Security Budget Growth Hits Five-Year Low: A Looming Risk for Organizations
The relentless march of cyber threats isn’t slowing down, yet investment in security is. A new report from IANS Research and Artico Search reveals a meaningful deceleration in security budget growth,hitting just 4% year-over-year – the lowest rate observed in five years. This marks a stark contrast to the 8% growth seen in 2024, signaling a concerning trend for organizations navigating an increasingly complex threat landscape.
This slowdown isn’t happening in a vacuum. Global economic uncertainties – geopolitical tensions, unpredictable tariffs, and fluctuating inflation and interest rates - are undeniably impacting financial planning across all sectors. Security,sadly,isn’t immune.
The Budget Squeeze: More Scope, Less Support
Despite cybersecurity consistently ranking as a top-five business risk for most companies, Chief Information Security Officers (CISOs) aren’t receiving budget increases that reflect the expanding scope of their responsibilities. This disconnect is creating a risky situation.
“We’re seeing a clear pattern: macro conditions directly influence security budgets,” explains Steve Martano,IANS Faculty and partner at Artico Search. “Security leaders and their teams are stretched incredibly thin due to hiring freezes and limited funds.”
The consequences are already being felt:
Reduced Team Morale: Constant pressure and limited resources lead to burnout and decreased job satisfaction.
Delayed Initiatives: Critical security projects are put on hold, leaving vulnerabilities unaddressed.
Growing Risk Gap: The difference between an institution’s stated risk appetite and its actual security posture widens, increasing exposure to potential breaches.
IT Spending Shifts & Staffing Shortages
The decline in security investment is further highlighted by a drop in security’s share of overall IT spending. It’s decreased from 11.9% to 10.9%, reversing a five-year upward trend. This shift is largely driven by increased investment in Artificial Intelligence (AI) and cloud technologies, which are currently outpacing security budget growth.
Staffing growth has also stalled, reaching a four-year low of 7%. Hiring freezes are preventing security teams from scaling to meet the growing demands of the threat surroundings. A staggering 89% of CISOs report being understaffed, wiht only 11% feeling adequately equipped to handle current security requirements.
Strategic Prioritization is Key
This challenging environment demands a new approach. security is now being treated like any other business unit,with budgets reflecting broader organizational goals and economic realities.”CISOs are facing immense pressure to prioritize strategically and build consensus around acceptable risk levels given budget constraints,” says Nick Kakolowski, research director at IANS. This requires a shift from simply asking for more resources to demonstrating the value of security investments in terms of business impact.
What This Means for Your Organization
The current trend isn’t just about numbers; it’s about risk. Organizations must proactively address the budget and staffing challenges to maintain a robust security posture. Consider these steps:
Risk-Based Prioritization: Focus on mitigating the most critical threats to your organization.
Automation & Efficiency: Leverage automation tools to streamline security operations and maximize the impact of existing resources.
Strategic Outsourcing: Consider partnering with Managed security Service Providers (MSSPs) to fill skill gaps and augment your team.
* Executive Interaction: Clearly articulate the business risks associated with underinvestment in security to leadership.
Ignoring these warning signs could have severe consequences. A proactive, strategic approach to security investment is no longer a luxury – it’s a necessity.
For a deeper dive into these findings, access the full report from IANS: https://www.iansresearch.com/resources/ians-security-budget-benchmark-report
Image Credit: Valeriya ignatenko/Dreamstime.com (
