Cybersecurity teams have suffered their lowest rate of budget growth in five years, which has had a cascading effect on hiring new staff, according to new research by IANS and Artico.
Average annual security budget growth was 4% in 2025, significantly less than the 8% increase recorded in 2024.
Just 47% of CISOs reported any increase in budget this year, down from 62% in 2024. Additionally, 39% had stagnant budgets, compared to 26% last year.
The lowest annual security budget increases were observed in healthcare, professional and business services, and retail and hospitality.
Growth rates were higher than average in financial services, insurance and tech, the report found.
Between 2020 and 2024 security budget as a percentage of IT spending grew steadily from 8.6% to 11.9%, however, this year saw a drop of one percentage point to 10.9%.
The IANS and Artico researchers believe this reversal is likely the result of a rebound in core IT spending, driven by AI and increased cloud infrastructure investments.
Security budget as a percentage of revenue slowed marginally, suggesting that, on average, company revenue grew faster or at roughly the same pace as security budgets.
The researchers said that restricted budget has been caused by global market volatility, fueled by ongoing geopolitical tensions. This includes business uncertainty around global tariff policies, and fluctuating inflation and interest rates.
“In response, companies have become more cautious in their spending and hiring. More than in prior years, security organizations are affected as well, manifested by declining rates of growth for budgets and staff levels,” they noted.
Read now: UK Organizations Boost Cybersecurity Budgets
Majority of CISOs Experience Flat or Declining Team Sizes
The IANS report, dated August 5, found that reduced budget growth has had an impact on the size of security teams, with staff growth falling to its lowest level in four years, at an average of 7%.
Around half (47%) of firms have kept their team size flat, with just 45% able to add to their headcount in 2025. This compares to 67% in 2022, 55% in 2023 and 51% in 2024 who were able to increase the size of their teams.
Nearly all (89%) of the CISOs surveyed also reported low or understaffed security teams, citing hiring and budget constraints as the primary cause.
“They also note staffing shortages led to delays and cancellations of security initiatives, cause morale issues, increase the risk of noncompliance, and elevate organizational risk in general,” the researchers wrote.
Regarding budget allocation, CISOs spend 39% on average on staff salary, followed by 29% on software and 12% on outsourcing.
Categories such as project budgets, hardware and training consume smaller shares of the CISO’s budget.
This budget breakdown has remained relatively stable over the past five years, the researchers noted.
For the report, IANS and Artico surveyed 587 security executives at a diverse set of companies from April until August 2025.