Amidst global economic and geopolitical uncertainty, markets are jittery, companies are spending frugally and investors remain cautious. Security budgets are also affected by these realities, with most budgets remaining flat or increasing modestly. Situations of significant budget and staffing growth typically occur in response to external risks or the evolving maturity of the security function.
To uncover the specifics of recent annual budget developments, IANS Research and Artico Search jointly fielded their fifth annual Compensation and Budget survey in April 2024 gathering responses from over 750 CISOs. We received detailed budget data from 681 CISOs that form the basis of this report.
In this piece, we’re breaking down three compelling data points from our Security Budget Benchmark Summary Report. The 2024 edition of our annual survey featured survey responses from over 750 CISOs in the U.S. and Canada across all industries.
Security Budget Hypergrowth Has Ended
The period of double-digit growth in security budgets seen in 2021 and 2022 has not returned. During those years, many organizations were still in catch-up mode regarding their cybersecurity programs. Today, at a growing number of organizations, the function is better understood due to increased collaboration among CISOs, the leadership team and the board of directors.
For 2024, the overall growth rate is 8%, an improvement from 2023 but still around half of 2021 and 2022 levels. When adjusted for inflation, the real growth rate for security budgets is around 5%, up from 2% in 2023 (according to the Bureau of Labor Statistics’ Consumer Price Index). As the chart below shows, despite high inflation in 2021 and 2022, real growth in 2024 is significantly lower compared to those years.
Drivers of High Budget Growth
We asked CISOs with growing budgets to list the top reasons driving their budget increases. The chart below illustrates these reasons in a bubble chart, with the percentage of CISOs citing each reason as the top factor on the left side and the average budget increase shown on the right. The size of the bubbles represents the magnitude of the increase. The largest average increases are linked to incidents or breaches and changes in risk appetite, in each case resulting in a 26% average budget boost. This is followed by company repositioning, company growth, increased risk and major industry disruptions. CISOs who indicated their growth as a typical annual change reported an average budget increase of 7%.
Security Headcount Growth Cools
Cautious spending has led to slower hiring. The average security staff growth rate CISOs reported over the past four years shows a multiyear decline from 31% in 2022 to 12% in 2024 (see chart below).
IANS Faculty Steve Martano, also a partner in Artico Search’s cyber practice comments on the hiring slowdown of security staff: “For the last 12 months, it has been difficult for CISOs to add staff even when there's a need in the organization. Teams are being asked to do more with less, and CISOs are finding it difficult to get budget for recruiting and hiring. This puts a lot of pressure not only on CISOs, but also on their teams.”
CISO Compensation & Security Budget Benchmark Reports
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security organization, security staff compensation and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, department and career path.
Download our 2024 Security Budget Benchmark Report – the first in our series and gain access to these and other valuable insights and data sets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.