If there’s any silver lining in the COVID-19 pandemic, the consensus among cybersecurity professionals interviewed over the past few months is that it amplified the need for a strong security posture — and skilled security professionals.

As companies sent millions of employees to work from home, and, more recently, kids went back to school remotely via video meetings with teachers, organizations’ attack surfaces expanded exponentially. Meanwhile, attackers had a heyday with COVID-19 related attacks. All of this means a ton of overtime work for security professionals.

According to a Microsoft survey, a majority of business leaders reported budget increases for cybersecurity (58%) and compliance (65%) as their organizations adapted to the business implications of the pandemic. Additionally, 82% said they plan to add security staff.

At the same time, however, 81% reported feeling pressure to lower overall security costs. Business leaders from companies with primarily on-premises IT environments are especially likely to feel budget pressure — about one-third of these said they feel “very pressured” to cut costs.

To reduce expenses in the short term, survey respondents say they are prioritizing integrated threat protection to reduce the risk — and expenses — of breaches. Longer term, 39% said they plan to invest in cloud security, including cloud access security brokers (CASBs), cloud workload protection platforms, and cloud security posture management tools.

For this survey, Microsoft interviewed about 800 business leaders from companies with more than 500 employees in India, Germany, the United Kingdom, and the U.S. The survey asked their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape cybersecurity in the long term.

The No. 1 challenge reported by these security leaders was “providing secure remote access to resources, apps, and data.” Pre-pandemic, most businesses relied on company-managed devices and physical access to buildings to secure their corporate resources. But this perimeter-defined approach to security didn’t work with the newly remote workforce that needed to access cloud-based applications and services.

Because of this, Microsoft asked companies to identify the top security investment made during the pandemic, and multi-factor authentication (20%) topped the list. Endpoint device protections (17%) was next, followed by anti-phishing tools (16%), VPN (14%), and end-use security education (12%).

Ultimately, the pandemic will have long-term implications for security beyond companies adopting multi-factor authentication, Microsoft says. This will include zero trust security, and the survey found 94% of companies are in the process of deploying zero trust capabilities while 51% said are speeding up these deployments. “The zero trust architecture will eventually become the industry standard, which means everyone is on a zero trust journey,” Andrew Conway, Microsoft Security GM wrote in a blog post.

The pandemic also proved that integrated security across hybrid environments is a business imperative, and so is a comprehensive cyber resilience strategy. More than half of cloud-forward and hybrid companies reported having cyber-resilience plans for a range of risk scenarios, compared to 40% of companies with primarily on-premises infrastructure. And of these on-premises businesses, 19% said they do not expect to maintain a documented cyber-resilience plan.