IANS Research and Artico Search recently published the 2025 Security Budget Benchmark Report, based on data collected between April and August of this year. The report aims to help security leaders by providing expert insights and pertinent data to inform future decisions in budgeting, staffing, and managing security efforts. With economic pressures mounting from widespread market instability, many organizations are prioritizing other areas over enterprise IT investments. Factors like global geopolitical conflicts, capricious tariff shifts, and economic inflation are currently causing fluctuations that demand adjustments to cybersecurity priorities.
Shrinking Budgets and Stalled Growth
One of the most fundamental issues illuminated by this research is a decrease in overall security budget growth, driven by a wide range of factors. Global economic instability creates an environment where many organizations have to make decisions regarding their budgeting priorities, and often, security is one area that loses funding in favor of more direct outcome-driven business operations.
The report found that the growth in cybersecurity budgets from year to year has decreased to only 4%, a steep decline from the 8% growth noted in 2024. Less than half (47%) of CISOs reported any security budget increase at all this year, while the share of IT spending allocated to security dropped from 11.9% to 10.9%. These statistics demonstrate an alarming lack of prioritization for critical cybersecurity measures.
Staffing Challenges: Teams Are Stretched Thin
Shortages in staffing frequently go hand-in-hand with insufficient budgets, as hiring is often a casualty of decreased funding. The difficulty of finding and maintaining sufficient security staff due to factors like shortages of skilled workers is well established, a problem that is only exacerbated and compounded by budget constraints.
The report shows stalled growth of security staffs, impacted by economic fluctuations and shifting priorities. Security staffing growth has fallen to a four-year low of 7%, and a mere 11% of CISOs feel as if their security teams are adequately staffed. Hiring slows down due to boards scrutinizing costs and requiring more justification for security roles, making it more difficult for security efforts to get the funding they demand.
Changing Expectations from the Boardroom
Due to a variety of factors, security is no longer seen as an exception to cost-cutting measures—CISOs must now compete for budget alongside IT and operations. Increasing economic challenges and executives’ lack of understanding of the importance of sufficient defenses lead to situations where security teams struggle to convince boards of the funding they require.
Instability often serves to increase board scrutiny of budget requests. Boards expect CISOs to tie investments directly to risk outcomes and operational impact, raising the bar for obtaining crucial budget shares, which in turn leaves critical security measures by the wayside. “Based on today’s economic climate, organizations are certainly being more thoughtful about their investments,” according to Piyush Pandey, CEO at Pathlock. “We see a priority being placed on solutions that have a clear path to ROI within months, rather than years.”
Strategic Imperatives for CISOs
In order to mitigate the budget and staffing issues outlined in the report, it is vital to shift tactics to account for current economic conditions and ongoing fluctuations. This includes taking steps to both improve security capabilities within budget constraints and increase board buy-in to secure much-needed funding. CISOs are recommended to refocus their attention on automation and process efficiency to achieve more security outcomes with fewer staff and resources.
In terms of convincing boards to prioritize security funding, CISOs should alter their approach. They should prioritize projects with clear business risk alignment and make the business case for security investments based on outcomes, not just threats. Security should be presented not only as a necessity for preventing cyber threats but also as an enabler for organizational growth and achieving desired outcomes.
Leading Through the Constraints
In a constantly shifting and often volatile economic landscape, it is more important than ever to dedicate efforts and resources to increasing resilience, adaptability, and clarity in cybersecurity leadership. Today’s budget constraints can serve not as a strict hindrance to security efforts, but as a forcing function for smarter, outcome-driven security strategies. CISOs and organizations are encouraged to adjust their approach to obtaining and managing budgets in order to ensure effective security amidst economic instability.
