By Oscar Prado | October 25, 2019
In our last article,
we talked about cybersecurity risks
that may be present in the most popular
IT technology currently in use.
Although we mentioned some of these in the second part of our previous blog
this time our topic will be slightly different.
We will focus on the main
IT investments for 2019
and the expected changes and trends for upcoming years.
We will discuss about the budget allocation regarding
as well as the factors that lead companies
to invest, or increase the investments in technology.
In recent years
IT’s increasing relevance
has been reflected in the increase in
in its State of IT report ,
by 2020 44% of companies surveyed will have increased,
and plan to keep increasing,
their technology budgets in upcoming years.
Reasons to increase
IT budgets are diverse,
however, the most common factor concerning most companies
is their need to replace outdated technology
in order to remain competitive within their market.
Relevant factors are:
Company size must always be taken into account
when discussing technology and money.
The larger the company,
the higher the budget dedicated to
as we see in the following comparative table :
However, a large investment in
does not necessarily translate into improved security.
A smart investment is frequently better and more profitable.
Focusing on proprietary tools
that do not solve the root causes of issues
can mask real security risks
and may promise solutions to nonexistent problems.
A better course of action is to focus on real solutions.
As was previously mentioned,
the most common reason companies invest in new technology
is to replace old technology
and thus remain competitive,
but security also plays an important role in this field,
since it is the second most relevant reason companies invest in
"One in four enterprises (1,000+ employees) are increasing 2020 IT spend due to a recent security incident."
Companies seem to learn the hard way.
It often takes a security breach
for a company to increase
or even define appropriate security policies regarding
Again, a higher investment does not guarantee
a company’s resources will be protected.
Investments must be balanced
with good security practices and procedures
to address worst-case scenarios,
guaranteeing the safest and best use of every resource.
With this in mind, we created Rules,
a summary of security practices and recommendations
based on international security standards
primarily in software,
but also taking into consideration
hardware and physical security measures.
Check it out, it is free,
and I am sure you will agree that
enhancing the security policies of your company
should be a top priority.
Now that we’ve clarified that companies are interested
in improving their technology
and that there is budgetary support for these changes,
we should identify where allocated budgets are going.
Of course, it depends on a company’s long-term vision,
as well as its size,
but we can search for some patterns
if we take a look at the budget allocation trends
IT in 2020:
Spiceworks'  research
1,005 European and North American companies.
They found that in 2020,
companies' main investment interests
are projected to be in hardware,
software, and cloud-based services.
So let’s take a look at the results and form our own conclusions.
What grabs our attention is the
that companies are most interested in acquiring.
This technology is likely to become
the industry trend in the upcoming years.
Spiceworks can help us again
to form a more complete picture
of what hot topics will be trending
in the technology field:
We can also take a glance at the
KPMG report 
which offers us a similar panorama for
740 technology companies from 12 countries:
Now we see some patterns emerging.
Internet of Things (
and Blockchain technology
are the most adopted technology for several companies.
Some other trends, such as serverless computing,
container technology, and hyperconverged infrastructure,
are all technologies that we often use at
We are dabbling in artificial intelligence
in a cybersecurity approach for vulnerabilities classification,
and we already automate
the vulnerabilities closures
on our customers' pipelines (
with our continuous hacking service.
We are aware of the potential of some of these techniques,
not only for cybersecurity and overall hardening
but also for development and operations.
In the near future,
we hope to implement some of these in our products.
Technology is constantly evolving, whether we are ready or not. It is futile for a company to fight against trends. Embrace them and adapt to them because these changes make our work easier. Technology companies with outdated hardware, software, infrastructure or policies are destined to fail in the long term. Increasing awareness of current and emerging technology is a must to ensure a company’s competitiveness in an everchanging market.
Corporate member of The OWASP Foundation