Security Strategy, Plan, Budget, Training, Career Management, AI/ML

Cybersecurity budget growth slows to 4%, lowest rate in five years

(Adobe Stock)

Average security budget growth has slowed to just 4% year-over-year — the lowest rate in five years — representing a sharp declined from 8% in 2024, according to a new Aug. 5 report from IANS Research and Artico Search.

The decline was driven by geopolitical tensions, uncertain tariff policies from the Trump administration, and fluctuating inflation and interest rates, according to IANS and Artico.

Steve Martano, IANS Faculty and partner at Artico Search, explained that once again, they've found that security budgets are not immune to macro conditions. Despite most companies identifying cybersecurity as a top five business risk, Martano said most CISOs are not receiving budget increases.

“This year, the staffing constraints are especially significant with security leaders and their teams both reporting that they are stretched thin due to hiring freezes or limited budget for hiring,” said Martano. “The downstream effects of this are real and include reduced team morale, delayed or stalled initiatives, and a growing gap between the company's risk appetite and operational security."

Matt Lee, security and compliance senior director at Pax8, said security teams everywhere are feeling the pinch from tightening budgets — and it's putting real strain on these professionals who are already stretched thin. Lee said he’s seeing more organizations turn to AI-powered security tools that can take care of routine tasks like alert triage and threat detection, which means their skilled analysts can actually focus on the complex, high-value work that really needs human expertise.

“These AI systems aren't about replacing security professionals,” said Lee. “They're about giving overwhelmed teams the additional resources they desperately need to stay on top of threats.”

Casey Marks, chief qualifications officer at ISC2, said the IANS/Artico research reflects what they’ve heard from many ISC2 members: security teams are being asked to do more with less. Marks said budget growth may have slowed, but the pace and complexity of threats continues to accelerate.

He said ISC2 found that 74% of cybersecurity professionals say the threat landscape is the worst they’ve seen in five years — and more than half believe the skills gap poses significant risk to their organizations.

“To help close that gap, we just launched  a foundational AI security certificate designed to equip cybersecurity professionals with the skills to assess and apply AI technologies responsibly,” said Marks. “More than half of cybersecurity professionals told us they expect AI tools to reduce the need for entry-level staff, underscoring the urgency of reskilling and upskilling the current workforce.”

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds