In recent years, organizations have had to tighten their belts due to economic pressures. With the rising cost-of-living crisis and inflation dragging down customer demand, many companies have felt the squeeze. Also, higher interest rates are making it costlier for businesses to borrow money, adding another layer of strain.
There’s also a growing fatigue around spending on cybersecurity. Businesses have been ramping up their cybersecurity budgets year after year, but now there’s this feeling that they’ve already done enough to protect themselves. The loss of urgency is worrying, especially with cyber threats becoming increasingly sophisticated and regulatory pressures mounting.
On top of that, we’re seeing a shift toward unified cybersecurity platforms from major suppliers. This trend is giving Chief Information Security Officers (CISOs) a chance to streamline their spending, allowing them to reduce investments in single-use software. The result? Many organizations aren’t seeing significant increases in their cybersecurity budgets over the last year or so.
What drives organizations to cut back on security spending? A lot of it comes down to compliance. When companies feel they’ve met compliance requirements, spending starts to stall. Some sectors, like finance in EMEIA and critical infrastructure within the EU, have strong regulatory demands that keep cybersecurity investments robust. But in less regulated industries, the trend toward budget flattening is clear.
How can CISOs advocate for their budgets? They really need to shift their approach. They should frame cybersecurity spending not just as a necessary expense but as a value investment. Cybersecurity can unlock various benefits: it supports AI implementation, facilitates acquisitions, and enhances customer perceptions. By seeing cybersecurity as an essential framework rather than just a cost, organizations can better understand its role in driving value from their products and services.
Instead of solely relying on central funding, businesses can consider dedicating a portion of their budgets for new projects to cyber initiatives. This way, a solid cybersecurity foundation becomes a prerequisite for success.
To further justify spending, CISOs can use Cyber Risk Quantification to clearly demonstrate how investment translates to risk reduction.
How can CISOs actually boost their budgets? One key area is AI. It’s becoming a major factor in the industry, and that means businesses need to keep pace with emerging threats. Cyber criminals utilize AI to enhance their attacks, making it essential for companies to step up their defenses too.
Organizations must invest in evolving their tools and solutions to match the sophistication of cyber threats. Fighting fire with fire means leveraging AI for automated security measures, especially in areas like threat detection, testing, and user access rights management. Research shows that organizations that quickly adopt new technologies—especially automation—tend to perform better in cybersecurity. Those that embrace a tech-forward mindset become harder targets for cyber attacks.
Looking ahead to 2025, we can expect existing threats like ransomware, phishing, and supply chain attacks to continue growing in complexity. Operational Technology (OT) and the Internet of Things (IoT) are also likely to see increased targeting. As organizations ramp up AI adoption, they may introduce new vulnerabilities, which could lead to higher rates of data breaches.
A significant concern will be how cyber criminals are harnessing and deploying AI. The intensity of malware attacks will likely rise as they exploit generative AI. This arms race will require constant vigilance; complacency is not an option.