Disclosure: TheBestVPN is reader-supported. When you buy a VPN through links on our site, we may earn commissions. Learn more.

How Much Do Companies Spend on Cybersecurity?

Last updated:
How Much Do Companies Spend on Cybersecurity?

 

Key Takeaways

  • Companies allocate just 0.69% of revenue to cybersecurity in 2024-2025, up from 0.48% in 2022.
  • Security budgets hit a six-year low of 0.48% in 2022 before rebounding to current levels.
  • The six-year average sits at 0.58% – roughly $5.80 per $1,000 in revenue.
  • Rising budgets signal a shift toward treating cybersecurity as core infrastructure, not discretionary IT spending.

The Story Behind the Numbers

Between 2020 and 2025, companies in this benchmark set aside a very small but rising share of revenue for cybersecurity. Security budgets started at 0.50% of revenue in 2020, dipped to 0.49% in 2021, and reached a low of 0.48% in 2022. From 2023 onward, the trend reverses: 0.63% in 2023 and 0.69% in both 2024 and 2025. Across the full six-year period, the average security budget is roughly 0.58% of revenue. In plain terms, for every 1,000 units of revenue, only around 5.8 are spent on cybersecurity. It’s not hard to see why boards are nudging that number up: even smaller organizations can be hit with breach costs of roughly $3.31 million per incident, which dwarfs what many spend on prevention. The recent increase suggests boards are starting to view security as a permanent operating cost instead of a one-off project line item.

Why This Data is Important

Less than 1% of revenue finances the teams, tools, and processes that protect customer data and keep services online. When the share fell from 0.50% in 2020 to 0.48% in 2022, many organizations were being asked to secure more cloud apps, remote workers, and exposed endpoints without equivalent budget growth. The climb to 0.69% in 2024-2025 signals a shift toward treating cyber risk as a core business issue rather than a niche IT problem. That shift also shows up in the broader market. The global cybersecurity market is estimated at about $203.0B in 2025 and is projected to climb to about $271.9B by 2029, reinforcing that security spend is becoming a long-term baseline rather than a temporary spike.

As budgets rise, security leaders can invest more in staff training, testing, and core controls such as encrypted remote access, stricter network segmentation, and tighter access to critical data – often drawing on VPN basics in practice, clearer policies on hiding corporate IP addresses, and fast VPN setups that do not slow down key workflows.

Looking Ahead: Future Outlook

If the current pattern holds, security budgets are likely to stay around or above the 0.69% mark instead of dropping back toward pre-2023 levels. That would set a new baseline where cybersecurity spend is treated more like insurance or utilities: small compared with revenue, but non-negotiable. Organizations that keep strengthening people, processes, and technical controls will be better prepared for shifts in attacker tactics and regulatory pressure, while also facing a labor market where 1 in 4 cybersecurity roles has no qualified candidate.

Source & Methodology

Figures come from the IANS, Artico Search “2025 Security Budget Benchmark Summary Report.” The analysis uses reported average security budgets as a share of revenue for 2020-2025. The six-year average was calculated directly from these values, and all results are expressed as security budget as a percentage of company revenue.