Blog Compliance Benchmark your cybersecurity spending plans for 2025 For most security and risk leaders, 2024 was a year of mounting pressure to balance budgetary pressures and cybersecurity resilience. The good news is that while most industries and job functions have seen budget slashed, CISOs haven’t experienced the same drastic cuts and have seen budgets remain flat, if not increase slightly, likely due to mounting regulatory requirements, customer expectations, and cyber insurance demands. However, this financial insulation is not without its challenges. A new report from Forrester, Budget Planning Guide 2025, featuring an introduction from Thoropass, Driving Budget Efficiencies in Security and Risk, sheds light on how global security leaders manage budgets, address emerging risks, and rethink investments to safeguard their organizations. Read the full report here, or continue on for the key takeaways. CISO budgets continue to grow (but not by much) Despite economic challenges, cybersecurity budgets are on the rise. According to Forrester’s Budget Planning Survey, 2024, nearly half of decision-makers expect modest increases of 1-4%. With inflation tightening constraints, however, even these increases may fall short of covering growing expenses. Top spending areas include cloud security, on-premises security technology, and security awareness training. This upward trajectory signals a continued focus on strengthening defenses, but leaders must also address inefficiencies and redundancies to maximize value. Combatting tech stack sprawl is a key concern One of the most pressing challenges is tech stack sprawl, where an overabundance of tools inflates costs and hampers operational efficiency. Currently, software accounts for 36% of cybersecurity budgets, far exceeding hardware and personnel costs. To optimize spending, Forrester suggests: Only add new tools if you eliminate outdated ones. A “one-in, one-out” principle can streamline operations. Focus investments on what they refer to as “business-aligned technologies” that protect revenue-critical areas, such as application security and API governance. Focus on investing in “business-aligned” areas Forrester recommends a conservative approach to budgeting in 2025. The report suggests considering increasing investment in the following areas: 1. Software supply chain & API security: As organizations embrace APIs and open-source libraries, securing the software supply chain has become paramount 2. Human risk management: Traditional training programs often fail to create lasting behavioral change. Emerging human risk management platforms detect real-world security behaviors, quantify risk, and deliver tailored interventions. 3. Skills & training platforms: Organizations are turning to cybersecurity skills and training platforms to address talent shortages and rapidly changing requirements. These tools simulate real-world threats, improve incident response, and upskill teams cost-effectively, making them a smart alternative to traditional boot camps. 4. IoT/OT threat detection: As attacks on IoT and operational technology rise, security leaders are focusing on real-time threat detection. Monitoring traffic at the edge and within networks is essential to protect critical assets and improve resilience. Divest from outdated solutions Similarly, there’s no time like the present to audit your tech stack and re-evaluate what’s essential for business growth, identify redundancies, and consolidate where possible. Not every legacy tool is worth keeping. Security leaders should consider transitioning from outdated and ineffective technologies like: Traditional MFA Legacy-managed security services Standalone CASB solutions Experiment with emerging technologies To stay ahead, organizations must evaluate new solutions that address evolving threats. Recommended technologies include: Exposure management platforms Post-quantum cryptography tools Security data lakes AI/ML security platforms AI-powered compliance and audit automation solutions Ready to take a balanced approach to 2025 planning? As resource requirements outpace budget increases, security leaders must balance growth and efficiency as they prepare for 2025. By optimizing spending, divesting from outdated solutions, and investing in strategic technologies, they can strengthen defenses while controlling costs. For a deeper dive into these trends and actionable insights, get the full report: Budget Planning Guide 2025: Security and Risk featuring an introduction from Thoropass. Discover how your organization’s approach stacks up and unlock strategies to future-proof your cybersecurity posture. Get the full report now. Get the report Driving Budget Efficiencies in Security and Risk Drive budget efficiency in 2025 with Forrester’s new report. Amanda Levine See all Posts Get the Report icon-arrow Amanda Levine See all Posts Share this post with your network: Facebook Twitter LinkedIn