Cybersecurity budget growth hits a five-year low

Average security budget growth has slowed to just four percent year-on-year, the lowest rate in five years and a sharp decline from eight percent in 2024.

The slowdown comes in the face of continued global market volatility, driven by geopolitical tensions, uncertain tariff policies, and fluctuating inflation and interest rates, says a new report from IANS Research and Artico Search.

“Once again, we find that security budgets are not immune to macro conditions,” says Steve Martano, IANS Faculty and partner at Artico Search. “Despite most companies identifying cyber as a top five business risk, most CISOs are not receiving budget increases commensurate with the increase in security program scope. This year, the staffing constraints are especially significant with security leaders and their teams both reporting that they are stretched thin due to hiring freezes or limited budget for hiring. The downstream effects of this are real and include reduced team morale, delayed or stalled initiatives, and a growing gap between the company’s risk appetite and operational security.”

Security budget as a percentage of IT spend has declined too from 11.9 percent to 10.9 percent, breaking a five-year upward trend as AI and cloud investments drove a rebound in IT spending surpassing security budget growth.

Staffing growth has also slowed to seven percent, its lowest level in four years, as hiring freezes have limited teams’ ability to scale despite the threat environment becoming more complex. Only 11 percent of CISOs report being adequately staffed, while the remaining 89 percent describe their teams as stretched thin or understaffed leading to serious organizational risk given the continually expanding scope of security requirements.

"Security is being treated like any other business unit -- its budget is largely a reflection of the macro environment and organizational goals,” says Nick Kakolowski, research director at IANS. “This is challenging as security's scope is rapidly increasing, putting pressure on CISOs to prioritize strategically and build organizational consensus around risk tolerances relative to budget availability."

You can get the full report from the IANS site.

Image credit: Valeriya Ignatenko/Dreamstime.com