Cybersecurity budgets were not immune to the global macroeconomic uncertainty and recessionary fears of 2022 – 2023; however, their impact was moderate compared to the widespread budget and staff cuts seen in other areas, particularly IT.
To uncover the specifics of recent annual security budget developments, IANS Research and Artico Search jointly fielded their fourth annual Compensation and Budget Survey in April 2023. We received detailed budget data from 550 CISOs that form the basis of this report.
In this piece, we’re breaking down three compelling data points from our Security Budget Benchmark Report. The 2023 edition of our annual survey featured survey responses from over 550 CISOs in the U.S. and Canada across all industries.
Increased Risk and Digital Transformation Top 2023 Budget Growth
Zooming in on the subset of CISO respondents who received a budget increase (63% of all respondents), we asked them to provide the primary reason behind this increase.
20% of budget increases were due to routine annual budget adjustments, which averaged a budget increase of 7%; increased risk at 17% was cited as the second leading reason for budget increases, providing an average budget growth of 11%.
However, the largest budget increases came from major industry disruptions, such as highly publicized breaches, which shot up budgets by an average of 27%. Most respondents in this subgroup are CISOs in the healthcare sector, which was shaken by several large cyberattacks. This was followed by a change in risk appetite, increasing the budget by 22% (see chart below).
Steve Martano, partner in Artico Search’s cyber practice, points to the interesting data set of the 15% of respondents who identified digital transformation as the primary reason for their 19% budget increase:
“In many cases, strategic priority projects such as long-term digitalization projects were excluded from budget freezes. These are often initiatives approved by the board and presently being executed and driven by company leadership.”
Staff and Compensation Continues as the Largest Security Budget Share
Looking at the common spending categories provided by CISOs, our survey data shows staff and compensation continues to be the largest category, claiming 38% of the security budget. Off-premises software represents 21% of the security budget versus 9% for on-prem software. Outsourcing averages 11% of the security budget (see chart below).
Cloud-based architectures outspend on-prem designs on staff
It’s interesting to note in the chart below companies who are fully in the cloud have a higher allocation for staff (47%) than companies who are fully on-prem (35%).
Clearly, allocations for on-premises software at companies that have their architecture mostly or fully based in the cloud are bigger than those with mostly off-premises designs. On-prem architectures have higher allocations for outsourcing, on-premises software and hardware.
CISO Compensation & Security Budget Benchmark Reports
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security organization, security staff compensation, and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights, and provide valuable leadership guidance to fine-tune your current role, department, and career path.
Download our Security Budget Benchmark Report – the first in our CISO Comp and Budget Report series – and gain access to these and other valuable insights and data sets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.