Research: 12 Percent of CISOs Faced Budget Reductions in 2024

IANS Research and Artico Search recently unveiled the 2024 Security Budget Benchmark Report, offering critical insights into the state of security budgets and staffing amidst a backdrop of global economic challenges. This comprehensive study compiled findings from the fifth annual CISO Compensation and Budget Research Survey, including responses gathered from over 750 Chief Information Security Officers (CISOs) between April and August 2024. The report indicates a cautious yet necessary expansion in security spending.

Amidst global economic and geopolitical uncertainty, markets are jittery, companies are spending frugally, and investors remain cautious. Security budgets are also affected by these realities with most budgets remaining flat or increasing modestly.

"As organizations confront an evolving threat landscape, the slight uptick in cybersecurity budgets this year reflects a careful balancing act," said Nick Kakolowski, Sr. Research Director at IANS. "While we see modest increases, it's clear that CISOs are prioritizing strategic investments over broad expansions. The focus is on strengthening defenses against sophisticated threats like AI-driven attacks, even as CISOs navigate tighter fiscal environments. Our research highlights the careful approach security leaders are taking, ensuring that every dollar spent is justified by the most pressing risks."

Key survey findings highlighted in the Security Budget Benchmark Report include:

Security budget growth hits 8%, up from 2023
Nearly two-thirds of CISOs report increasing budgets. The average growth has risen from 6% in 2023 to 8% this year, but this is only about half of growth rates in 2021 (16%) and 2022 (17%). A quarter of CISOs experienced flat budgets while 12% faced declines.

Security Outpaces IT Spend and Annual Revenue Growth
Over the past five years, the security budget as a percentage of IT spending has steadily increased, rising from 8.6% in 2020 to 13.2% in 2024. Similarly, as a percentage of revenue, security budgets have grown from 0.50% to 0.69% during the same period. These trends validate the increasing prioritization of security within organizations, as larger portions of resources are allocated to safeguarding against evolving threats.

External Risks Drive High Growth Scenarios
The research highlights that significant budget increases are often reactive, driven by external factors such as incidents, breaches, or the rising risks such as those associated with AI adoption. Additionally, internal dynamics like rapid company expansion or strategic shifts, including mergers and acquisitions, were cited by CISOs as key contributors to justify accelerated budget growth.

Budget Growth Rebounds in Some Industries but Not Others
Multiyear budget growth trends vary by industry. In the financial services, tech, retail and hospitality, and legal sectors, average security budget growth has improved from 2023 levels but only remains in the mid-to-high single digits. In contrast, the healthcare, business services, and consumer goods and services sectors have seen further declines in average growth rates compared to 2023.

Slower Hiring Amid Cautious Spending
Despite the budget increases, hiring trends tell a different story. Staff growth has slowed significantly, decreasing from 31% in 2022 to 16% in 2023 and further falling to 12% this year. Over a third of CISOs reported maintaining consistent headcount, reflecting a more measured approach to expanding security teams.

“For the last 12 months, it has been difficult for CISOs to add staff even when there's a need in the organization,” said Steve Martano, IANS Faculty and Executive Cyber Recruiter at Artico Search. “Teams are being asked to do more with less and CISOs are finding it difficult to get budget for recruiting and hiring. This puts a lot of pressure not only on CISOs, but also on their teams."

Featured

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.