When it comes to the security space, we tend to hear the same words used to describe it – words like “fragmented,” “complicated,” and “sprawling.” That’s especially true when you hone in on the security startup space, where it seems like thousands of new companies pop up every day. In the time it takes you to blink, a new security startup is born.

So how do you make sense of it all? How do you separate the signal from the noise? How do you prioritize and allocate budget? How do you identify the best companies to help you realize your goals?

Trust me, I know there are no easy answers, and these aren’t questions that can be answered alone.

That’s why for this year’s CISO Survival Guide, we decided to partner closely with three other leading cybersecurity-focused venture capital firms – ForgePoint Capital, Norwest Venture Partners, and YL Ventures, to break down major trends shaping four areas of cybersecurity today: Secure Access Service Edge (SASE); DevSecOps; Privacy & Compliance; and Security Automation. For the report, we had in-depth interviews with dozens of CISOs from leading companies, and commissioned IDG to survey over 100 more to identify their top focus areas.

After synthesizing our collective assessment of critical use cases, spending patterns, future-proof architectures, promising start-ups, and best practices, here’s a snapshot of what we’ve learned:

• All organizations (98%) see clear and defined benefits of SASE, with zero-trust network access (ZTNA) as their top spending priority for almost half (42%).
• Almost half of organizations are struggling to satisfy their compliance obligations in a growing privacy regulatory landscape, with the top challenge being conflicting interpretation of privacy regulations, policies, and requirements (43%).
• Security professionals increasingly serve a governance role when it comes to secure application development. Nearly all (93%) mentioned the task of bringing a governance focus into app development.
• When it comes to automation, we’re seeing a shift towards detecting security incidents, with only 10% of venture capital dollars devoted to startups focusing on detection in 2019 vs. 27% today.
• All organizations (99%) are interested leveraging startup technology to address new security challenges; however, most (56%) don’t have a formal assessment process for identifying and evaluating the latest and newest tech in this sector.

This only covers a fraction of what we learned. To learn more about top security trends, what CISOs matters to CISOs and how to better engage with the startup ecosystem, download the full 2021 CISO Survival Guide report here.

Cisco Investments is grateful to our venture capital partners who made it happen. If you’re a CISO who is interested in partnering with Cisco, contact us here.