After years of rapid growth, cybersecurity spending is starting to taper among enterprises, with a 65% fall in budget growth in the 2022-2023 budget cycle as global instability and inflationary pressures start to pinch, according to a study by IANS Research.\n\nThe study that surveyed 550 CISO respondents within the period of April to August 2023 revealed there has been a general downtick in the allocation of funds for cybersecurity across sectors.\n\n\u201cAcross industries, the decline in budget growth was most prominent in tech firms, which dropped from 30% to 5% growth YoY,\u201d IANS said in a report on the study. \u201cMore than a third of organizations froze or cut their cybersecurity budgets.\u201d\n\nBudget growth was the lowest in sectors that are relatively mature in cybersecurity, such as retail, tech, finance, and healthcare, added the report.\n\nSecurity budgets grow at a reduced pace\n\nThe budget increase for the study sample of CISOs was 6% in the 2022-2023, a significant slowdown from the 17% increase in the 2021-2022 budget cycle. The previous budget cycle (2020-2021) had observed a 16% growth.\n\n\u201cI think the recent economic pressures have impacted every division in every company, cybersecurity included,\u201d said Chris Steffen, vice president \u2013 research at Enterprise Management Associates. \u201cI don\u2019t really take it as a de-prioritization of cybersecurity spending but rather a cut in spending by the enterprise in general.\u201d\n\nIn 37% of cases, CISOs reported flat or declining cybersecurity budgets, year-over-year, compared to just 21% in the 2021\u20132022 cycle. The budget approval rate was 35% i.e., CISOs received approval for a budget increase that was 35% of the amount they had originally requested. This was down from 52% the previous year.\n\n\u201cIn the latter part of Q4 2022, many CISOs reported that their approved 2023 budgets were being slashed as part of an overall budget tightening,\u201d said Steve Martano, partner at executive search firm Artico Search, which partnered with IANS for the study.\n\nIncident-driven budget increase\n\nOf the CISOs whose companies did increase cybersecurity budgets, 80% indicated extreme circumstances, such as a security incident or a major industry disruption, drove the budget increase.\n\nWhile companies impacted by a cybersecurity breach added 18% to their budget on average, other industry disruptions contributed to a 27% budget boost.\n\n\u201cI think there has always been a component of security spending that is forced to be reactive: be it incidents, updated regulatory or vendor controls or shifting business priorities,\u201d Steffen said. \u201cTo some degree, technology spending in general has always been like this, and will always likely be this way.\u201d\n\n\u201cStaff and compensation\u201d remained the biggest cybersecurity spending category, claiming 38% of the overall security budget. Hiring secured a 16% increase in allocation compared to the 6% average budget growth in the previous year.\n\nSecurity budgets turning synonymous with IT spends\n\nAlthough major cuts were reflected in the cybersecurity budgets of mature sectors including retail, tech, finance, and healthcare, the cybersecurity share of IT budgets across these sectors remained steady, maintaining a four-year streak.\n\nFunds allocated to security within IT budgets averaged 11.6%, with about 40% of the CISOs saying they spend over 10% of their IT allocations on cybersecurity. About a third of the respondents said they spend less than 6% of the IT budget on cybersecurity.\n\n\u201cThis is a symptom of shifting definitions,\u201d Steffen said. \u201cWhile there are obvious strictly IT spending considerations, security will likely always have at least a secondary consideration or opinion on that spend. For example: a traditional IT spend would be a new computer\/laptop purchase. But it seems extremely unlikely that a laptop would be issued without security-related software (hardening, anti-virus, monitoring, etc).\u201d \n\nThe report highlighted that security allocation within IT budgets follows concerning variability as certain sectors such as tech, consumer goods, and services have more than 15% allocation, compared to companies in sectors such as legal, manufacturing, healthcare, and retail, all having less than 10% allocation.