IANS Research and Artico Search released their 2023 Security Budget Benchmark Report, an annual research study that analyzes detailed cybersecurity budget data. This year, 550 Chief Information Security Officers (CISOs) and other security executives provided data.
Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years. Respondents reported an average security budget increase of 6%, a decrease from the 17% increase in the previous budget cycle and marks a 65% reduction in growth. Across industries, the decline was most prominent in technology firms, which dropped from +30% growth in 2021-2022 to +5% this year, with more than 33% of organizations freezing or cutting cybersecurity budgets.
While security budgets are increasing at a lower rate, security budgets as a share of Information Technology (IT) budgets are trending up, suggesting the impact on security spending is moderate compared to IT spending. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%, with technology firms reporting the largest proportional spending at 19%.
Other key report highlights
- Across industries, the tech and retail sectors had the largest share of organizations with declining security budgets. The consumer goods and services sector, as well as legal firms, had the highest percentage of budgets remaining flat year-over-year. In contrast, in the business services sector, more than three-fourths of companies had increased budgets.
- Firms funded by venture capital (VC) or private equity (PE) firms maintain relatively high security budgets. Compared to publicly listed companies, not-for-profit organizations, and other forms of private enterprises, VC-backed firms have an outsized security budget percentage, averaging nearly 30%, which is more than two-times the overall percentage.
- 63% of respondents received a budget increase. In 20% of the cases, the increase was a routine annual adjustment, corresponding to an average budget increase of 7%. Increased risk and digital transformation debuted as a reason this year with 17% and 15% respectively.
- Cloud-based architectures outspend on-premise designs on staff. Staff and compensation continue to be the largest budget category, claiming 38% of the security budget. Companies that are fully in the cloud have a higher allocation for staff (47%) than companies that are fully on-premise (35%).