Necessity is still mother of cybersecurity invention

Most cybersecurity teams are experiencing the same economic challenges as anyone else as it becomes more challenging to convince senior business leaders that now is the time to fund additional investments.

In fact, a survey of 587 CISOs conducted by IANS Research and Artico Search, an executive search firm, finds security budget growth dropped to 4%, down from 8% in 2024, with more than half reporting flat or shrinking budgets.

Security budgets as a percentage of IT spending also declined from 11.9% to 10.9%, breaking a five-year upward trend. Staffing growth, meanwhile, slowed to 7%, with only 11% of CISOs reporting being adequately staffed. The remaining 89% describe their teams as stretched thin or understaffed, leading to serious organizational risk given the expanding scope of security requirements, the survey finds.

Impact of long-term spending trends

In the long term, spending on cybersecurity is expected to continue to increase. A recent Futurum Group survey, for example, projects spending on cybersecurity will increase at a compound annual growth rate (CAGR) of 11.6% from 2024 to 2029 to reach $287.6 billion. Naturally, there will be some periods of time between now and 2029 when the appetite for spending more on cybersecurity is not going to be as voracious as it might have been in the past as macroeconomic conditions wax and wane. During those times cybersecurity teams are likely to be asked to do more with less. However, in such times there is also usually an opportunity to innovate, especially if it can be shown that those efforts over the months and years ahead might reduce the total cost of cybersecurity.

For example, it’s already apparent that investments in automation and artificial intelligence (AI) are changing the economics of cybersecurity. It’s not likely these advancements will replace the need for cybersecurity professionals any time soon, but they do serve to make the existing staff more productive and efficient. Rather than simply continuing to increase spending on cybersecurity, the time has come to reassess how cybersecurity is fundamentally managed with an eye toward making it easier for an organization with limited resources to respond to threats that will only continue to increase in volume and sophistication. In effect, necessity is, once again, becoming the mother of invention.

Navigating competing priorities

The challenge, as always, is justifying the funding required to acquire a new automation platform. Organizations often have lots of competing priorities, so it can be a challenge to make a case for investing in an automation platform over some other priority that is likely to have a more direct impact on revenue.

Regardless of the level of spending, the one thing that is certain is that the volume and sophistication of cyberattacks being launched will only continue to increase. Like it or not, organizations will need to make ongoing investments in cybersecurity as the tactics and techniques being employed by cybercriminals continuously evolve. The more timely the investments in the additional cybersecurity tools and platforms that might be needed to combat any new type of attack that arises, the more resilient organizations are ultimately going to be at a time when they have never been more dependent on IT to survive and thrive.