. According to the Bureau of Labor Statistics, consumer prices have risen by 3%, 5%, and 6% over the last three years. The consumer industry isn’t the only industry impacted either.

Just look at the world of enterprise tech, for example. In November of 2022 — back when the consumer price index was busy setting records of the worst kind imaginable — enterprise tech prices were quietly climbing at a rate 4 times higher than that of overall market inflation. What’s worse, this came at a time when organizations were setting records for average SaaS portfolio size. For a time, 1 in every 8 dollars spent by modern organizations went directly to SaaS costs.

Gathering Economic Storm Clouds Cast Towering Tech Stacks in a New Light

That is, until, some sudden economic headwinds caused the powers that be in the business world to second guess their towering tech stacks (and the eye-watering expenses associated with them). And so, today, companies find themselves in a period of “stack streamlining” — otherwise known as “trimming the tech fat.”

No matter what you call it, it’s a wise move for most businesses to cast a critical eye on their SaaS expenditures. However, it’s important to remember that not all SaaS solutions are built equally. While some tools undoubtedly fall into the category of fluff, others are downright indispensable. Unfortunately, it’s not always readily apparent which applications fall into which categories.

This article looks at some tips for how to conduct a measured, effective tech audit. It also makes the case for why almost anything in the cybersecurity space should be considered absolutely last on the list of expendable enterprise apps in today’s rapidly evolving cyber threat landscape.

As the Consumer Price Index Cools, Enterprise Tech Costs Continue to Climb

Back in 2022, when enterprise tech prices were busy blowing overall consumer inflation out of the water, the eternal optimists of the world were probably reassuring their peers that this would be a flash in the pan. However, over the ensuing 12-month period ending in November of 2024, nearly two-thirds (73%) of all SaaS vendors raised their prices even further, at an average year-over-year increase of over 12%. Worse yet, more than a few vendors made those double-digit price hikes look like modest adjustments. Webflow, for example, hiked the price of their flagship software by a jaw-dropping 23% in 2023 alone.

Although SaaS prices continued to outpace overall market inflation by more than 200% — the size of the average corporate SaaS portfolio reached an all-time high of over 370 applications. However, this highwater mark for enterprise SaaS adoption was short-lived.

Executives Call Bloated Enterprise Tech Stacks into Question

As you’ve probably already imagined, it didn’t take long for the average business decision-maker to look upon SaaS costs (along with practically every other source of capital expenditure) with a critical eye — and they weren’t exactly pleased with what they saw.

Just as SaaS portfolios were reaching all-time highs in size, another study from the same period revealed that less than half (44%) of companies’ SaaS applications were actually being regularly used by employees. At the same time, studies showed that the U.S. IT departments were wasting roughly $85B per year on bad tech. Due in part to revelations like these (along with other internal and external forces), by year’s end 2023, the average SaaS portfolio size had suddenly fallen in size by over 10% YoY.

As Your Business Considers Tightening Its Purse Strings, Beware Sacrificing Security Posture

The past few years have brought about some profound changes in the world of cybersecurity. With massive increases in advanced phishing attacks — such as business email compromise (BEC), spear phishing, and advanced social engineering — along with the arrival of generative AI, deepfakes, and a slew of other cutting-edge threats, CISOs and their teams are feeling the heat, to say the least.

In fact, in Splunk’s 2024 State of Security survey report, when asked what types of cyberattacks are most concerning, “AI-powered attacks” topped the list as the number one most anxiety-inducing type of attack. In the same report, 32% of respondents were most concerned about attackers using generative AI to optimize existing attacks, such as crafting more realistic phishing emails or refining malicious scripts.

Another common concern is the possibility of less skilled, opportunistic hackers exploiting generative AI to drive a significant uplift in social engineering attacks — contributing to the 28% of respondents that worry that generative AI will help adversaries increase the volume of existing attacks.

While many would argue that this is not the time to skimp on any form of cybersecurity, the fact that email still represents the number-one threat vector, playing a role in upwards of 96% of all breaches today indicates that if one slice of your security architecture must be prioritized, it ought to be protecting your employees’ inboxes. Increasingly, security professionals are coming to the conclusion that the only way to effectively fight these new, AI-enabled threats is by leveraging the adaptive intelligence of AI themselves.

Whether Budgets Are Set to Fall or Stall, Security Postures Will Be Put at Risk

As businesses look to assess the worth of various tools in their technology stacks, you will inevitably hear calls for compromise in the form of budget freezes — that is, rather than cutting budgets, simply freezing the current state of one’s stack in order to prevent any further cost increases.

While this may sound reasonable at first blush, not every part of your stack is in a position to be frozen in time. And that holds especially true in the field of cybersecurity. As cited earlier, the modern threat landscape is changing at breakneck speed — with new, much more advanced (and often AI-enabled) attack types being discovered by the day.

In such an environment, simply sticking with one’s legacy security solutions — such as secure email gateways (SEGs) — is often just as problematic as making active cuts; as these types of tools are fundamentally unfit to defend against today’s modern, AI-driven cyberthreats.

At the end of the day, the future of cybersecurity will be a battle between offensive and defensive applications of AI. And as of today, most security professionals are torn as to which side of the battlefield will emerge victorious. 

Strap In, CISOs: Cost-Cutting, Complacency Join AI on the Rapidly-Expanding List of Existential Threats to Organizational Cybersecurity

According to research from IANS and Artico, by 2023, the average cybersecurity budget increase had fallen to just 6%. And yet, for a sizable percentage of organizations, matters were even worse. In the same study, well over a third (37%) of survey respondents said their organizations’ cybersecurity budgets had either remained flat or were reduced in fiscal year 2023.

While we’ve most certainly seen purse strings tighten as of late, most of today’s analysts are forecasting that tech budgets will in fact continue to grow — rather than contract — over the next 12 to 24 months.

Perhaps most importantly, cuts and freezes won’t be instituted uniformly across operations. That’s why, as cost-cutting initiatives continue to gain steam, it’s up to the cybersecurity community to make the case to leadership that their budget is one that simply cannot be skimped on — and leading vectors such as email should be bolstered at any costs.

 

This article was written by Eyal Benishti from TechRadar and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe