Cybersecurity budgets are continuing to rise, despite other budgets and sectors tightening their belts. Based on survey data from more than 600 security executives, this report outlines average security budgets as a proportion of IT spend, latest budget increase data, and the average budget breakdown. 


  • Security accounts for around 10% of IT spending on average across industries. Tech, healthcare, and business services spend slightly more, with an average of 13%. 
  • The smallest companies ($300m or less in market capitalization) spend the highest proportion of IT budget on cybersecurity (22.7%), whereas the largest companies ($100B+ in market cap) spend the lowest share of their IT budgets on cyber (6.8%)
  • Eight out of ten CISO’s said their security budget increased in the last year - some as much as 300%, with an average increase of 22%. Only 3% said their budget had been reduced.
  • Company growth, expanding business security, and increasing awareness of the risk from cyberattacks were among the main reasons for rising security budgets. 34% of respondents said that a recent high-profile breach was one of the top three reasons encouraging the uptick in budget.
  • How do companies allocate their cybersecurity budget, on average? Staff and compensation takes the biggest share of the security budget (39%), followed by software (28%) and outsourcing (10%). However, despite so much of the budget being concerned with staffing, expert commentary notes that filling roles and retaining talent is one of the biggest challenges facing cybersecurity teams. This is due to a highly competitive market and salary bands that don’t match market rates.


Why does this matter for businesses?

  • Benchmarking against others is one way for executives to justify higher budgets. This report gives the ammunition for that case. 


Access full report