Identity and access management (IAM) is to be the top security initiative by UK and European firms in 2015, according to the latest annual TechTarget/Computer Weekly IT Spending Priorities survey.
In 2014, network-based security was the top priority for European companies, while the most popular security initiative in the UK was mobile endpoint security.
Across Europe, 33% of 2015's respondents indicated they plan to implement IAM initiatives, compared with 31% in 2014, while 36% of UK respondents voted for IAM, down from 38% in 2014.
According to the poll of 590 European respondents, including 111 from the UK, said the next priorities for the region in 2015 are network-based security (32%), data loss prevention (31%) and cloud security (28%).
Data loss prevention remains almost unchanged across Europe from 2104, but investment has declined in the UK from 26% in 2014 to 23%, dropping below vulnerability management compared with 2014.
Network-based security remains a high priority, but has dropped down a position in Europe from first (35%) to second place (32%) and is down from third position (35%) to fifth position (21%) in the UK.
Read more about security spending
Cloud security has moved up from eighth position on the priority ranking in 2014 to fourth position, while IAM has moved up into first place.
Virtualisation security has not increased along with cloud security, but remains consistently high from 2014 at 24%.
In the UK, however, IAM (36%) is followed by encryption (32%), patch and configuration management (32%) and endpoint security (30%).
Cloud security (23%) ranks in fifth position for UK firms alongside data loss prevention, just ahead of network-based security and mobile endpoint security, which are both level pegging at 21% in sixth position.
The UK is below the cloud security average for Europe of 28%, and lags behind Germany (28%) and France (27%), which are both closer to the average.
Mobile endpoint security is also still a top priority across Europe at sixth position with 25% of respondents indicating they plan initiatives in this area for 2015, but down from 2014 when it was a top priority for UK companies with 40% of respondents indicating investment in this area and 31% on average across Europe.
Despite the growing emphasis on cloud security in the UK, virtualisation security has not tracked upwards, with just 13% of respondents indicating planned initiatives in the area compared with 22% in 2014.
Threat detection and management has dropped out of the top five security initiatives with only 11% of European firms investing in this area compared with 27% in 2014, and 9% of UK firms, compared with 22% in 2014.
Application-based security drops down priority list
Another significant change in emphasis is indicated by application-based security dropping down the priority list with only 11% of European firms planning to invest in this area, down from 20% in 2014. The trend is even more marked in the UK, where only 9% of respondents are investing in application-based security, down from 22% in 2014. In 2015, the UK lags behind both Germany (10%) and France (14%).
2015 will also see the emergence of investment in threat intelligence. On average, 12% of European firms plan investments in this area and 9% of UK firms, whereas in 2014, threat intelligence did not rank as one of the top areas of security investment.
Similarly, forensic capabilities has also emerged as an area of investment in 2015 for the first time, with 10% of European firms and 11% of UK firms indicating initiatives in this field.
There is an increase in investment in disaster recovery and business continuity with 41% of European firms investing in this area, up from 38% in 2014. Investment in backup for virtual servers is also up, increasing 1% to 36%. However, bucking the trend slightly, investment in network management and monitoring is down to 29% from 37% in 2014.