More CISOs are facing flat or even falling security budgets, with uncertainty in the wider economy the main cause.
According to the 2024 Security Budget Benchmark Report, published by IANS Research and Artico Search, most security departments are still increasing spending. However, the days of double-digit growth are over, and a significant minority face either flat or falling budgets.
A survey of 750 CISOs found that, in the first half of 2024, average security budgets grew by 8%. Although this is an increase over 2023’s 6% rise, it is less than half the 17% growth in spending seen in 2022.
Nor were all CISOs able to increase their budgets, despite growing cyber-threats. A quarter of CISOs had flat budgets and a further 12% saw funding cut back. Some sectors – including financial services, technology and retail – saw growth, but this was limited to single figures.
Organizations are also targeting their security spending carefully.
“The focus is on strengthening defenses against sophisticated threats like AI-driven attacks, even as CISOs navigate tighter fiscal environments,” said Nick Kakolowski, senior research director at IANS.
“Our research highlights the careful approach security leaders are taking, ensuring that every dollar spent is justified by the most pressing risks.”
Cyber Recruitment Also Affected
Tighter budgets are also affecting recruitment. The researchers found that hiring has slowed significantly, with one in three CISOs saying they are keeping their headcounts flat.
Read more about the cyber workforce: Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
IANS also noted that where organizations are spending, it is mainly in response to breaches, incidents or increasing risk.
Other researchers report a similar picture.
“Our latest research reveals a complex picture of cybersecurity budgets globally. While we're not seeing drastic cuts across the board, the modest growth in budget, especially taking into account not just the rising cyber-threats, but the persistent staffing challenges, can feel like a cut in real terms for many organizations,” explained Chris Dimitriadis, chief global strategy officer at ISACA.
“Cost continues to be a significant barrier for many companies looking to strengthen their cybersecurity efforts, where the return on these investments isn’t immediately clear.
“With an uncertain economy factored in, it is understandable why, in some sectors, security budgets are not growing, if at all, but shrinking. These factors are contributing to a cautious approach to cybersecurity spending, even in the face of growing risks.”