Cybersecurity Budgets 2024: Where CISOs Are Investing – and Where They Are Cutting Back

Security budgets are increasing by an average of 14 percent in 2024 – but not uniformly. CISOs are shifting funds from traditional perimeter security to identity, cloud security, and detection & response. At the same time, the pressure to demonstrate the ROI of every investment is rising. Those who approach the board without a business case are losing out.

TL;DR

Average security budget increase in 2024: 14 percent (Gartner)
Top investment areas: Identity (68%), Cloud Security (62%), Detection & Response (58%)
Cuts: Legacy firewall appliances, signature-based AV, standalone encryption
Regulation (NIS2, DORA) drives 40 percent of budget increases

The Shift: From Perimeter to Identity

The days when 50 percent of the security budget flowed into firewall appliances are over. Gartner predicts that identity investments will make up the largest single item in the security budget for the first time in 2024 – ahead of network security and endpoint protection.

The driver: Cloud adoption and remote work have dissolved the perimeter. The question “Who is accessing what?” has become more important than “What is getting through the firewall?” CIAM, PAM, and Zero-Trust Network Access (ZTNA) are the growth areas.

Cloud Security: The Second Mega-Trend

62 percent of CISOs plan to increase cloud security investments. CNAPP (Cloud-Native Application Protection Platform) consolidates CSPM, CWPP, and CIEM into a single platform. The market is maturing: Wiz, Orca, Palo Alto Prisma, and CrowdStrike Falcon Cloud are competing for market share.

The investment logic: Multi-cloud environments create complexity that manual processes cannot scale to cover. Automated misconfiguration detection and compliance monitoring are no longer nice-to-haves.

Detection & Response: XDR as a Consolidation Platform

Extended Detection and Response (XDR) promises what SIEM never fully delivered: correlated detection across endpoint, network, cloud, and identity – with automated response. CISOs are investing in XDR to reduce alert fatigue and lower the Mean Time to Detect (MTTD).

The consolidation pressure is real: An average company uses 76 security tools (Panaseer). XDR reduces this number and thus license costs, integration effort, and complexity.

The ROI Pressure: Security Must Deliver a Business Case

CFOs are increasingly asking: What does the security investment bring? CISOs who argue solely with fear (“We will be hacked if we do not invest”) are losing credibility. Successful CISOs quantify: risk reduction in euros, compliance costs vs. penalty risk, reduction of insurance premiums through measures.

Frameworks like FAIR (Factor Analysis of Information Risk) enable financial risk quantification. The trend is clearly towards data-driven security budgeting.

Key Facts

Budget Growth: 14 percent average increase (Gartner 2024 Forecast)

Tool Sprawl: 76 security tools on average per company (Panaseer)

NIS2 Effect: 40 percent of budget increases driven by regulation

Frequently Asked Questions

How large should the security budget be?

Industry-dependent: Financial sector 8-12 percent of the IT budget, industry 5-8 percent, healthcare 6-10 percent. The absolute number is less relevant than the risk-appropriate allocation.

Is consolidation onto a single platform worthwhile?

In most cases, yes. Fewer tools mean fewer integration problems, faster correlation, and lower license costs. But: Check for lock-in risks and ensure that the platform covers all critical use cases.

How do I argue for more budget with the board?

Three approaches: Risk quantification (FAIR model), benchmark comparison with industry standards, and regulatory requirements (NIS2, DORA). Concrete scenarios with financial impacts are more convincing than abstract threat images.