Getty Images/iStockphoto

Security Budget Growth Plateaus in Healthcare

While security budget growth continues on an upward trend, new research shows that healthcare and other sectors are increasing their budgets by a smaller amount this year compared to last year.

Security budgets across all sectors experienced a 6 percent average security budget increase this year, compared to a 17 percent increase in the last budget cycle, a new report from IANS Research and Artico Search revealed. Researchers surveyed 550 CISOs from organizations in a variety of sectors, including healthcare.

Although the budget increase is positive, it represents a 65 percent reduction in growth from last year. What’s more, budget growth was lowest in cyber-mature sectors like tech, finance, and healthcare.

“These industries generally have more mature cyber programs due to their longer history of frequent cyberattacks and sector-specific cyber-regulations,” the report noted.

Of course, budget isn’t everything, and there are plenty of low-cost efforts that organizations can take to improve security. But budget is often a good indicator of how much a company is focused on cybersecurity.

“The incremental growth in cybersecurity budgets is insufficient relative to the increases in scope facing security teams. In the latter part of Q4 2022 and throughout 2023, many CISOs reported difficulty getting the resources they need, with some indicating outright budget freezes,” said Nick Kakolowski, senior research director of IANS, in an accompanying press release.

“With the recent public breaches at Clorox, MGM, and Caesars, we will be closely monitoring how companies approach budgeting for 2024. Our research indicates that organizations that adjust spending in response to major industry disruptions boost their budgets by 27 [percent], on average.”

The report highlighted the fact that many CISOs analyze security budgets as a percentage of the IT budget for benchmarking purposes. In this year’s report, a third of respondents reported spending less than 6 percent of the IT budget on security. However, some CISOs reported that their security budget is nearing 100 percent of their IT budget.

“The CISO’s budget is increasing as a percentage of the IT budget because IT budgets are being cut at a faster rate than security budgets, and, in many cases, security budgets are being increased,” said Matt Comyns, co-founder and president at Artico Search, in reaction to this data. “Furthermore, security is becoming more expensive and complex, while IT is becoming increasingly commoditized.”

Tech firms reported the largest budgets proportional to IT spend, at 19.4 percent, while healthcare was one of the lowest, at just 8.1 percent.

Key drivers to security budget increases across all surveyed sectors included increased risk, digital transformation, and company repositioning, such as merger and acquisition activity. Others reported increased security spending due to major industry disruptions, such as highly publicized data breaches.

Notably, staff and compensation accounted for the largest spend category provided by the surveyed CISOs. Other top spend categories included off-premises software and outsourcing.

As healthcare cybersecurity risks continue to plague the sector, an increased focus on security from the board and c-suite is crucial. Healthcare cybersecurity practitioners can use their knowledge of the threat landscape to portray risks to the board and obtain crucial budgetary resources.

Next Steps

Dig Deeper on Cybersecurity strategies