In 37% of cases, CISOs reported flat or declining cybersecurity budgets, year-over-year, compared to just 21% in the 2021-2022 cycle. The budget approval rate was 35% i.e., CISOs received approval for a budget increase that was 35% of the amount they had originally requested. This was down from 52% the previous year.
“In the latter part of Q4 2022, many CISOs reported that their approved 2023 budgets were being slashed as part of an overall budget tightening,” said Steve Martano, partner at executive search firm Artico Search, which partnered with IANS for the study.
Incident-driven budget increase
Of the CISOs whose companies did increase cybersecurity budgets, 80% indicated extreme circumstances, such as a security incident or a major industry disruption, drove the budget increase.
While companies impacted by a cybersecurity breach added 18% to their budget on average, other industry disruptions contributed to a 27% budget boost.
“I think there has always been a component of security spending that is forced to be reactive: be it incidents, updated regulatory or vendor controls or shifting business priorities,” Steffen said. “To some degree, technology spending in general has always been like this, and will always likely be this way.”
“Staff and compensation” remained the biggest cybersecurity spending category, claiming 38% of the overall security budget. Hiring secured a 16% increase in allocation compared to the 6% average budget growth in the previous year.