Study Reveals 80% Boosting Security Budgets Amid AI Threats
Eighty percent of organizations anticipate rising information security budgets in the next 12 months, with cloud security protection for generative AI and large language models (LLMs) the top priorities, according to ETR’s 2025 State of Security Study.
More than half (51%) intended to expand the number of security vendors in their organization’s portfolio in 2024, but now fewer – 40% – intend to diversify their vendor mix. Today, nearly half (48%) expect no change in the number of vendors they rely on. A third of organizations say they are expanding their number of security vendors to respond to new threat vectors (32%) and a quarter are expanding to enable business growth (24%).
The annual survey, which captured data from 500 IT decision makers, tracks the influence of AI on security, the impact of geopolitical tensions and cyber threats, and which security vendors are most desired and seen as most innovative in the field. Other key findings include:
More than half (51%) intended to expand the number of security vendors in their organization’s portfolio in 2024, but now fewer – 40% – intend to diversify their vendor mix. Today, nearly half (48%) expect no change in the number of vendors they rely on. A third of organizations say they are expanding their number of security vendors to respond to new threat vectors (32%) and a quarter are expanding to enable business growth (24%).
The annual survey, which captured data from 500 IT decision makers, tracks the influence of AI on security, the impact of geopolitical tensions and cyber threats, and which security vendors are most desired and seen as most innovative in the field. Other key findings include:
- The highest priority areas of information security are vulnerability management, identity security, data security, endpoint security, and cloud security. DevSecOps, Web application security, and decentralized network security are the lowest priorities.
- Threat exposure management is of growing interest to respondents, as well as vulnerability prioritization, across all respondents to the survey. Executives in the C-suite as well as respondents from financial industry organizations rated these trending areas of security technology especially high in evaluation rates.
- Though nearly a quarter (23%) say they have no plans to spend on AI related security tools, an equal proportion (23%) are already spending in this area. The remaining 54% of respondents plan to spend on AI security tools in the next year.
- Despite the industry hype around AI agents to monitor and respond to cybersecurity threats, only 3% say they have fully implemented AI agents across multiple systems, with another 15% indicating partial implementation in select areas or use cases. Collectively 50% of respondents either have no plans to deploy AI agents (16%) or are considering it for the future but with no timeline in place (34%).
- 43% of respondents note a rise in threats tied to geopolitical tensions, but only 12% have significantly increased their budgets in response and 55% have made no change. This highlights the tension between threat awareness and constrained budgets.
- Security roles have expanded, with 65% of respondents also managing aspects of IT infrastructure and 55% managing business continuity planning. In-house staffing is more common in large enterprises and Global 2000 firms, while small and midsize businesses tend to lean more on outsourcing, often due to the persistent skills gap and difficulty recruiting security talent with expertise in complex hybrid environments.
Straight from Technology Leaders
We eliminate bias and increase speed-to-market by cutting out the middleman and going straight to the voice of the customer