Most organisations (57.9%) spend at least some of their budget on GRC tools to collect and maintain compliance evidence.

A significant minority of UK organisations, 20%, expect increases of over 50% in their cybersecurity budgets.

8% of UK organisations report that they do not have enough funding to cover their cybersecurity needs.

77% of UK CISOs feel that their IT budget is not completely reflected by their board’s objectives to meet regulatory requirements.

29% of CISOs say they receive the proper budget for cybersecurity initiatives, compared to 41% of board members who think cybersecurity budgets are adequate.

84% of UK senior security decision makers felt that their organisation had made more than enough budget available to become compliant with DORA.

2% of UK organisations had not yet calculated their cybersecurity budget requirements.

20% of CISOs spend between $100,000 and $200,000 annually on compliance.

38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks.

The majority of UK organisations, three-quarters, anticipate their cybersecurity budgets will grow.

10% saw a decrease in their privacy budget in the past 12 months.

18% of CISOs claimed they were unable to support a business initiative due to budget cuts in the past year, and 64% said that lack of support led to a cyberattack.

The majority of respondents expect technology budgets to grow in the next 12 months.

Nearly 2 in 5 organisations are counting on cost savings from AI-driven efficiencies to pay for the technology.

54.2% of respondents to the CISO Society survey feel that they have the talent to meet future regulatory requirements.

43% of respondents believed their privacy budget was underfunded.

36% of respondents felt their privacy budget was appropriately funded.

78% of UK senior security decision makers reallocated budget from other business areas to meet DORA compliance requirements.

50% of boards with a CISO member report excellent or very good relationships when budgeting adequately to meet goals, compared to 24% for boards without a CISO member.

Despite the increase in budgets and the perception of adequate resources, nearly half of UK cybersecurity leaders, 47%, struggle to engage at the board level.