Skip to content

Cybersecurity Spending Statistics 2023: A Closer Look

Cybersecurity Spending Statistics 2023: A Closer Look

If you‘re like me, you want to keep your online presence safe and secure. But cyber threats are growing more sophisticated every day. So how can we protect our digital lives both at work and at home? Understanding the latest cybersecurity spending trends provides valuable insight.

In this comprehensive guide, we‘ll dive deep into the key stats and trends shaping cybersecurity budgets right now. Whether you‘re benchmarking your own security investments or just want to get up-to-speed on where things are heading, you‘ll find all the important details here. Let‘s get started!

Global Cybersecurity Spending Still Rising

Cyberattacks and data breaches remain top concerns for organizations of all sizes. As a result, spending on cybersecurity solutions and services continues its upward trajectory.

According to the latest data from IDC, worldwide cybersecurity spending is expected to hit $219 billion in 2023. That represents a 12.1% increase over 2022‘s projected total of around $195 billion.

To put things in perspective, back in 2019, total cybersecurity spending clocked in at $161 billion globally. The surge since then highlights how cyber risks have compounded over the past several years.

IDC anticipates we‘ll cross the $300 billion threshold for global cybersecurity spending by 2026. That‘s nearly double recent years’ totals.

Several factors are fueling these spending increases:

  • High-profile cyberattacks like SolarWinds and Colonial Pipeline raised awareness of cyber risks. Organizations now understand cyber incidents can significantly impact operations, revenue, and reputation.
  • Remote work expanded attack surfaces. With employees accessing systems from home networks, vulnerabilities increased substantially.
  • Compliance mandates are expanding, like CMMC 2.0 for federal contractors. Adhering to new regulations necessitates spending on controls.
  • Ransomware attacks surged, damages averaged $1.27 million per incident in 2021. The threats and costs of attacks accelerated security investments.
  • Cloud adoption created new security challenges as organizations manage data and apps across cloud platforms.

Simply put, escalating cyber risks forced most organizations to make security a higher budget priority. Let‘s look at which industries are leading the way.

Financial Services Sector Makes Biggest Cybersecurity Investments

While cybersecurity may be crucial across sectors, some industries spend more than others. Financial services leads the pack when it comes to cybersecurity budgets.

Banking institutions topped the list with the largest dollar investments in cybersecurity solutions and services globally, according to IDC. Discrete manufacturing followed closely in second place, with the federal/central government and professional services rounding out the top four.

Together, these four sectors accounted for around one-third of total cybersecurity spending in 2023.

Now let‘s zoom in on their investment priorities:

  • Banking favored an even split, dedicating equal portions of cybersecurity budgets to both services and software tools. This shows they aim for a balanced approach.
  • Discrete manufacturers also split investments relatively evenly between services and software. They likely recognize the need for both.
  • Federal and central governments concentrated spending on services over tools. With legacy systems abound, they may be seeking outside help shoring up defenses.
  • Professional services firms prioritized software over services. With in-house technical expertise, they can handle implementation and focus budget on technology.

The data indicates while approaches vary, financial services, manufacturing, government, and professional services recognize cybersecurity as essential and are leading spend levels globally.

As cyber risks spread into other facets of the economy like retail, education, and healthcare, we may see sectors that historically lagged on security boost their investments. But for now, the most sophisticated industries with the most intellectual property, customer data, and connectivity to protect are allocating big budgets to match the threats.

United States Still #1 for Cybersecurity Spending

Zooming out to a geographic view, the United States maintains its #1 position as the largest region globally for cybersecurity spending.

Within the U.S., professional services and discrete manufacturing represent the two sectors spending the most on cybersecurity currently.

Western Europe holds the #2 spot overall, with banking and discrete manufacturing again the leading industries allocating cybersecurity budget in that region.

The Asia/Pacific region rounds out the top three geographies with meaningful cybersecurity investments.

The U.S. retaining the top position is no surprise. American companies were among the most prominent targets in major cyberattacks like SolarWinds and Pulse Secure VPN. Highly publicized breaches of U.S. firms motivated increased attention on cyber risks and security spending.

Likewise, Western Europe contains many multi-national corporations with valuable intellectual property and customer data to protect. So it makes sense they rank near the top on cybersecurity spending as well.

China‘s Cybersecurity Investments Take Off

While the U.S. and Western Europe lead in total dollars, China is ramping up spend fast and furious. From 2021 through 2026, China ranks first globally for projected growth in cybersecurity expenditures.

Specifically, China‘s five-year cybersecurity spending compound annual growth rate (CAGR) sits at a whopping 18.8%. That‘s nearly double the worldwide average.

In contrast, Europe‘s spend is forecast to grow at a still healthy but more moderate 10% CAGR through 2026.

What‘s driving China‘s nearly 19% annual cybersecurity budget surge? A few likely factors:

  • Increased government scrutiny and compliance mandates on domestic companies to strengthen defenses.
  • More sophisticated and prolific cyber threats emerging within the region.
  • Large-scale digital transformation of industries and infrastructure across China expanding the attack surface.
  • More Chinese organizations expanding globally and recognizing cyber risks.

Regardless of the exact drivers, the budget boom signals cybersecurity is now a top strategic priority for China as it looks to secure its economic future and competitiveness on the global stage.

Cybersecurity Grabs Bigger Share of IT Spending

In terms of budget share, cybersecurity accounted for approximately 9.9% of total IT spending in 2022 across industries worldwide.

To put this budget allocation figure in context:

  • In 2021, cybersecurity represented about 9.6% of IT spending on average globally, up from 8.7% in 2020.
  • According to analyst firm Gartner, back in 2015 cybersecurity claimed just 4.7% of total IT budgets.

So while not surging exponentially, cybersecurity is claiming a growing portion of technology spending each year. It‘s becoming ingrained as a standard line item for most IT organizations rather than an add-on.

Now 9.9% still seems on the low side given rising risks. But not all industries approach security spending equally:

  • Leading sectors like healthcare, financial services, and technology allocated a relatively higher percentage of their total IT budgets to cybersecurity. They are on the front lines defending against attacks.
  • However, industries like retail, education, and manufacturing invested less compared to IT spending overall. They may be underestimating threats.

If cyber risks continue proliferating rapidly, we could see cybersecurity budgets expand to over 15% of IT spending within five years for many security-focused organizations. But laggard industries may take longer to reach that level unless jolted by high-profile breaches in their sectors.

Businesses Making Cybersecurity Spending a Priority

With threats mounting, cybersecurity is becoming more of an imperative. According to a recent industry survey, 73% of businesses worldwide plan to increase cybersecurity spending in 2023.

Dedicating more budget demonstrates companies recognize cyber risks are growing and security requires greater investment. The high percentage making this a priority shows cybersecurity is top of mind across the business landscape.

Most organizations seem to understand playing defense requires financial investment. Cybersecurity spending enables firms to take proactive measures and build resilient defenses before costly breaches occur.

Organizations feel boosting cybersecurity budgets will better position them against escalating social engineering, ransomware and supply chain threats. The goal is implementing layered next-gen security tools, robust data protection, and advanced threat monitoring.

These statistics suggest cybersecurity spending growth may actually accelerate further over the next several years.

Small Businesses Cybersecurity Spending Lags

However, while enterprise cybersecurity budgets expand, smaller businesses often struggle to fund adequate security. A 2021 survey of small firms under 50 employees surfaced an alarming stat—47% had zero dollars explicitly allocated for cybersecurity. That means almost half weren‘t even budgeting for security.

The situation looked only marginally better among small businesses with 50-249 employees. Over one-third of these slightly larger companies still had no defined cybersecurity budget.

Compare that to larger organizations with over 250 employees. Among this cohort, 82% had an earmarked cybersecurity budget.

The takeaway? While smaller businesses have less data and fewer assets to protect, they are tempting targets for opportunistic cyber criminals. Ransomware gangs in particular favor small enterprises knowing they have weaker defenses. Attacks can quickly disable small companies.

With limited IT resources and little budget, small businesses remain extremely vulnerable. As threats increase, SMBs must make cybersecurity spending more of a priority, even if budgets stay modest.

Most Small Businesses Keep Cybersecurity Spending Flat

Along with lacking budgets, many small businesses made minimal changes to cybersecurity spending levels in 2021. According to one industry survey, 67% spent approximately the same on security as they did in 2020.

Just 22% increased their cybersecurity budgets year-over-year. The remainder either decreased spending or didn‘t know if budgets changed.

Additionally, small businesses allocated only around 5% of their total IT budgets to cybersecurity on average. That falls well short of larger enterprises and recommendations.

The data indicates too many SMBs fail to recognize cyber risks warrant larger, ongoing investments. With threats proliferating and remote work adding risks, small firms that stick with status quo security spending may suffer consequences down the road.

Specialized Cybersecurity Roles See Pay Climb

With cybersecurity a top priority, demand and compensation for specialized security roles continues rising across industries.

According to 2021 data, average pay for a cybersecurity analyst in the U.S. reached approximately $5,982 per year. These analysts leverage unique skills detecting vulnerabilities, conducting risk assessments, and architecting security controls. Given the complex and vital nature of their work, pay remains strong and rising.

Cybersecurity engineers who design, implement and manage security solutions earn around $8,339 annually on average based on reported figures. Architects who develop cybersecurity strategies and frameworks at the highest level make about $25,978 per year.

And cybersecurity administrators who configure controls and monitor networks average approximately $6,335 in annual compensation.

Salaries for all these key cybersecurity functions are up 10-15% over 2020 based on industry data. The job market remains extremely competitive as demand for talent outpaces supply. That gives professionals leverage to command top dollar, especially those with coveted certifications.

As long as cybersecurity remains a hot field, we can expect compensation for these essential roles to continue increasing consistently. Specialized skills and experience have significant value.

Cyber Insurance Costs Skyrocket

In addition to direct cybersecurity spending, organizations are shelling out big dollars for cyber insurance. Cyber insurance provides financial resources and support services if a breach occurs. It‘s become almost mandatory for many businesses.

But insurers have grown wary as ransomware attacks surge. As a result, premiums are skyrocketing.

Cyber insurance prices jumped 96% in Q3 2021 versus 2020 for U.S. policyholders – the largest single-year increase since 2015.

Plus, cyber insurance premiums rose over 30% year-over-year in 2020 globally. Insurers reduced coverage scopes and offloaded more risk to reinsurance firms.

Rising premiums result from insurers applying more data and risk analytics when pricing policies. With potential damages soaring, they‘re passing those costs to customers.

For many businesses, cyber insurance is the difference between surviving a breach or shuttering for good. But the costs add up quickly. Exorbitant premiums force tough spending trade-offs.

Large Enterprises Spend Big on Cybersecurity

Because large enterprises have exponentially bigger attack surfaces, customer bases, IP, and revenue to secure, they invest substantial sums on cybersecurity.

Research shows 50% of U.S. enterprises with over 10,000 employees now spend more than $1 million annually on cybersecurity. That‘s some serious cash. And it‘s nearly double the percentage allocating over $1 million just two years ago.

On the flip side, only 7% of big enterprises spend less than $250,000 per year on security – mostly companies that view cyber risks as minimal.

The remaining 43% of large firms land in the middle, spending between $250,000 and $999,999 on cyber defenses annually.

While budgets exceed $1 million for half of huge corporations, even smaller budgets can make an impact if spent wisely by focusing on highest risks and proven technologies. But most large companies seem to recognize robust security requires seven-figure investments.

Services Grab Half of Cybersecurity Budgets

When it comes to budget breakdowns, security services like managed detection and response captured half of total cybersecurity spending in 2020 based on industry estimates. That percentage doubled from 2018, highlighting the trend toward services over tools.

Why the attraction to security services? A few top reasons:

  • Services provide 24/7 expert monitoring, threat detection and incident response. With talent scarce, many organizations find it more efficient to outsource these capabilities.
  • Complexity of modern security stacks requires integration and optimization assistance many firms lack internally.
  • Ongoing management and maintenance of security controls consumes IT resources. Services take that burden off internal staff.
  • Cloud adoption expanded need for services like cloud access security brokers (CASBs) to gain visibility and control.

Other top categories include infrastructure protection and network security tools. But services dominate as complexity, staff shortages, and cloud growth expand demand.

Considering these drivers, expect 50% or more of cybersecurity budgets flowing to expert third-party services for the foreseeable future.

Mixed Returns on Security Spending

Are organizations getting bang for their buck when it comes to cybersecurity spending? Not always.

In one recent survey, 53% of businesses said they believe over half the cybersecurity budget gets wasted. The perceived low ROI results from continued breaches and inability to defend against threats despite big investments.

This signals a potential disconnect between spending and impact. Many security pros feel they aren‘t getting commensurate risk reduction for the dollars spent.

Why does this perception exist? There are a few likely reasons:

  • Cybersecurity spending is still largely reactive vs. proactive for many firms. It spikes after incidents rather than preventing them.
  • Tools and services get adopted ad hoc without a comprehensive risk-based strategy. This leads todisjointed, ineffective security stacks.
  • Lack of metrics makes it hard to tie spending to risk reduction. Organizations don‘t know their return.
  • Budgets get allocated disproportionately to hardware and software over skilled resources. Technology alone can‘t win the battle.

For cybersecurity spending to consistently pay off, organizations may need to take a more measured, strategic approach. This includes focusing budgets on reducing quantified risks, proven technologies, actionable threat intelligence, and qualified staff.

Best Practices for Budgeting: Follow Risks, Measure Results

So what should organizations target for cybersecurity spending? While exact budget percentages vary, a few best practices apply to all:

  • Base budgets on regular cyber risk assessments. This quantifies assets, threats, vulnerabilities and guides smart investments.
  • Prioritize high-impact controls like multifactor authentication (MFA), data encryption, end-point detection, email security and backup. These provide huge risk reduction.
  • Devote budget to threat intelligence, security analytics and metrics. This provides insight into spending efficiency.
  • Align spending directly to security strategy and business goals like reduced downtime. This focuses budget on what matters most.
  • Include both technology and skilled staff. Tools need qualified resources to implement and operate them.
  • Continuously monitor effectiveness and optimize based on results. Cut low-ROI initiatives and double down on what works.

Adhering to these best practices will help maximize the impact of whatever your organization spends on cybersecurity.

Key Takeaways

  • Global cybersecurity spending continues to accelerate, projected at $219 billion in 2023 and rising fast.
  • Industries like financial services, government, and manufacturing lead security spending currently.
  • The U.S. and Western Europe dominate budgets, but China‘s growth rate is sky high at nearly 19% annually.
  • Cybersecurity grabs over 9% of IT spending today, claiming a bigger slice each year.
  • But many small businesses still invest minimally in cybersecurity, while large firms spend millions.
  • Services take almost 50% of security budgets as organizations supplement staff with outside experts.
  • Mixed perceptions on spending efficiency suggest more strategic approaches are needed by many.
  • Following risk assessments, focusing on proven controls, and measuring performance are critical best practices for budgeting.

The key is applying budget to maximize risk reduction and secure what matters most. With some forethought and discipline, organizations of all sizes can get the most protective bang for their buck.

Stay safe out there! Let me know if you have any other cybersecurity spending or security questions. I‘m always happy to help fellow tech enthusiasts.



Michael Reddy is a tech enthusiast, entertainment buff, and avid traveler who loves exploring Linux and sharing unique insights with readers.