December signifies a month driven by numerals, from festive countdowns to RSVPs for social gatherings. However, for executives, the pivotal figures to focus on this month are the financial figures for 2025. With cybersecurity emerging as a key priority for numerous enterprises in 2025, it is anticipated to hold a significant place in many budgets as the New Year approaches.
Gartner anticipates that cybersecurity expenditure is set to surge by 15% in 2025, surging from $183.9 billion to $212 billion. The security services sector is expected to witness the highest rise in spending, followed by security software and network security as the third growing area.
“The relentless escalation in the threat landscape, the shift towards cloud services, and the scarcity of skilled professionals are propelling security to the forefront of agenda, prompting chief information security officers (CISOs) to upsurge security investments,” mentioned Shailendra Upadhyay, Senior Research Principal at Gartner in a recent press release. “Furthermore, organizations are currently evaluating their endpoint protection platform (EPP) and endpoint detection and response (EDR) requirements and adapting to enhance their operational resiliency and incident response capabilities following the CrowdStrike service outage.”
Factors contributing to the spending surge
While the determinants behind spending decisions and hikes are likely multifaceted, Gartner identifies two primary drivers for the projected escalation.
- Generative AI: Gartner posits that due to the adoption of Generative AI by organizations, additional measures will be essential to fortify their environment. The IBM Framework for Securing Generative AI delineates five steps: Securing the data, securing the model, securing the usage, securing AI model infrastructure, and establishing robust AI governance. Since numerous organizations will necessitate acquiring additional software such as application security, data security, and privacy, and infrastructure defense, this is owing to the escalated utilization of generative AI.
- The global skills deficit: Various organizations are grappling with a dearth of skills, lacking in-house expertise to handle their cybersecurity requisites. As a remedy, many are resorting to outsourcing assistance to mitigate risks, such as security advisory services, security professional services, and managed security solutions. Gartner pinpoints the expenses tied to these services as a pivotal factor driving the anticipated spending escalation, rendering services as a rapidly growing domain within the cybersecurity realm.
Explore cybersecurity services
Erecting your cybersecurity budget
Instead of merely incorporating a solitary expense item in your organization’s budget to encapsulate cybersecurity, proficient budgeting starts with dissecting all the constituents of a well-rounded cybersecurity program.
Factor in the following while formulating your budget:
- Labor costs: Aside from remunerations for all full-time staff, consider any additional services you need to procure. For instance, outsourcing penetration testing would fall under this category. Moreover, contemplate whether you require engaging managed services for any segment of your cybersecurity operations.
- Technology: Contemplate all categories of software essential, including antivirus, encryption utilities, and firewalls. Reflect on whether you intend to deploy generative AI for cybersecurity alongside other tools essential to fortify the organization against threats targeted at generative AI utilities employed for day-to-day business activities. Ensure to encompass hardware expenses, such as any infrastructure enhancements necessary to support any novel technological utilities, particularly generative AI.
- Training: While numerous organizations solely budget for training and certifications for their cybersecurity personnel, allocate funds for cybersecurity training extending across the entire organization. By thinking innovatively and setting aside adequate funds, you can significantly mitigate cybersecurity threats precipitated by employee oversights.
- Incident Response: Post a breach or attack, firms require resources to contain the breach and manage the response. Common expenditures include legal fees, PR consultancy, overtime compensation, data breach notifications, identity theft safeguarding, and revenue loss mitigation.
Budgeting impact on employee anxiety
While numerous organizations contemplate business discontinuity and potential risks when formulating their cybersecurity budget, the repercussions of the budget on the cybersecurity team’s stress levels often go unnoticed.
The ISACA State of Cybersecurity 2024 and Beyond study discovered that 66% of cybersecurity professionals perceive their role as more stressful. The primary reason cited (81%) was the increasingly intricate threat landscape. Notably, budget inadequacy (45%) shared the second position with compounded hiring retention challenges and unskilled/untrained personnel.
The report delineated that more than half (51%) felt their budgets were inadequately funded, a rise from 47% expressing such sentiments in 2023. Moreover, merely 37% anticipate a budget increment in 2025. Amplifying the stress, a mere 40% expressed high confidence in their team’s preparedness to tackle a cyberattack. Simultaneously, 47% predict a cyberattack on their organizations.
Mitigating employee stress amidst budgeting for 2025
As business leaders delve into budgetary exercises, below are measures to alleviate employee stress linked to the 2025 fiscal plan.
- Engage your hands-on cybersecurity team members in the budget deliberations. When employees sense that their viewpoints and suggestions are valued, they are less likely to harbor resentment. Furthermore, they can witness firsthand the trade-offs in budgeting and the repercussions of each decision on other expense items.
- Encourage personnel to voice their prevailing challenges. Commence by comprehending their dilemmas, then harness these issues to steer budgetary decisions. If team members gravitate towards technological fixes, redirect them to initially discuss the underlying challenges.
- Task your cybersecurity team with researching and obtaining estimates. Upon transitioning to the solution phase of budgeting, task cybersecurity team members with researching tools and obtaining cost estimates. Since they will be the primary users of these tools daily, garnering their endorsement for specific solutions can boost contentment levels and refine budget accuracy.
- Show team members the preliminary budget. Budget formulation often necessitates making tough choices. By unveiling the tentative budget to the team and seeking their input, they feel acknowledged and can comprehend the necessary trade-offs inherent in the budgeting process.
While the uptick in cybersecurity spending depicts a favorable trend on the whole, the real essence lies in how companies channel their augmented investments. By making astute decisions tailored to your distinct organization, you can curtail risks while concurrently enhancing employee morale.