According to a new Cyber Security Insights Report by S-RM, in 2023, the average cyber budgets grew to USD 27.10 million, up 3.1% from USD 26.30 million in 2022. S-RM’s research shows that senior IT professionals and their c-suites had anticipated a more substantial increase of 5%, which would have seen budgets reach USD 27.60 million.
The research reveals that this year’s cyber budgets for large organisations are falling short of expectations.
Jamie Smith, Board Director, and Head of Cyber Security at S-RM, said: “It’s reassuring that cybersecurity budgets are still rising in these challenging times, but this level of increase is simply not enough to tackle the growing cyber threat. This year’s increase has failed to meet the expectations of cyber teams and reveals that cyber security may be taking a back seat as its share of the overall IT budget declines.”
Interestingly, the report showed that cybersecurity departments want more budget to upskill employees (42%) and recruit additional skilled personnel (41%) to accommodate this rising threat. The skills shortage continues to pose a problem for many organisations. This comes after recent research by Adarma revealed that two-thirds (66%) of professionals believe recruiting from a wider, more diverse talent pool would offer significant help with the cybersecurity skills shortage.
Smith continues: “Navigating ongoing skill shortages and investing in training and development of teams comes at a cost, but cyber professionals are not receiving the budget they need to deliver on these critical initiatives. Organisations will have to continue being cautious with cyber security spend, identifying those ‘value for money’ areas that will enable them to manage emerging cyber threats with tightened purse strings.”
On average, cyber budgets make up a quarter (25%) of an organisation’s overall IT budget, marking a 1% decrease in share from 2022. This allocation varies across sectors, with Retail being the most generous (28%) and Energy & Utilities allocating the least (18%) towards tackling cyber threats.
Lack of budget was cited as a key challenge by nearly one third (31%) of organisations. To navigate this, cybersecurity teams have been prioritising spend in the most ‘value for money’ areas. For the third consecutive year, investment in cyber technology topped the list, though fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%).
This dip can be attributed to a growing awareness that alongside cybersecurity technology, organisations need to invest in governance and personnel to effectively enable and manage new tech. This is a view more prevalent among IT professionals charged with implementing cyber tech solutions, with only 43% citing technology as ‘high value for money’ compared to 56% of C-suite executives. The findings reflect a misalignment of expectations between the operators of cyber technologies, and those a step removed from their day-to-day applications.