In the face of economic uncertainty and inflation, a recent study conducted by IANS and Artico Search indicates that cybersecurity budgets have continued to grow, albeit at a slower rate compared to previous years. Respondents reported an average increase of 6% in their security budgets for 2023, marking a significant decline from the 17% increase observed in the previous budget cycle.
Furthermore, the technology sector experienced the most notable decline, with growth dropping from +30% in 2021-2022 to just +5% this year, and over one-third of organizations opting to freeze or reduce their cybersecurity budgets.
Senior Research Director of IANS, Nick Kakolowski, expressed concerns about the incremental growth in cybersecurity budgets, suggesting it may not be keeping pace with the expanding scope of security responsibilities. Some Chief Information Security Officers (CISOs) reported difficulties in acquiring necessary resources, with instances of outright budget freezes. The recent high-profile breaches at companies like Clorox, MGM, and Caesars are prompting close scrutiny of how organizations approach budgeting for 2024, with research indicating that companies adjusting spending in response to major disruptions tend to boost their budgets by an average of 27%.
While cybersecurity budgets are growing at a slower rate, they represent a larger share of IT budgets, with spending relative to IT budgets increasing from 8.6% in 2020 to 11.6% in 2023. Technology firms report the highest proportional spending at 19%. The variability in budgeting reflects differences in risk profiles, cyber threat levels, and the maturity of cybersecurity programs.
Notably, firms funded by venture capital (VC) or private equity (PE) firms maintain relatively high security budgets, averaging nearly 30%, more than twice the overall percentage. Staff and compensation remain the largest budget category, claiming 38% of the security budget, with cloud-based architectures outspending on-premise designs on staff allocation.