Cyber budgets grow 3.1% YoY but fall short of expectations

A lack of cyber budget is a challenge for nearly a third of organisations, as a year-on-year growth of 3.1% to £21.8m falls below the 5% rise anticipated by senior IT professionals.

This is amongst the findings of research carried out by global intelligence and cyber security consultancy, S-RM, whose Cyber Security Insights Report 2023 suggests that, on average, cyber budgets make up a quarter of an organisation's overall IT budget (marking a 1% decrease in share from 2022). This allocation varies across sectors, with retail being the most generous (28%) and energy and utilities allocating the least (18%) towards tackling cyber threats.

Commenting on the findings, Jamie Smith, board director and head of cyber security at S-RM, said: “It’s reassuring that cyber security budgets are still rising in these challenging times, but this level of increase is simply not enough to tackle the growing cyber threat. This year’s increase has failed to meet the expectations of cyber teams and reveals that cyber security may be taking a back seat as its share of the overall IT budget declines.

“Navigating ongoing skill shortages and investing in training and development of teams comes at a cost, but cyber professionals are not receiving the budget they need to deliver on these critical initiatives. Organisations will have to continue being cautious with cyber security spend, identifying those ‘value for money’ areas that will enable them to manage emerging cyber threats with tightened purse strings.”

Chart depicts the percentage of respondents citing investment in technology as 'high value for money' (Source S-RM)

Further findings (Source: S-RM)

Lack of budget was cited as a key challenge by nearly one third (31%) of organisations. To navigate this, cyber security teams have been prioritising spend in the most ‘value for money’ areas. For the third consecutive year, investment in cyber technology topped the list, though fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%).

This dip can be attributed to a growing awareness that alongside cyber security technology, organisations need to invest in governance and personnel to effectively enable and manage new tech. This is a view more prevalent among IT professionals charged with implementing cyber tech solutions, with only 43% citing technology as ‘high value for money’ compared with 56% of C-suite executives. The findings reflect a misalignment of expectations between the operators of cyber technologies, and those a step removed from their day-to-day applications.

Organisations are adopting several other strategies to manage cyber security with restricted budgets:

-IT and security optimisation: Identifying cost reduction opportunities by making existing processes more efficient to allocate budget for more critical initiatives.

-Future-focused investment: Investing now in security initiatives for long-term cost savings.

-Outsourcing: Contracting out IT and security functions to managed service security providers or virtual chief information security officers.

The S-RM Cyber Security Insights Report 2023 reflects the cyber security experiences of 600 C-suite and senior IT professionals in large organisations over the past year.

Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023