IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cybersecurity Spending Is Slowing With the Economy

A new report from IANS Research and Artico Search suggests that cybersecurity budgets are growing at a much slower pace than they were previously. Here are the details.

Falling binary code in red and blue against a black background.
Adobe Stock/Crazy Juke
On Friday, Sept. 6, CNBC announced that in the U.S., “August payrolls grew by a less-than-expected 142,000, but unemployment rate ticked down to 4.2%”:

“While the August numbers were close to expectations, the previous two months saw substantial downward revisions. The BLS cut July’s total by 25,000, while June fell to 118,000, a downward revision of 61,000.

“‘I don’t like this a whole lot. It’s not disaster, but it’s below expectations on the headline, and what really bothers me is the revisions,' said Dan North, senior economist for North America at Allianz Trade. 'This is certainly going the wrong way.’”

And just a day earlier, IANS Research and Artico Search released their annual report finding that that “New Research Reveals Security Budgets Only Increased 2 Points in 2024, While 12% of CISOs Faced Reductions.”

Key survey findings highlighted in the Security Budget Benchmark Report include:

Security budget growth hits 8%, up from 2023: Nearly two-thirds of CISOs report increasing budgets. The average growth has risen from 6% in 2023 to 8% this year, but this is only about half of growth rates in 2021 (16%) and 2022 (17%). A quarter of CISOs experienced flat budgets while 12% faced declines.
ians3.jpg

Security Outpaces IT Spend and Annual Revenue Growth: Over the past five years, the security budget as a percentage of IT spending has steadily increased, rising from 8.6% in 2020 to 13.2% in 2024. Similarly, as a percentage of revenue, security budgets have grown from 0.50% to 0.69% during the same period. These trends validate the increasing prioritization of security within organizations, as larger portions of resources are allocated to safeguarding against evolving threats.
ians4.gif

External Risks Drive High Growth Scenarios: The research highlights that significant budget increases are often reactive, driven by external factors such as incidents, breaches, or the rising risks such as those associated with AI adoption. Additionally, internal dynamics like rapid company expansion or strategic shifts, including mergers and acquisitions, were cited by CISOs as key contributors to justify accelerated budget growth.

Budget Growth Rebounds in Some Industries but Not Others
Multiyear budget growth trends vary by industry. In the financial services, tech, retail/hospitality, and legal sectors average security budget growth has improved from 2023 levels but only remains in the mid to high single digits. In contrast, the healthcare, business services and consumer goods and services sectors have seen further declines in average growth rates compared to 2023.
ians5.png

Slower Hiring Amid Cautious Spending: Despite the budget increases, hiring trends tell a different story. Staff growth has slowed significantly, decreasing from 31% in 2022 to 16% in 2023 and further falling to 12% this year. Over a third of CISOs reported maintaining consistent headcount, reflecting a more measured approach to expanding security teams.
ians6.png

You can download the full 2024 IANS Security Budget Benchmark Summary Reporthere.



ians7.png

Media coverage of the report was widespread, with The Register reporting that the “Security boom is over, with over a third of CISOs reporting flat or falling budgets”:

“‘There’s still a continuing talent shortage, so finding and retaining people is very challenging,' Nick Kakolowski, senior research director at IANS, told The Register.

“‘Anecdotally, the biggest factor [in retention] ends up being opportunities for growth. If there's no way forward, people feel they are stagnating, especially after two to four years. It's a very special job that has levels of stress that exceed other roles.’

“The survey does note that overall security spending is still up 8 percent in 2024, although nowhere near the heady days of 2021 (16 percent growth) and 2022 (17 percent). Kakolowski attributed this slowdown not to a general malaise but more to the fact that some sectors, notably manufacturing, had been playing catch-up on their security spending and were now up to speed.”

CYBER INDUSTRY STOCKS OVERALL


One measure of the cybersecurity industry growth comes from the stock market. Cybersecurity stocks have been mixed this year, with lower than average growth compared to other sectors, according toInvestor's Business Daily:

“You may think the time is right to move into cybersecurity stocks amid a flurry of high profile hacking incidents. Also, buzz surrounding artificial intelligence is driving investor interest in cybersecurity stocks. And, federal government spending on cybersecurity should provide a boost in 2024, analysts say.

"As of Sept. 3, the Computer Software-Security group ranked No. 150 out of 197 industry groups that IBD tracks.”

GOVERNMENT IS STILL HIRING CYBER TALENT


Meanwhile, announced this past week, was a federal hiring “sprint”:

“The White House is pushing to fill hundreds of federal cyber, technology and artificial intelligence jobs in the coming months. …

“The cyber hiring initiative features a series of events through the end of October, including a Sept. 27 'National Cybersecurity Virtual Career Fair.' A new 'Service for America' website includes links to open cyber, tech and AI jobs at federal agencies.”

FINAL THOUGHTS


While many private-sector companies are slowing or even freezing their hiring of cybersecurity staff at this time, the public sector is taking advantage of this situation and bringing cyber and other tech talent all over the country.

I encourage frustrated job-seekers to visit federal, state and local government websites and consider a public-sector cyber job. I elaborate on why this is often a good move in this previous blog.

Note: All charts and figures in this blog are from IANS Research and used with permission.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.