IANS Research and Artico Search unveiled the 2024 Security Budget Benchmark
Report, offering critical insights into
the state of security budgets and staffing amidst a backdrop of global economic
challenges. This comprehensive study compiled findings from the fifth annual
CISO Compensation and Budget Research, including responses gathered from over
750 Chief Information Security Officers (CISOs) between April and August 2024.
The report indicates a cautious yet necessary expansion in security spending.
Amidst global economic and
geopolitical uncertainty, markets are jittery, companies are spending frugally,
and investors remain cautious. Security budgets are also affected by these
realities with most budgets remaining flat or increasing modestly.
"As organizations confront an
evolving threat landscape, the slight uptick in cybersecurity budgets this year
reflects a careful balancing act," said Nick Kakolowski, Sr. Research
Director at IANS. "While we see modest increases, it's clear that CISOs
are prioritizing strategic investments over broad expansions. The focus is on
strengthening defenses against sophisticated threats like AI-driven attacks,
even as CISOs navigate tighter fiscal environments. Our research highlights the
careful approach security leaders are taking, ensuring that every dollar spent
is justified by the most pressing risks.
Key findings highlighted in the
Security Budget Benchmark Report include:
- Security budget growth
hits 8%, up from 2023
Nearly two-thirds of CISOs report
increasing budgets. The average growth has risen from 6% in 2023 to 8% this
year, but this is only about half of growth rates in 2021 (16%) and 2022 (17%).
A quarter of CISOs experienced flat budgets while 12% faced declines.
- Security Outpaces IT
Spend and Annual Revenue Growth
Over the past five years, the
security budget as a percentage of IT spending has steadily increased, rising
from 8.6% in 2020 to 13.2% in 2024. Similarly, as a percentage of revenue,
security budgets have grown from 0.50% to 0.69% during the same period. These
trends validate the increasing prioritization of security within organizations,
as larger portions of resources are allocated to safeguarding against evolving
threats.
- External Risks Drive
High Growth Scenarios
The research highlights that
significant budget increases are often reactive, driven by external factors
such as incidents, breaches, or the rising risks such as those associated with
AI adoption. Additionally, internal dynamics like rapid company expansion or
strategic shifts, including mergers and acquisitions, were cited by CISOs as
key contributors to justify accelerated budget growth.
- Budget Growth Rebounds
in Some Industries but Not Others
Multiyear budget growth trends
vary by industry. In the financial services, tech, retail and hospitality, and
legal sectors, average security budget growth has improved from 2023 levels but
only remains in the mid-to-high single digits. In contrast, the healthcare,
business services, and consumer goods and services sectors have seen further
declines in average growth rates compared to 2023.
- Slower Hiring Amid
Cautious Spending
Despite the budget increases,
hiring trends tell a different story. Staff growth has slowed significantly,
decreasing from 31% in 2022 to 16% in 2023 and further falling to 12% this
year. Over a third of CISOs reported maintaining consistent headcount, reflecting
a more measured approach to expanding security teams.
"For the last 12 months, it has
been difficult for CISOs to add staff even when there's a need in the
organization," said Steve Martano, IANS Faculty and Executive Cyber Recruiter
at Artico Search. "Teams are being asked to do more with less and CISOs are
finding it difficult to get budget for recruiting and hiring. This puts a lot
of pressure not only on CISOs, but also on their teams."
The 2024 Security Budget Benchmark
Summary Report is now available to
cybersecurity leaders to support their budget planning.