Facts and misconceptions about cybersecurity budgets

Managing and allocating budgets for cybersecurity and IT has become an increasingly critical aspect of organizational strategy. Organizations recognize the need to invest significantly in cybersecurity to safeguard sensitive data, protect against ransomware attacks, and ensure the integrity of their IT infrastructure. A well-structured cybersecurity budget is crucial for staying ahead of emerging threats and minimizing potential risks.

In this article, you will find excerpts from cybersecurity budget surveys we covered in 2023. These findings will empower your organizations to craft more effective cybersecurity strategies.

Most cybersecurity investments aren’t used to their full advantage

Even with increasing budgets, cost optimization remains a top priority for IT and security decision makers globally. 87% are prioritizing enhancing cloud infrastructure and 85% are prioritizing optimizing IT costs over the next 12 months.

AI-related security fears drive 2024 IT spending

Worldwide IT spending is projected to total $5.1 trillion in 2024, an increase of 8% from 2023, according to Gartner. hile generative AI has not yet had a material impact on IT spending, investment in AI more broadly is supporting overall IT spending growth.

One in five CISOs miss out on pay raise

The most recent average CISO total compensation increase was 11%, down from 14% the previous year. This year, 20% of CISOs did not receive a raise, double that of a year ago, while the share of CISOs with bigger retention bonuses and equity packages also declined to 12% (from 21%) and to 8% (from 24%), respectively.

Cybersecurity budgets show moderate growth

While security budgets are increasing at a lower rate, security budgets as a share of IT budgets are trending up, suggesting the impact on security spending is moderate compared to IT spending. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%, with technology firms reporting the largest proportional spending at 19%.

Cloud service inefficiencies drain IT budgets

52% of IT professionals admitted their organizations have wasted significant IT spend due to inefficiencies with cloud platforms and services. In fact, 73% of IT respondents reported that their cloud investment has resulted in higher-than-expected IT costs within the last 12 months, marking a 28% increase compared to 2021 figures.

Despite rising insider risk costs, budgets are being wasted in the wrong places

Despite the growing cost of insider risks, 88% of organizations spent less than 10% of their total IT security budget on insider risk management. Organizations had an IT security budget of $2,437 per employee, yet only 8.2% (equivalent to $200 per employee) was allocated specifically to insider risk programs and policies.

Economic volatility drives businesses to MSPs

Achieving business growth tops the list of budget drivers, said 32% of respondents. Replacing outdated IT infrastructure was identified by 29% of respondents and security incidents or concerns by 28%.

Increased spending doesn’t translate to improved cybersecurity posture

Despite an average cybersecurity budget increase of 29% in 2023, respondents say they need a further 40% rise to be confident in their ability to mitigate security risks. With this, more than half would spend money on hiring more security specialists, shortly followed by investment in security awareness training (50%) and upskilling security teams (44%).

Factors influencing IT security spending

The study found that a mere 38% of executives said that the looming recession would significantly influence their IT security spending this year. Instead, 48% responded that their growing distributed workforce would have a significant influence, followed closely by supply chain issues (46%).

CIOs prioritize new technologies over tech stack optimization

48% of CIOs are more likely to prioritize innovation in new technologies over optimizing their current tech stack. The stakes are high, with 60% of CIOs reporting that a freeze in investment to innovation would impact their business at once or within weeks across business automation, business model transformation, data analytics and environment, social, and governance initiatives.

Tight budgets and burnout push enterprises to outsource cybersecurity

63% of U.S. cybersecurity professionals had their department’s budget cut in 2023, compared to only 28% of their EMEA counterparts. To further align with tight budgets, both U.S. (67%) and EMEA (61%) organizations have implemented a recruitment slowdown for this year.