Over the past five years, the security budget as a percentage of IT spending has steadily increased, rising from 8.6% in 2020 to 13.2% in 2024, according to the findings of the 2024 Security Budget Benchmark Report.
The report published by IANS Research and Artico Search, has revealed that as a percentage of revenue, security budgets have grown from 0.50% to 0.69% during the same period.
“Security becomes more directly correlated with enterprise value, particularly for companies planning to transact in the near term,” said Steve Martano, IANS Faculty and Executive Cyber Recruiter at Artico Search.
The study compiled findings from the fifth annual CISO Compensation and Budget Research, including responses gathered from over 750 Chief Information Security Officers (CISOs) between April and August 2024.
According to Nick Kakolowski, Sr. Research Director at IANS, it’s clear that CISOs are prioritizing strategic investments over broad expansions.
“The focus is on strengthening defenses against sophisticated threats like AI-driven attacks, even as CISOs navigate tighter fiscal environments,” he said.
“Our research highlights the careful approach security leaders are taking, ensuring that every dollar spent is justified by the most pressing risks,” he added.
According to the findings, nearly two-thirds of CISOs reported increasing budgets.
The average growth has risen from 6% in 2023 to 8% this year, but this is only about half of growth rates in 2021 (16%) and 2022 (17%). A quarter of CISOs experienced flat budgets while 12% faced declines.
The research highlights that significant budget increases are often reactive, driven by external factors such as incidents, breaches, or the rising risks such as those associated with AI adoption.
Additionally, internal dynamics like rapid company expansion or strategic shifts, including mergers and acquisitions, were cited by CISOs as key contributors to justify accelerated budget growth.
Despite the budget increases, hiring trends tell a different story. Staff growth has slowed significantly, decreasing from 31% in 2022 to 16% in 2023 and further falling to 12% this year.
Over a third of CISOs reported maintaining consistent headcount, reflecting a more measured approach to expanding security teams.
“For the last 12 months, it has been difficult for CISOs to add staff even when there’s a need in the organization,” said Martano.
“Teams are being asked to do more with less and CISOs are finding it difficult to get budget for recruiting and hiring. This puts a lot of pressure not only on CISOs, but also on their teams,” he added.