It seems cloud service providers will bow out of 2024 on a high note considering the amount of revenue they raked in.
During its third-quarter revenue call, Google’s cloud business recorded about $11 billion, representing 35% growth from last year. And the story is no different for the other big cloud players.
Behind this high revenue is a surge in global cloud spending, coming in at $82 billion in Q3 2024, a 21% jump from last year, with the top three cloud vendors accounting for 64% of that total.
This investment, including an 82% surge in hyperscale CapEx driven by AI, highlights a strong commitment to expanding cloud capabilities.
Yet, beneath this growth lies a concern that cybersecurity spending is not keeping pace, as we will find out later. Are these growing gaps in investment leaving organizations more vulnerable than they realize?
Key Takeaways
- Google’s cloud business recorded $11 billion in Q3 2024, reflecting a 35% growth, with global cloud spending reaching $82 billion.
- Despite cloud revenue growth, cybersecurity budgets are shrinking, with only 5.7% of IT budgets allocated to cybersecurity.
- Security personnel hiring declines, from a 31% rise in 2022 to 12% in 2024.
- Tightened cybersecurity budgets and slower investments may contribute to the surge in cyberattacks, with global damages expected to reach $9 trillion in 2024.
Just How Tight Are Cybersecurity Budgets Becoming?
It’s common to gravitate toward new trends in our space, be it cars, home gadgets, or phones.
This same phenomenon plays out in every industry where new trendy products and services often get the attention of all. More attention often translates to extra investments and extra human capital efforts.
So, when there is this attention shift, we tend to turn a blind eye to foundational needs and, in some cases, watch them rot. Slowly.
However, we cannot afford to do that to the cybersecurity industry as that would be too dangerous.
Surprisingly, available data suggest we are already headed in that direction, a direction where cybersecurity budgets are shrinking, one in which being a CISO also demands expertise in managing merger cybersecurity budget.
According to vulnerability management firm Tenable, cybersecurity remains at the top of the list of challenges that cloud decision-makers face, and 74% of cloud professionals believe that the sector needs more resources to thrive.
The story gets even more gruesome when you look at Forrester’s 2024 global cybersecurity benchmark, which suggests that only 5.7% of the IT annual budget goes to cybersecurity.
This raises concerns about whether sufficient resources are being channeled into cybersecurity.
Low Cybersecurity Budgets, More Cyber Complaints
A deeper look at cybersecurity budgets from 2021 to 2024 reveals that they have gone through noticeable shifts, one that’s worrisome.
According to IANS Research’s 2024 Security Budget Benchmark Report, spending saw double-digit growth in 2021 and 2022 as companies raced to patch up their defenses and meet growing threats. Improved collaboration between CISOs, executives, and boards helped push up these investments during that period.
However, the momentum began to fizzle out.
By 2023, growth rates had slumped to 2% when adjusted for inflation, as many organizations cut back on expanding their defenses.
While 2024 shows some recovery, with an 8% nominal growth rate (5% adjusted for inflation), the real increase remains far lower than during the boom years of 2021 and 2022.
Tightened budgets and cautious spending have also put the brakes on cybersecurity hiring. As recorded by IANS, the average growth rate for security teams has steadily declined over the past four years.
In 2022, security staff expansion averaged 31%, but by 2024, this figure had dropped sharply to just 12%. This trend reflects broader cost-cutting measures as CISOs reassess resource allocation for cybersecurity programs due to shrinking budgets.
Could Low Cybersecurity Budgets Explain Rising Cyber Incidents?
The slower pace of investment in cybersecurity may have left many companies struggling to keep up with increasingly sophisticated attacks, resulting in the rising number of cyber incident complaints received over the past few years by the US Federal Bureau of Investigation (FBI).
As the infographic below shows, the FBI’s Internet Crime Complaint Center (IC3) received fewer complaints in activity reported between 2019 and 2021.
However, in 2023, the IC3 took in a record 880,418 complaints from the public, with potential losses topping $12.5 billion.
When you compare these figures to 2022, it shows a rise of nearly 10% in the number of complaints submitted and a 22% increase in reported losses.
Cyberattack frequency continued to climb in 2024.
In the third quarter alone, organizations faced an average of 1,876 attacks globally, a 75% jump compared to the same period in 2023 and a 15% surge compared to the previous quarter, according to CheckPoint data.
Cybersecurity Ventures, as reported by Esentire, projects the global annual cost of cybercrime to hit $9 trillion in 2024, with damages expected to climb to $10 trillion by 2025. This represents about a 10% year-over-year increase, laying bare the escalating economic impact of cyber threats.
Furthermore, this year, the United States recorded the highest average total cost of a data breach at $9.36 million, followed closely by the Middle East at $8.75 million, according to IBM.
On top of that, large-scale cyber incidents really picked up this year. For instance, we recently reported how the Chinese state-sponsored group Salt Typhoon broke into major telecommunications providers such as AT&T, Verizon, and T-Mobile, getting hold of sensitive data and even federal wiretapping systems in October.
In June 2024, CDK Global, a key software provider for the automotive sector, was hit by a ransomware attack that brought the US automotive dealership to a standstill.
Earlier in the year, mass exploitation of zero-day vulnerabilities in Ivanti products caused widespread disruptions, showcasing how software flaws can snowball into large-scale crises.
Other major incidents include a June ransomware attack on NHS supplier Synnovis that forced the cancellation of thousands of appointments and leaked 400GB of sensitive patient data; and a Snowflake data breach, also in June, that resulted in sensitive customer data being sold on cybercrime forums and used for extortion.
The Bottom Line
The numbers above do not lie. They clearly show that more needs to be done to secure the digital corners in 2025.
Businesses can no longer let threat actors run amok with cyberattacks. And this starts with raising cybersecurity budgets.
Greater investment would take the pressure off CISOs having to make tough calls with limited funds.
In other words, as businesses increasingly rely on cloud services and cloud providers grow in influence and revenues, now is the time to shoulder more cybersecurity responsibility through more investments.
Doing this will send a clear message that they’re not all about cashing in on increased cloud adoption and skimping on security.
FAQs
What was the global cloud spending growth in 2024?
Why are cybersecurity budgets shrinking despite rising cloud spending?
How have cyberattacks increased in 2024?
What is the impact of reduced security hiring in 2024?
References
- Canalys Newsroom – Global cloud spending surged 21% in Q3 2024 (Canalys)
- Hyperscale Capex Surges 82 Percent in 3Q 2024, Fueled by AI Infrastructure Spending, According to Dell’Oro Group – Dell’Oro Group (Delloro)
- Cloud Leaders Sound Off on Key Challenges – Blog | Tenable® (Tenable)
- 2024 Cybersecurity Benchmarks, Global | Forrester (Forrester)
- 2024 Security Budget Benchmark Report: Key Findings | IANS Research (Iansresearch)
- FBI Internet Crime Report 2023 Cover (Ic3)
- A Closer Look at Q3 2024: 75% Surge in Cyber Attacks Worldwide – Check Point Blog (Blog.checkpoint)
- eSentire | 2023 Official Cybercrime Report (Esentire)
- Cost of a data breach 2024 | IBM (Ibm)