Sagging Budgets Continue to Plague Cybersecurity Teams

U.S. budgets fared even worse, with just a 1% increase, S-RM’s report found. Senior IT professionals and C-suite executives had projected a more substantial increase of 5% over 2022.

The appetite for more budget comes after a year of rising operational costs, a result of wider economic turbulence and a growing cyber threat following rapid advancements in generative AI, S-RM’s report said. Cybersecurity departments want more budget to upskill employees (42%) and recruit additional skilled personnel (41%) to accommodate this rising threat.

“It’s reassuring that cybersecurity budgets are still rising in these challenging times, but this level of increase is simply not enough to tackle the growing cyber threat,” said Paul Caron, head of cybersecurity for S-RM’s Americas team. “This year’s increase has failed to meet the expectations of cyber teams and reveals that cyber security may be taking a back seat as its share of the overall IT budget declines. Navigating ongoing skill shortages and investing in training and development of teams comes at a cost, but cyber professionals are not receiving the budget they need to deliver on these critical initiatives.”

Lack of budget was cited as a key challenge by nearly one third (31%) of organizations. To navigate this, cybersecurity teams have been prioritizing spend where they provide biggest return on investment. For the third consecutive year, investment in cyber technology topped the list, though fewer organizations highlighted technology as delivering the value commensurate with its cost in 2023 (49%) than in 2022 (58%).

The report on flagging budgets comes just a few months after the SEC released its final rules mandating timely cybersecurity incident reporting by public companies, which is expected to affect about 7,300 organizations.

S-RM’s report was based on a survey of 600 senior leaders within U.S. and UK organizations with revenue over $500 million.