Key Financial Services Security Staffing Impacts in 2025
Financial services firms in 2025 will continue to dedicate a larger percentage of their IT budget to security expenses, yet those dollars likely won’t be earmarked for additional staff as findings from the IANS Research and Artico Search fifth annual CISO Compensation and Budget Research Study reveals that security headcount on average will remain flat.
To uncover the specifics of recent annual budget developments, IANS Research and Artico Search jointly fielded their fifth annual Compensation and Budget survey in April 2024 gathering responses from over 750 CISOs. We received detailed budget data from 681 CISOs that form the basis of this report.
This piece breaks down a few key data points relevant to the state of security spending and how it can impact financial services staffing as uncovered in our Security Budget Benchmark Summary Report.
Financial Security Spend Outpaces IT Budgets
We asked Financial Services CISOs to quantify their security spending as a percentage of overall IT spend as well as a percentage of their revenue. The numbers reveal a clear upward trend, reflecting exactly how critical security is becoming to an organization’s success.
As percentage of IT spend, the average security budget increased from 9.7% in 2020 to 12% in 2024. Security budget as a percentage of revenue also increased, with organizations now spending an average of 0.69% of their revenue on security.
IANS Faculty Steve Martano, also a partner in Artico Search’s cyber practice explains these metrics and their multiyear trends as security becomes increasingly connected to enterprise value.
“Security budgets are continuing to outpace IT budgets as security becomes more directly correlated with enterprise value, particularly for companies planning to transact in the near term,” Martano elaborates. “Additionally, many companies are using their security program as a market differentiator, moving the budget from ‘cost center’ to ‘value proposition’ as CISOs are more engaged in customer conversations.” [See Figure 10 below]
Half of CISOs Are Unable to Increase Staffing
As security budgets continue to consume a bigger piece of the larger IT budget, our most recent survey shows that staff and compensation allots for the single largest share of security budgets. CISOs provided a detailed account of security budgets, showing that 39% of their annual security budget is dedicated to staff and compensation, followed closely by total software spend with off-premises and on-premises software accounting for 22% and 8%, respectively. [See Figure 13 below] Outsourcing represented 11% of the total security budget for the CISOs responding to our study.
Half of CISOs Are Unable to Increase Staffing
While nearly two-thirds of the CISOs we surveyed reported receiving a budget increase for 2025, not as many were able to augment their staff with the additional funding. In fact, nearly half of our survey respondents will not be able to add headcount in the coming months. For about one-quarter of CISOs, budgets remained flat and 11% had budget reductions. Digging deeper into the data, we found that a majority (71%) of CISOs who will experience a budget increase in 2025 will only see at most 10% growth, while nearly 30% will gain slightly in 2025.
Find helpful Budget Guidance: Download IANS Financial Services Tools and Resources
A little more than half (57%) of CISOs plan to add headcount to their security organizations in 2025, down from 60% in 2023 and 69% in 2022. This year’s data shows that a growing share of organizations are keeping headcount flat, while one in 10 CISOs are cutting headcount. [See Figure 7 below.] The average security staff growth rates CISOs reported over the past four years shows a multiyear decline which strains not only CISOs but also security teams.
Still, CISOs in our study are not dissatisfied with their budgets. Pointing to a more critical role in the overall business, CISOs are gaining more credibility and visibility with executive leadership.
“CISOs often talk about being asked to do more with less, but when asked objectively in the survey, less than a third of CISOs are dissatisfied with their budgets,” IANS’ Martano explains. “While there is a prevailing narrative more money is better and leads to CISOs being more satisfied, the reality is more complex. CISOs who report that they are satisfied typically have visibility and credibility with leadership, engage in risk management discussions, and present program metrics to the board. CISOs that lead security programs viewed in the context of business risk are satisfied due to the alignment of the operational security up to the board level.
Connect with IANS’ Financial Services CISO Community
Want more financial industry resources and guidance? We’ve got answers for your biggest pain points. Go to our new Financial Services Resource page - You’ll find tools and guidance that make your job easier
IANS offers many ways to engage with the FS cyber community, including reports, webinars, CISO roundtables and opportunities to request a call with peers or IANS Faculty. Our 150+ Faculty practitioners are here to help you and your team move faster and make more informed decisions. Manage risk while saving time and budget. Not an IANS client? Get in touch to learn more.