Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
In this piece, we’re breaking down two compelling data points from our Security Budget Benchmark Report. The 2022 edition of our annual survey featured survey responses from over 500 CISOs in the U.S. and Canada
across all industries.
Overall, 79% of our survey respondents reported an increase in their organization’s security budget YoY. Of this subset, the average budget increase was 22%. These organizations experienced growth in cyber investments driven by business expansions,
security program development and increased awareness of business exposure.
To effectively mitigate the ever-evolving threat landscape, CISOs were bold and requested an average of a 32% boost in their security budget YoY – with eight out of 10 CISOs receiving a budget increase by an average by 17%.
Data from our respondents highlight breaches or security incidents at the company as triggers for the largest increases in security budgets, adding an average of 36% to the budget.
Other contributing factors included strategic changes such as a merger or acquisition and high-profile industry disruptive events drove up security budgets by 27% and 20%, respectively. (See Figure 1)
When it comes down to where and how security budgets are allocated, our data showed staff and compensation consumed the largest portion at 39% of the total security budget.
For the third year in a row software spending represented a sizable portion of the budget across two categories for a total of 28%, with the rise of cloud transformation influencing 10% more spending towards off-premises software than on-premises solutions.
Outsourcing averages 10% of the security budget by comparison, a much smaller component. (see Figure 2).
Steve Martano, co-founder at Artico Search, said, “Despite staff compensation being the plurality of the CISO’s budget, most security leaders are struggling to get adequate resources required to fill
critical roles and hire backfills from staff attrition. Misaligned salary bands, outdated market data and the competitiveness of the market across all levels of security make hiring and retaining a full team a constant struggle, despite staff compensation
being the largest CISO budget line item.”
Research-backed data found in this annual report can provide acting CISOs with content for how other security leaders are allocating funds, but also serve as a tool to substantiate their requests in the next budget cycle.
READ: How Security Budgets Break Down
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security budgets, key security staff compensation and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, department and career path.
Download our 2022 Security Budget Benchmark Report – the second in our series – and gain access to these and other valuable insights and data sets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.