InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
In this piece, we’re breaking down two compelling data points from our Security Budget Benchmark Report. The 2022 edition of our annual survey featured survey responses from over 500 CISOs in the U.S. and Canada
across all industries.
Overall, 79% of our survey respondents reported an increase in their organization’s security budget YoY. Of this subset, the average budget increase was 22%. These organizations experienced growth in cyber investments driven by business expansions,
security program development and increased awareness of business exposure.
To effectively mitigate the ever-evolving threat landscape, CISOs were bold and requested an average of a 32% boost in their security budget YoY – with eight out of 10 CISOs receiving a budget increase by an average by 17%.
Data from our respondents highlight breaches or security incidents at the company as triggers for the largest increases in security budgets, adding an average of 36% to the budget.
Other contributing factors included strategic changes such as a merger or acquisition and high-profile industry disruptive events drove up security budgets by 27% and 20%, respectively. (See Figure 1)
When it comes down to where and how security budgets are allocated, our data showed staff and compensation consumed the largest portion at 39% of the total security budget.
For the third year in a row software spending represented a sizable portion of the budget across two categories for a total of 28%, with the rise of cloud transformation influencing 10% more spending towards off-premises software than on-premises solutions.
Outsourcing averages 10% of the security budget by comparison, a much smaller component. (see Figure 2).
Steve Martano, co-founder at Artico Search, said, “Despite staff compensation being the plurality of the CISO’s budget, most security leaders are struggling to get adequate resources required to fill
critical roles and hire backfills from staff attrition. Misaligned salary bands, outdated market data and the competitiveness of the market across all levels of security make hiring and retaining a full team a constant struggle, despite staff compensation
being the largest CISO budget line item.”
Research-backed data found in this annual report can provide acting CISOs with content for how other security leaders are allocating funds, but also serve as a tool to substantiate their requests in the next budget cycle.
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security budgets, key security staff compensation and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, department and career path.
Download our 2022 Security Budget Benchmark Report – the second in our series – and gain access to these and other valuable insights and data sets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 6, 2022
By IANS Research
Improve your attack surface management plan using 9 steps to mitigate risk and strengthen enterprise security posture.
December 1, 2022
By IANS Faculty
Improve your vendor management program using six focus areas to benchmark program maturity and identify key pitfalls to avoid.
November 29, 2022
Learn how to integrate IT, OT and physical security programs to reduce risk, improve efficiency and streamline processes across the organization.