IT Budgets and the Lack of Security Spending

12304214882?profile=RESIZE_400xAccording to researchers, despite industries best efforts, 67% of businesses say they need to improve security and compliance measures with 24% rating their organization’s security and compliance strategy as reactive.  The expansion of attack surfaces in a post-pandemic hybrid world, combined with shrinking teams and budgets and the rapid rise of generative AI, are fueling an urgent need for companies to improve and prove their security posture.

For companies of all sizes, limited risk visibility and resource constraints make it challenging to improve their security.  Only 4 in 10 organizations rate their risk visibility as strong.  Meanwhile, 1 in 4 have downsized IT staff and 60% have either already reduced IT budgets or are planning to as they continue grappling with the challenging global economic environment.[1]

With rising risk and shrinking resources, the message is clear: businesses need new methods to improve their security.  Compounding the urgency is ever-evolving global regulation and the growing time-suck of complying with an increasing number of standards.  Organizations are at an impasse in an environment where customers want more insight into a company’s security practices.


Two-thirds say that customers, investors and suppliers are increasingly seeking proof of security and compliance.  While 41% provide internal audit reports, 37% third-party audits, and 36% complete security questionnaires, 12% admit they do not or cannot provide evidence when asked.  That means companies worldwide are falling at the very first hurdle costing them potential revenue and growth opportunities in new markets.

Businesses spend an average of 7.5 hours per week or more than 9 working weeks a year on achieving security compliance or staying compliant.  54% are concerned that secure data management is becoming more challenging with AI adoption with 51% saying that using generative AI could erode customer trust.  The two biggest barriers to proving and demonstrating security externally are a lack of staffing and lack of automation to replace manual work.  Only 9% of businesses’ IT budgets are dedicated to security, with 1 in 3 leaders saying their IT budgets are continuing to shrink.  Identity and access management and data processing that does not comply with regulations are the two biggest blind spots for organizations.

Leaders in the US are most likely to delay entering new markets due to compliance requirements, admitting they are not prioritizing compliance due to the financial investment.  Respondents in Australia are the most concerned about generative AI’s potential impact on customer trust.

Germany is one of the most likely to say that the volume of standards and regulations is a barrier to maintaining a robust security program.  76% of leaders in France say they need to improve security and compliance, the highest of all markets.

Organizations in Australia are least likely to be able to provide proof of compliance to customers.  UK leaders are more concerned with keeping up to date with evolving regulations than any other market.

Companies in the US believe they could save at least 3 hours a week by automating security and compliance tasks the highest of any country.

Ultimately, better security improves efficiency, builds trust and boosts the bottom line.  70% of leaders say that a better security and compliance strategy positively impacts their businesses thanks to stronger customer trust, while 72% agree that a better security and compliance strategy would make them more efficient.  83% of businesses have or plan to increase their use of automation, particularly for reducing manual work and streamlining vendor risk reviews and onboarding. All in, respondents believe they could save at least two hours per week over 2.5 working weeks a year if security and compliance tasks were automated.

Automation and generative AI are top choices for IT and business decision makers with 77% of businesses already or planning to use AI/ML to detect high risk actions.   When properly deployed, AI has an undeniable power to accelerate security workflows and transform trust.  Respondents believe the biggest potential of AI will be improving the accuracy of security questionnaire responses (44%), eliminating manual work (42%), streamlining vendor risk reviews and onboarding (37%), and reducing the need for large teams (34%).

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or   

Weekly Cyber Intelligence Briefings:




Weekly Cyber Intelligence Briefings:


REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!