For years, cybersecurity held a privileged position in corporate budgets. Regardless of economic conditions, security spending kept growing. That assumption no longer holds.

The Numbers

Cybersecurity budgets grew 4 percent in 2025 on average, down from 8 percent the previous year, the lowest rate in five years according to IANS Research and Artico Search. As a share of overall IT budgets, security spending fell from 11.9 to 10.9 percent, breaking a five-year upward trend.

Only 47 percent of CISOs reported a budget increase this year, down from 62 percent in 2024. Staffing growth slowed to 7 percent, its lowest level in four years. Just 11 percent of security leaders say their teams are adequately staffed.

What Is Driving the Cuts

The slowdown reflects a turbulent global economy shaped by geopolitical instability, tariff uncertainties, inflation, and fluctuating interest rates. Companies are becoming more cautious in their spending, and cybersecurity budgets are feeling the pressure more than in previous years.

Security is no longer a budgetary exception. Organizations now treat it like any other business unit, and the macro environment and organizational priorities largely dictate its budget.

The shift also reflects where IT money is going instead. Overall IT spending is picking up, but security is not capturing a proportionate share. AI and cloud infrastructure are absorbing larger portions of organizational technology budgets, and organizations are deprioritizing security in the reallocation.

The Government Layer

The private sector is not cutting alone. The Trump administration initially proposed cutting $491 million, or 17 percent, of CISA’s budget along with more than 1,000 staff members. A mix of voluntary departures, layoffs, and buyouts have already reduced CISA’s staffing from 3,700 at the start of the year to between 2,200 and 2,600 employees.

Cuts could lead to a deprioritization of organizations outside the federal government and critical infrastructure sectors, forcing companies to seek alternative sources of cyber defense support.

The Geopolitical Contradiction

Survey data from the WEF Global Cybersecurity Outlook 2026 shows that 12 percent of organizations in North America and 13 percent in Latin America have cut cybersecurity budgets specifically due to geopolitical volatility. The same volatility driving budget cuts is also driving the threat environment that makes those cuts dangerous.

Geopolitical tensions are increasingly exposing critical national infrastructure to cyber warfare, with energy, water, and transportation sectors targeted in coordinated campaigns where interconnected systems amplify the damage.

The Cost of Getting It Wrong

The FBI’s 2025 Internet Crime Complaint Center report recorded $20.877 billion in cybercrime losses, a 26 percent increase from 2024, and the first time the agency received more than one million complaints in a single year.

Organizations are spending less on defense at the same moment attackers are becoming more sophisticated, better funded, and in some cases state-sponsored. The Kelp DAO exploit, the Drift Protocol breach, and a string of infrastructure attacks across 2026 all point to the same direction.

Cybersecurity budget cuts are not driven by a reduction in threats. They are driven by economic pressure.