IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Pie chart security section businesspeople reviewing documents computer shield modern office
#
Advanced Persistent Threat Protection
#
IT Budget
#
Inflation

Security budgets see slowest growth in five years, report finds

Thu, 7th Aug 2025
Author image
By Shannon Williams, Journalist

The average annual growth for security budgets has declined to its lowest rate in five years, according to the 2025 Security Budget Benchmark Report released by IANS Research and Artico Search.

The report found that average year-over-year security budget growth has slowed to 4% for 2025, a significant fall from 8% reported in 2024. The reduction in budget expansion is attributed by report authors to global market volatility, including geopolitical instability, changing tariff policies, and unpredictable inflation and interest rates.

Macroeconomic impact

IANS Research and Artico Search, through their annual CISO Compensation and Budget Research, have captured how cyber security spend is being impacted by these economic shifts. Findings reflect shifts in business sentiment, as heightened caution appears to be affecting organisations' willingness or ability to maintain past growth trajectories in security resourcing.

Steve Martano, IANS Faculty and Partner, Cyber Security Practise at Artico Search, said:

"Once again, we find that security budgets are not immune to macro conditions. Despite most companies identifying cyber as a top five business risk, most CISOs are not receiving budget increases commensurate with the increase in security program scope. This year, the staffing constraints are especially significant with security leaders and their teams both reporting that they are stretched thin due to hiring freezes or limited budget for hiring. The downstream effects of this are real and include reduced team morale, delayed or stalled initiatives, and a growing gap between the company's risk appetite and operational security."

Key findings

The 2025 report draws on survey data from 587 Chief Information Security Officers (CISOs) across a diverse mix of company sizes, industries, and locations. Several key trends stand out for the coming year's budget cycle. Security budget growth has halved year-over-year, with more than half of CISOs surveyed reporting either flat or shrinking budgets. The report notes that certain sectors, such as healthcare, have been especially impacted by broader economic instability.

The analysis finds that security budgets as a percentage of IT spend have also dropped, going from 11.9% in 2024 to 10.9% in 2025. This breaks a five-year upward trend and coincides with enterprise investments in AI and cloud technologies - areas where IT expenditure is rising faster than security budgets themselves.

Staffing has also been affected, with security personnel growth slowing to 7%, the lowest rate recorded since 2021. Most teams are reporting hiring freezes or severe limits on new hires, despite an environment of increasing cyber threats and complexity. Only a small proportion of CISOs, 11%, indicate that their teams are adequately staffed. The vast majority - 89% - describe their staff levels as stretched thin or insufficient, potentially heightening organisational risk due to the expanding range of security responsibilities.

Strategic responses

Nick Kakolowski, Senior Research Director at IANS, commented on organisational approaches to these fiscal pressures:

"Security is being treated like any other business unit - its budget is largely a reflection of the macro environment and organizational goals. This is challenging as security's scope is rapidly increasing, putting pressure on CISOs to prioritize strategically and build organizational consensus around risk tolerances relative to budget availability."

The report outlines that CISOs must now make more deliberate trade-offs, focusing resources on the most critical initiatives while justifying expenditures and aligning closely with business priorities. Industry analysts expect this may lead to delays in some security programmes and the need for clearer risk tolerance articulation at the executive and board level.

Research approach

The findings are based on extensive data gathering conducted in April 2025, with responses collected through to August. Participants provided detailed information regarding security budget sizes, yearly growth, headcount levels, and spending allocations. IANS Research and Artico Search applied their methodology to produce peer benchmarks and aggregate insights for budget and staffing planning in the 2025–2026 cycle.

This marks the sixth annual survey by the research partners, intended to inform security programme planning and resourcing decisions across industries facing rising cyber threats with constrained financial resources.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Emerging cyber threats for 2025 target healthcare & industry
Malware complexity soars 127% as older defences miss threats
Approov secures GBP £5 million to advance mobile app security
Gurucul launches AI-SOC Analyst to transform cybersecurity centres
EU cyber security market up 13% amid AI, regulation push

Top stories

WiseBee raises USD $2.5m to boost AI cyber defence for SMEs
Black Kite unveils ASI for targeted third-party cyber risk
Qualtrics & PureSpectrum expand partnership for AI market insights
Quantum computing exposes Active Directory to urgent new risks
Calero launches SaaS tool to cut costs & tackle shadow IT