Cybersecurity Budget Growth Hits 5-Year Low
▼ Summary
– Only 47% of CISOs saw budget increases in 2025, down from 62% in 2024, with 39% reporting stagnant budgets compared to 26% the previous year.
– Average security budget growth dropped to 4% in 2025, half the 8% increase in 2024, marking the lowest growth rate in five years.
– Healthcare, professional services, and retail/hospitality had the lowest budget increases, while financial services, insurance, and tech saw above-average growth.
– Security budgets as a percentage of IT spending fell to 10.9% in 2025, reversing a steady rise from 8.6% in 2020, likely due to increased IT spending on AI and cloud.
– Reduced budget growth led to stagnant or declining security team sizes, with only 45% of firms adding staff in 2025, down from 67% in 2022, and 89% of CISOs reporting understaffed teams.
Cybersecurity spending growth has slowed to its lowest point in half a decade, with nearly half of security leaders reporting stagnant or reduced budgets this year. Only 47% of chief information security officers (CISOs) saw budget increases in 2025, a sharp decline from 62% the previous year. Meanwhile, 39% reported no change in funding, up from just 26% in 2024.
The average security budget grew by a modest 4% this year, half the rate of growth recorded in 2024. This slowdown has directly impacted hiring, with security teams expanding at their slowest pace in four years. Industries like healthcare, retail, and hospitality saw the smallest increases, while financial services, insurance, and technology sectors bucked the trend with above-average growth.
A notable shift occurred in security spending as a percentage of overall IT budgets. After climbing steadily from 8.6% in 2020 to 11.9% in 2024, it dropped to 10.9% this year. Analysts attribute this reversal to companies prioritizing core IT investments, particularly in AI and cloud infrastructure, over cybersecurity expansions.
Global economic instability has played a significant role in tightening budgets. Geopolitical tensions, unpredictable trade policies, and fluctuating inflation rates have made organizations more cautious with spending. Security teams, often viewed as cost centers rather than revenue drivers, have felt this pinch acutely.
The hiring landscape reflects these constraints. Just 45% of companies increased their security headcount in 2025, down from 51% in 2024 and 67% in 2022. Nearly 90% of CISOs described their teams as understaffed, citing budget limitations as the primary barrier. These shortages have led to delayed projects, compliance risks, and declining team morale.
Budget allocations remain consistent with past years, with salaries consuming the largest share (39%), followed by software (29%) and outsourcing (12%). Hardware, training, and project budgets continue to represent smaller portions of spending.
The findings come from a survey of 587 security executives across multiple industries, conducted between April and August 2025. The data underscores a challenging environment for cybersecurity leaders, who must now do more with fewer resources amid escalating threats.
(Source: InfoSecurity Magazine)
