Has AI Hijacked the Security Budget? Rethinking Security Spending in the Age of AI

By Anand Singh, PhD, Chief Security and Strategy Officer

We are living through the change of our lifetimes. The AI and Data tsunami is not coming. It is already flooding every enterprise.

Today, CrowdStrike, Splunk, Palo Alto, Wiz, and their peers make up about 70 percent of a typical security budget. My forecast? In five years, that flips. They will account for just 10 percent. Data, AI, and Identity will own 70 percent.

Sounds impossible? So did CrowdStrike when antivirus ruled the world. Yet the stack flipped overnight. I have reviewed every major analyst forecast and budget study from Gartner, Forrester, and others.¹-⁸ The trend is unmistakable as shown in the chart below.

Here is what is happening

CISOs and vendors both hear the same phrase: “We have no budget.”

That is not true. There is always a budget. It just hides behind the wrong story.

The same psychology that unlocks emergency funds after a breach is now driving the biggest funding shift in two decades. For the first time, CISOs are not losing money because of cuts. They are losing it because AI has captured the narrative.

The executives who once signed off on firewalls and endpoints are now approving “data modernization,” “AI readiness,” and “trust architecture.”

Security has not lost importance. It has lost attention.

How to win it back

Forget the long-term horizon. The next 18 months decide everything.

The 2025 budgeting cycle already shows three distinct phases taking shape: Looking Back. Evolutionary. Revolutionary.

Every single one now runs through Data and AI.

Why the budget conversation is different in 2025

• Spending keeps rising, but scrutiny is sharper. Global security spending is projected to reach $213 billion in 2025, up from prior years.5
• Budgets are uneven across firms. Many CISOs report flat or slowing budgets even as board expectations climb.
• AI dominates executive focus. A recent survey shows that only a fraction of enterprises capture real value from AI because their foundational governance and data controls are weak.9
• Breaches remain the ultimate catalyst. The average cost of a breach now exceeds $4 million globally, with U.S. incidents often more than double that.

In cybersecurity, emotion unlocks money faster than logic. Budgets follow exposure, not features.

As Geoffrey Hinton observed, “Deep learning is very good at learning from large amounts of data, but it still requires the data to be labeled.” Labeling costs now fuel a multi-billion-dollar data classification market, often funded through AI budgets, not traditional security ones. The board’s questions have shifted, and the money follows the questions.

1. Looking Back: Stabilize, rationalize, and prove value

Objectives

• Close the gaps exposed by last year’s audit or incident.
• Retire shelfware and overlapping tools.
• Prove measurable improvement in risk posture.

Data Insight
Boards no longer care how large the stack is. They want proof that each renewal improved detection, response, or data safety.³

Recommended allocation (12 months):

• Tool consolidation and contract rationalization: 10–15%
• Incident automation and playbook readiness: 8–12%
• Security metrics and reporting automation: 1–2%

How to frame it:
Instead of “this reduces dwell time,” say “this prevents surprises for the Board by preventing incidents.” That line opens wallets because it connects spend to accountability, not just technology.

Even in this retrospective phase, invest in visibility. You cannot defend what you cannot inventory, especially when that data may later feed an AI model.

2. Evolutionary: Fund the Data + AI foundations to Enhance Security

Objectives:

• Shift budget toward securing data pipelines, lineage, and AI governance.
• Reduce the silent cost of poor data quality and shadow AI.

Why it matters:
Poor data quality costs large enterprises millions each year, often $5–25 million in hidden losses.¹⁰ Shadow AI quietly increases breach risk and compliance exposure.

Recommended allocation (12 months):

• Data Security Posture Management (DSPM): 6–10%
• AI usage governance and monitoring: 3–6%
• Data lineage, labeling and quality programs: 3–5%
• Cloud and app security tied to data flows: 8–14%

How to frame it:
Do not pitch “better data protection.” Pitch board confidence.

CFOs fund what prevents embarrassment. “This prevents board questions about how AI handles customer data” opens wallets fast.

3. Revolutionary: Rebalance the portfolio for AI-native operating models

Objectives:

• Move from defensive posture to AI-by-design.
• Integrate identity, data, and model assurance into one control plane.

Context:
Global IT spending is projected to reach $5.4 trillion in 2025, driven in large part by AI initiatives.11 Security vendors are re-engineering their platforms to match that shift.

Recommended allocation (18-24 months):

• Unified data-identity control plane: 8–12%
• AI assurance and safety stack: 4–7%
• Secure data supply-chain and synthetic-data programs: 5–8%
• AI-driven detection and response architectures: 18–23%

How to frame it:
These investments allow your organization to be explainable to regulators and resilient to AI-driven failure. Of course, they prevent breaches. But they also prevent awkward silence when the board, auditors, or regulators ask, “Can we prove our AI didn’t leak regulated data?”

The real battle: attention, not approval

CISOs rarely lose to budget cuts. They lose to competing narratives. When the story is weak, funding freezes. When the story connects to exposure, funding appears overnight.

AI has not destroyed the security budget. It has simply changed what qualifies as security. The line items may evolve, but the psychology behind them has not.

• Budgets follow exposure.
• Exposure follows data.
• And data now fuels AI.

If AI has hijacked the security budget, the solution is not to fight it. It is to speak its language and position security as the guardian of enterprise data in the age of AI.

References

1. Forrester, “Top Ten Insights from Forrester’s 2024 Cybersecurity Budget Benchmarks.” Software Strategies Blog. https://softwarestrategiesblog.com/2024/08/25/top-ten-insights-from-forresters-2024-cybersecurity-budget-benchmarks/
2. Forrester, 2024 Cybersecurity Benchmarks, Global (report). https://www.forrester.com/report/2024-cybersecurity-benchmarks-global/RES181118
3. Gartner, “Worldwide End-User Spending on Information Security to Total $213 Billion in 2025.” https://www.gartner.com/en/newsroom/press-releases/2025-07-29-gartner-forecasts-worldwide-end-user-spending-on-information-security-to-total-213-billion-us-dollars-in-2025
4. Gartner, “Forecasts Global Information Security Spending to Grow 15 % in 2025.” https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025
5. Gartner, “Information Security Spending Through 2028.” https://www.gartner.com/en/articles/information-security
6. Software Strategies Blog, “Top 10 Fastest-Growing Segments from Gartner’s Latest Information Security Forecast (Q4 2024).” https://softwarestrategiesblog.com/2025/01/02/top-10-fastest-growing-segments-from-gartners-latest-information-security-forecast-q4-2024/
7. Cybersecurity Dive, “Security Budgets Continue Modest Growth as Hiring Slows.” Sept 2024. https://www.cybersecuritydive.com/news/security-budgets-growth-hiring-slows/726511/
8. Software Strategies Blog, “Cybersecurity Budgets Are, on Average, Just 5.7 % of IT Annual Spending (Based on Forrester).” https://softwarestrategiesblog.com/tag/cybersecurity/
9. McKinsey & Company, “The state of AI 2025: How organizations are rewiring to capture value.” https://www.mckinsey.com/~/media/mckinsey/business%20functions/quantumblack/our%20insights/the%20state%20of%20ai/2025/the-state-of-ai-how-organizations-are-rewiring-to-capture-value_final.pdf
10. Forrester, “Millions Lost in 2023 Due to Poor Data Quality & the Potential for Billions to Be Lost with AI Without Intervention.” https://www.forrester.com/report/millions-lost-in-2023-due-to-poor-data-quality-potential-for-billions-to-be-lost-with-ai-without-intervention/RES181258
11. Gartner, “Worldwide IT spending to total $5.43 trillion in 2025, driven by AI adoption.” https://www.gartner.com/en/newsroom/press-releases/2025-07-15-gartner-forecasts-worldwide-it-spending-to-grow-7-point-9-percent-in-2025