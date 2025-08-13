Cybersecurity spending growth slowed to just 4% in 2025—the lowest in five years—raising concerns about underfunded teams facing increasingly sophisticated threats.

The pace of growth in cybersecurity spending has slowed in 2025, raising concerns that organizations may be leaving themselves exposed at a time when cyber threats are becoming more sophisticated.

According to the newly released 2025 Security Budget Benchmark Report by IANS Research and Artico Search, average security budgets grew by only 4% year-over-year, half the 8% growth recorded in 2024 and the slowest rate in five years.

The slowdown comes amid a turbulent global economy shaped by geopolitical instability, tariff uncertainties, inflation, and fluctuating interest rates. The report notes that companies are becoming more cautious in their spending, with cybersecurity budgets feeling the pinch more than in previous years.

One of the clearest consequences of the slowdown is in hiring. Only 47% of CISOs reported a budget increase this year, down from 62% in 2024, while 39% saw no change at all. Staffing growth has also slowed to 7%, its lowest level in four years.

Just 11% of security leaders say their teams are adequately staffed, with the remaining 89% reporting that they are stretched thin.

“Despite most companies identifying cyber as a top five business risk, most CISOs are not receiving budget increases commensurate with the increase in security program scope,” said Steve Martano, IANS faculty and partner at Artico Search.

Security budgets lose ground to IT spending

For the first time in five years, security budgets as a percentage of IT spending have dropped, from 11.9% to 10.9%. While overall IT spending is climbing, driven largely by investments in AI and cloud infrastructure, security allocations are no longer keeping pace.

“Security is being treated like any other business unit — its budget is largely a reflection of the macro environment and organizational goals,” explained Nick Kakolowski, senior research director at IANS.

This shift marks the end of a steady upward trend in cybersecurity investment, suggesting a move from large-scale projects to optimization of existing systems rather than significant expansion.

Implications of the slowdown

The implications of a cooling cybersecurity budget are far-reaching.

With the attack surface continuing to grow and cyberattacks becoming more complex, underfunded teams risk falling behind in their ability to defend against threats. The slowdown also compounds the ongoing talent shortage in the industry. Without adequate staffing, even the most advanced tools may fail to deliver their full potential, leaving organizations vulnerable.

Some organizations are turning to AI-powered tools to fill gaps, handling routine tasks like alert triage or basic threat detection, so human analysts can focus on higher-value work. But experts warn that AI alone won’t solve staffing shortages and often requires significant upfront investment.

As Martano put it, “The downstream effects of this are real and include reduced team morale, delayed or stalled initiatives, and a growing gap between the company’s risk appetite and operational security.”

These budget constraints are just one of many challenges cybersecurity professionals face today. Explore the other pressing concerns keeping security leaders up at night.