Cybersecurity spending grew at a slower pace this year amid inflation and recessionary fears, according to a recent report from IANS Research and Artico Search.
Companies increased their cybersecurity spending by 6% on average this year, a significant drop from the previous budget cycle’s 17% rise, according to the research, which was based on an annual survey of security executives.
“Cybersecurity budgets were not immune to the inflationary pressures and global instability of 2023,” the report said. “However, their impact was moderate compared to the widespread budget and staff cuts made in other areas, including in IT.”
The worldwide total addressable information technology market is expected to reach $4.7 trillion this year, up 3.5% compared with 2022, despite cautious spending due to ongoing economic issues, according to market analyst Canalys, which recently agreed to be acquired by Informa, parent of CFO Dive publisher Industry Dive.
“Digital transformation, cybersecurity, compliance, sustainability and the emergence of generative AI [artificial intelligence] will underpin IT services engagement, the adoption of new software and infrastructure refresh,” Matthew Ball, chief analyst at Canalys, said in an Aug. 23 press release.
“But there are still major headwinds for the industry to navigate,” Ball added. “The threat of recession, rising interest rates, high inflation, trade disputes and extreme weather events will continue to cause much disruption and affect confidence.”
Cybersecurity has escalated as a C-suite level priority in recent years, amid a rise in sophisticated and costly cyberattacks as well as growing regulatory pressures.
Over the summer, the Securities and Exchange Commission raised the stakes, adopting new rules requiring public companies to disclose “material cybersecurity incidents” to the agency within four days of determining that such a breach has occurred.
“In an increasingly digital cloud-defined world, cybersecurity is becoming more important than ever,” George Kurtz, CEO of Austin, Texas-based cybersecurity company CrowdStrike, said during an Aug. 30 earnings call.
Still, the company sees “deals getting elongated and sales cycles taking longer,” Burt Podbere, CrowdStrike’s CFO, said during the call.
Similar comments came up during an Aug. 18 earnings call held by Palo Alto Networks. “CFOs are scrutinizing deals, which means you have to be better prepared to answer their question and show the business value that you bring to them with your cybersecurity products,” Nikesh Arora, CEO of the Santa Clara, California-based cybersecurity company, said during the call.
Rapid7, a Boston-headquartered cybersecurity firm, in August announced plans to shed 18% of its workforce, impacting over 400 global employees. The effort is “designed to improve operational efficiencies, reduce operating costs and better align the company’s workforce with current business needs,” the company said in an SEC filing. The announcement coincided with news that Rapid7 generated $190.4 million in revenues for the second quarter, an increase of 14% year-on-year, with a loss of $67 million, up from a loss of $40 million a year earlier.
While security spending is increasing at a lower rate, its share of overall IT budgets is trending upwards, the IANS and Artico study found. Since 2020, security spending relative to IT spending has increased from 8.6% to 11.6%, with technology firms reporting the largest proportional spending at 19%.
This year, security budget growth was lowest in cyber-mature sectors, such as tech, finance and healthcare, according to the research.
“These industries generally have more mature cyber programs due to their longer history of frequent cyberattacks and sector-specific cyber-regulations,” the report said. “Industries with developing cyber programs, such as manufacturing and consumer goods and services, generally saw bigger security budget growth.”
Of the chief information security officers with budget increases, 80% indicated the main driver was something other than the typical annual change, such as a security incident, company repositioning, or major industry disruptions, such as highly publicized breaches.
IANS and Artico polled more than 660 security executives from April to August, with 550 respondents completing the survey’s budget section. IANS is a Boston-based cybersecurity research and advisory firm. Artico is a recruitment and human resources consulting firm headquartered in New York.