{"id":145,"date":"2024-09-05T13:05:00","date_gmt":"2024-09-05T13:05:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=145"},"modified":"2024-09-05T13:05:00","modified_gmt":"2024-09-05T13:05:00","slug":"ciso-budget-survey-modest-increases-in-2024","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=145","title":{"rendered":"CISO budget survey: Modest increases in 2024"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Security budgets are either flat or increasing modestly compared to 2023, due to global economic and geopolitical uncertainty, according to a new survey of CISOs. One result is slower staff hiring.<\/p>\n

Those are the main conclusions of the annual security budget report<\/a> released on Thursday by IANS Research and executive recruiting firm Artico Search.<\/p>\n

Nearly two-thirds of respondents surveyed reported increased budgets in 2024. The average budget growth rose from 6% in 2023 to 8% this year.<\/p>\n

But that\u2019s only about half of the growth rates during the Covid-19 pandemic years of 2021 (16%) and 2022 (17%), when the digital transformation required to deal with staff working remotely powered spending. A quarter of CISOs said their budget this year is flat, while 12% faced declines.<\/p>\n

\u201cWe saw more plateaued spending [this year] because organizations from a macro level have been tightening their belts,\u201d Steve Martano, an IANS faculty member and a member of Artico Search, said in an interview.<\/p>\n

\u201cThere\u2019s a lot less movement in terms of leadership, who take up 40% of the security budget because of comps [compensation] and staff. That was a contributing factor as well. And we heard anecdotally in Q4 of \u201823 that early projections on security budgets were being ratcheted down, and that continued through the whole year.\u201d<\/p>\n

\u201cThat belt tightening continued through most of 2024. It\u2019s a little early to say what that will look like in 2025. We\u2019re seeing a little bit of signs of life as far as movement in the market in terms of opportunities for CISOs, but we don\u2019t have the implications of the budgeting on that.\u201d<\/p>\n

The survey covered 775 CISOs, 681 of whom completed the section on budget and security headcount growth and multiyear budget trends.\u00a0 Just over 90% of the respondents worked for American firms, while 5% were Canadian and another 3% were from Europe and the Middle East.<\/p>\n

The plateau in annual spending budgets is in part due to economic conditions and in part because fewer\u00a0organizations need to spend on huge digital transformations, Martano said. Survey respondents said CISOs getting bigger budgets have to deal with events like data breaches, new regulatory requirements, or the organization getting a new large customer.<\/p>\n

Those sectors seeing security budget increases are financial services, technology, retail and hospitality, and legal. Those seeing decreases are healthcare, business services, consumer goods and services, and manufacturing. These may be organizations hit hardest by inflation and that are not only cutting cyber budgets but overall spending, the report says.<\/p>\n

Headcount growth cooling<\/h2>\n

Security headcount growth is also cooling. While still double-digit, staff was expected to grow 12% this year, down from 16% last year and 31% in 2022. Put another way, 52% of CISOs planned to add headcount this year, slightly down from the 55% of respondents in 2023 who said they would add staff, and markedly down from 68% in 2022.<\/p>\n

For the last 12 months, the report said, it has been difficult for CISOs to add staff even when there\u2019s a need. \u201cTeams are being asked to do more with less, and CISOs are finding it difficult to get budget for recruiting and hiring. This puts a lot of pressure not only on CISOs, but also on their teams.\u201d<\/p>\n

It causes staff on the security team to get burned out, warned Martano, while picking up the slack for others and not necessarily getting the compensation they feel they deserve. \u201cAnd while attrition has been relatively low in 2024, as soon as something pops up that\u2019s interesting to them, they will likely pursue it. There\u2019s going to be a reckoning when the market starts to open up more and people have opportunities.\u201d<\/p>\n

CISOs will have to look at the money they have and prioritize it, he added.<\/p>\n

Security spending as a percentage of IT is growing<\/h2>\n

One good sign for CISOs: Security as a percentage of IT spend continues to grow. It was 8.6% in 2020, and is expected to be 13.2% this year. Security budgets measured as a percentage of corporate revenue are also up. \u201cThese upward trends indicate larger shares of organizations\u2019 resources are being allocated to security compared to other functions,\u201d said the report.<\/p>\n

About half of CISOs surveyed say they are somewhat or very satisfied with their budgets. \u201cAnecdotally,\u201d the report added, \u201cmany CISOs think their budgets should be larger.\u201d<\/p>\n

But, Martano said, the security budget has to match the risk posture of the organization, unless there was a boost in spending due to a data breach or a special event. \u201cAn information security leader who asks for a budget that mis-aligns with everybody else\u201d is a problem. \u201cIf everybody\u2019s taking a haircut and the CISO expects an 80% increase in their budget, all else equal, that probably shows a lack of executive maturity.\u201d<\/p>\n

CISOs want to have more tools and offer better compensation to staff, he acknowledged. But \u201cas this function [CISO] becomes more of a business executive function, there is an understanding that there is going to be scrutiny on the budget. It needs to be aligned with the priorities of the organization, that it\u2019s not just security for security\u2019s sake. It needs to be aligned with the risk posture as well.\u201d<\/p>\n

If a CISO wants to justify a budget increase to the CEO and board, there will have to be a catalyst, Martano said, such as digital transformation.<\/p>\n

\u201cTo do that, CISOs need to be in front of their board, in front of the executive leadership, articulating how security fits into the broader business objectives.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Security budgets are either flat or increasing modestly compared to 2023, due to global economic and geopolitical uncertainty, according to a new survey of CISOs. One result is slower staff hiring. Those are the main conclusions of the annual security budget report released on Thursday by IANS Research and executive recruiting firm Artico Search. Nearly […]<\/p>\n","protected":false},"author":0,"featured_media":146,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/145"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=145"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/146"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}