Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle
September 26, 2023
PRESS RELEASE
Boston, MA – September 26, 2023 – Today, IANS Research and Artico Search released their 2023 Security Budget Benchmark Report, an annual research study that analyzes detailed cybersecurity budget data. This year, 550 Chief Information Security Officers (CISOs) and other security executives provided data.
Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years. Respondents reported an average security budget increase of 6%, a significant decrease from the 17% increase in the previous budget cycle and marks a 65% reduction in growth. Across industries, the decline was most prominent in technology firms, which dropped from +30% growth in 2021-2022 to +5% this year, with more than 33% of organizations freezing or cutting cybersecurity budgets.
"The incremental growth in cybersecurity budgets is insufficient relative to the increases in scope facing security teams," stated Nick Kakolowski, Senior Research Director of IANS. "In the latter part of Q4 2022 and throughout 2023, many CISOs reported difficulty getting the resources they need, with some indicating outright budget freezes. With the recent public breaches at Clorox, MGM, and Caesars, we will be closely monitoring how companies approach budgeting for 2024. Our research indicates that organizations that adjust spending in response to major industry disruptions boost their budgets by 27%, on average."
While security budgets are increasing at a lower rate, security budgets as a share of Information Technology (IT) budgets are trending up, suggesting the impact on security spending is moderate compared to IT spending. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%, with technology firms reporting the largest proportional spending at 19%.
Other key findings:
Across industries, the tech and retail sectors had the largest share of organizations with declining security budgets. The consumer goods and services sector, as well as legal firms, had the highest percentage of budgets remaining flat year-over-year. In contrast, in the business services sector, more than three-fourths of companies had increased budgets.
Firms funded by venture capital (VC) or private equity (PE) firms maintain relatively high security budgets. Compared to publicly listed companies, not-for-profit organizations, and other forms of private enterprises, VC-backed firms have an outsized security budget percentage, averaging nearly 30%, which is more than 2x the overall percentage.
63% of respondents received a budget increase. In 20% of the cases, the increase was a routine annual adjustment, corresponding to an average budget increase of 7%. Increased risk and digital transformation debuted as a reason this year with 17% and 15% respectively.
Cloud-based architectures outspend on-premise designs on staff. Staff and compensation continue to be the largest budget category, claiming 38% of the security budget. Companies that are fully in the cloud have a higher allocation for staff (47%) than companies that are fully on-premise (35%).
"The continued digital transformation and move to the cloud is a massive change for security teams who now need to hire cloud architects, cloud engineers, and cloud compliance professionals at a fast clip," stated Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice. “It is not easy to recruit professionals with these highly coveted technical skills, and talent in this area is expensive.”
For more insights, please download the full summary report.
Survey Methodology
IANS and Artico Search fielded its fourth annual CISO Compensation and Budget survey in April 2023. From April until August, we received survey respondents from more than 660 security executives from a diverse set of companies by size, location, and industry. Of them, 550 respondents completed the budget section in the survey.
Artico Search
Founded in 2021, Artico Search's team of executive recruiters focuses on a “grow and protect” model, recruiting senior go-to-market and security executives in growth venture, private equity, and public companies. Artico’s dedicated security practice delivers CISOs and other senior-level information security professionals for a diverse set of clients.
IANS Research
For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for making decisions and articulating risk. We provide experience-based security insights for CISOs and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024