Cybersecurity budgets are continuing to rise, despite other budgets and sectors tightening their belts. Based on survey data from more than 600 security executives, this report outlines average security budgets as a proportion of IT spend, latest budget increase data, and the average budget breakdown.

  • Security accounts for around 10% of IT spending on average across industries. Tech, healthcare, and business services spend slightly more, with an average of 13%.


graph - security budgeting as a percent of the IT budget

  • The smallest companies ($300m or less in market capitalization) spend the highest proportion of their IT budget on cybersecurity (22.7%), whereas the largest companies ($100B+ in market cap) spend the lowest share of their IT budgets on cyber (6.8%)
  • Eight out of ten CISOs said their security budget increased in the last year - some as much as 300%, with an average increase of 22%. Only 3% said their budget had been reduced.
  • Company growth, expanding business security, and increasing awareness of cyberattack risks were among the main reasons for rising security budgets. 34% of respondents said that a recent high-profile breach was one of the top three reasons encouraging the uptick in budget.
  • How do companies allocate their cybersecurity budget, on average? Staff and compensation take the most significant share of the security budget (39%), followed by software (28%) and outsourcing (10%). However, despite so much of the budget being concerned with staffing, expert commentary notes that filling roles and retaining talent is one of the biggest challenges facing cybersecurity teams. This is due to a highly competitive market and salary bands that don’t match market rates.

 

Why does this matter for businesses?

  • Benchmarking against others is one way for executives to justify higher budgets. This report gives the ammunition for that case. 

 

Access full report