Cybersecurity budgets in the UK are stagnating, even as job prospects and industry growth improves, a new poll of industry professionals has revealed.
The Chartered Institute of Information Security (CIISec) published the latest findings from its upcoming State of the Security Profession report, which is based on interviews with its members.
Just 5% agreed that budgets are in line with or ahead of threats, while 84% claimed the opposite. However, over three-quarters (78%) claimed their job prospects are good or excellent, and a similar share (73%) expect the security market to grow over the next three years.
The good news continued in that more than half (57%) of respondents agreed that the profession is getting better at responding to incidents, although only 49% said it is improving at preventative measures.
Read more on budgets: UK Organizations Boost Cybersecurity Budgets.
People (75%) remain cited as the biggest challenge facing the industry, rather than processes (15%) and technology (10%).
Given that industry professionals will need to do “more with less” over the coming year, they should focus first on the people problem, CIISec claimed in a blog post published this morning.
“The good news is that developing or even attracting these skills generally costs less than shiny new tooling. And it’s easier to justify spending when board members who are well aware of the current spate of attacks want someone to communicate the risks to them,” it added.
“Becoming this communicator requires a new mindset. One where cyber security professionals see themselves as business partners and advisers, rather than being perceived as unapproachable technicians.”
In fact, communication skills (27%) are the second most valued after analytical/problem solving (48%), according to the study.
“Without addressing all three issues – people, processes and tech – cybersecurity cannot be wholly effective,” CIISec concluded.
“But with technology investment hamstrung by budgets and the correct processes in place, addressing the cyber security profession’s people problem will have the greatest impact, which must start with improving communication.”
Less than half (47%) of CISOs polled for a recent IANS and Artico study said they experienced any increase in budget this year, down from 62% in 2024. Additionally, 39% had stagnant budgets, compared to 26% last year.