Cybersecurity budgets increase but so do incidents
According to a new study, 79 percent of respondents say their organization is making changes to its cybersecurity budget. Of these, 71 percent say their security budgets are increasing, with the average budget at $24 million.
However, the report from Optiv, with research by the Ponemon Institute, also shows 66 percent of the more than 600 respondents report cybersecurity incidents have increased in the past year, up from 61 percent in 2024.
The report highlights a notable shift in how organizations determine their cybersecurity budgets, with 67 percent now using risk and threat assessments to inform their budget decisions, up from 53 percent in 2024. This move toward data-driven decision-making comes as organizations increasingly turn to managed security service providers (MSSPs), with outsourcing to MSSPs jumping from 47 percent in 2024 to 58 percent in 2025, particularly for cloud security guidance.
"The data clearly shows a concerning trend: despite increases in cybersecurity budgets and resources, organizations continue to face more frequent attacks," says John Hurley, Optiv's chief revenue officer. "What's promising is the shift toward more strategic, data-driven approaches to budget allocation and the growing adoption of MSSPs to extend capabilities, particularly as organizations work to better understand their security vulnerabilities within the threat landscape."
Among other findings, 46 percent of respondents say their organizations use AI/ML to prevent cyberattacks, with 88 percent of these respondents incorporating generative AI at some level. The primary drivers for AI/ML adoption are improving operational efficiency (41 percent) and maintaining competitive advantage (40 percent). 57 percent of respondents report that automation has reduced their time to respond to vulnerabilities, with 34 percent seeing significant improvements.
Nearly three-quarters of respondents (74 percent) identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management.
"Our independent research for Optiv reveals that organizations are making strategic investments in technology, processes and people to combat increasingly sophisticated threats," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "The growing adoption of AI, machine learning and automation technologies signals a significant shift in how organizations approach cybersecurity defense, focusing on both prevention and rapid response capabilities."
The full report is available on the Optiv site.
Image credit: Valeriya Ignatenko/Dreamstime.com