Boston, MA – September 26, 2023 – The 2023 Security Budget Benchmark Report, released by IANS Research and Artico Search, sheds light on the state of cybersecurity budgeting in organizations. The annual research study analyzed detailed cybersecurity budget data provided by 550 Chief Information Security Officers (CISOs) and other security executives.
Despite the economic uncertainty and inflation, security budgets continued to rise, albeit at a lower rate compared to previous years. The respondents reported an average security budget increase of 6%, which marked a significant decrease from the 17% increase in the previous budget cycle. This 65% reduction in growth suggests a more conservative approach to budgeting for cybersecurity.
One of the most notable findings was the decline in security budgets in technology firms. These organizations experienced a drop from +30% growth in 2021-2022 to +5% this year. More than 33% of technology firms froze or cut their cybersecurity budgets. This trend can be attributed to the challenges faced by security teams in the latter part of Q4 2022 and throughout 2023 in acquiring the necessary resources. Some CISOs even reported outright budget freezes. The recent high-profile breaches at Clorox, MGM, and Caesars have further emphasized the importance of monitoring how companies approach budgeting for cybersecurity in 2024.
While the rate of increase in security budgets has decreased, the share of security budgets in Information Technology (IT) budgets has been trending up. This suggests that the impact on security spending is moderate compared to overall IT spending. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%. Technology firms reported the largest proportional spending on security, allocating 19% of their budgets to cybersecurity.
The report also highlighted some key findings across industries. The tech and retail sectors had the most significant share of organizations with declining security budgets, while the consumer goods and services sector, along with legal firms, had the highest percentage of budgets remaining flat year-over-year. On the other hand, the business services sector saw increased budgets in more than three-fourths of companies.
Firms funded by venture capital (VC) or private equity (PE) maintained relatively high security budgets. Compared to publicly listed companies, not-for-profit organizations, and other forms of private enterprises, VC-backed firms allocated nearly 30% of their budgets to cybersecurity. This is more than twice the overall average percentage.
The majority of respondents (63%) received a budget increase, with routine annual adjustments accounting for 20% of the cases. Risk and digital transformation were cited as reasons for increased budgets this year, with 17% and 15% respectively.
Staff and compensation remained the largest budget category, claiming 38% of the security budget. Cloud-based architectures outspent on-premise designs in staff allocation, with companies fully in the cloud allocating 47% of their budget to staff compared to 35% for companies fully on-premise. This shift in budget allocation can be attributed to the need for security teams to hire professionals with cloud-related technical skills to support the ongoing digital transformation.
Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice, highlighted the challenges of hiring professionals with highly coveted cloud-related technical skills. The continued digital transformation and move to the cloud require security teams to hire cloud architects, engineers, and compliance professionals at a fast pace. However, talent in this area is expensive and finding qualified professionals can be challenging.
Overall, the 2023 Security Budget Benchmark Report provides valuable insights into the state of cybersecurity budgeting in organizations. While budgets are increasing at a lower rate, the impact on security spending remains moderate compared to IT spending. The challenges faced by security teams in acquiring the necessary resources highlight the importance of adjusting spending in response to major industry disruptions. As organizations continue their digital transformations and move to the cloud, the need for skilled professionals in these areas will likely drive increased budget allocations for staffing.