Cybersecurity budgets show moderate growth

Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years, according to new research from IANS and Artico Search.

Security budgets increase by 6% in 2023

Respondents reported an average security budget increase of 6%, a significant decrease from the 17% increase in the previous budget cycle and marks a 65% reduction in growth. Across industries, the decline was most prominent in technology firms, which dropped from +30% growth in 2021-2022 to +5% this year, with more than 33% of organizations freezing or cutting cybersecurity budgets.

“The incremental growth in cybersecurity budgets is insufficient relative to the increases in scope facing security teams,” stated Nick Kakolowski, Senior Research Director of IANS.

“In the latter part of Q4 2022 and throughout 2023, many CISOs reported difficulty getting the resources they need, with some indicating outright budget freezes. With the recent public breaches at Clorox, MGM, and Caesars, we will be closely monitoring how companies approach budgeting for 2024. Our research indicates that organizations that adjust spending in response to major industry disruptions boost their budgets by 27%, on average,” added Kakolowski.

While security budgets are increasing at a lower rate, security budgets as a share of IT budgets are trending up, suggesting the impact on security spending is moderate compared to IT spending. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%, with technology firms reporting the largest proportional spending at 19%.

The variability in budgeting reflects differences in risk profiles, cyberthreat levels and cyber program maturity.

Business services sector shows strong budget growth

Across industries, the tech and retail sectors had the largest share of organizations with declining security budgets. The consumer goods and services sector, as well as legal firms, had the highest percentage of budgets remaining flat year-over-year. In contrast, in the business services sector, more than three-fourths of companies had increased budgets.

Firms funded by venture capital (VC) or private equity (PE) firms maintain relatively high security budgets. Compared to publicly listed companies, not-for-profit organizations, and other forms of private enterprises, VC-backed firms have an outsized security budget percentage, averaging nearly 30%, which is more than 2x the overall percentage.

63% of respondents received a budget increase. In 20% of the cases, the increase was a routine annual adjustment, corresponding to an average budget increase of 7%. Increased risk and digital transformation debuted as a reason this year with 17% and 15% respectively.

Cloud-based architectures outspend on-premise designs on staff. Staff and compensation continue to be the largest budget category, claiming 38% of the security budget. Companies that are fully in the cloud have a higher allocation for staff (47%) than companies that are fully on-premise (35%).

“The continued digital transformation and move to the cloud is a massive change for security teams who now need to hire cloud architects, cloud engineers, and cloud compliance professionals at a fast clip,” stated Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice. “It is not easy to recruit professionals with these highly coveted technical skills, and talent in this area is expensive.”