Cybersecurity downsizing: 47% of organizations planning to reduce teams


Companies are well aware of the increased risk of security incidents. However, financial goals come first when planning headcounts for their cybersecurity forces.

According to a 2023 survey of 500 security professionals conducted by Observe & CITE, 47% of organizations have incentives to reduce their security headcount. The same number, 47% of respondents, say they have no initiatives to lower security headcount, while the “Unsure” answer jumped from 1-2% to 6%

“Notably, organizations with plans to reduce headcount also have more monthly incidents overall, as well as more incidents resolved by first responders than automation,” the State of Security Observability 2023 report reads.

Among the organizations with hundreds of incidents per month, 62% of respondents confirmed having incentives to reduce security teams.

Observe noted that the organizations with engineering teams of over 100 (61%), with over half of their IT budget to security (60%), using over 6 tools to investigate an incident (58%), and with revenues of over $100.1M (57%) are more likely to reduce their headcounts.

The situation with spending on infrastructure is somewhat better.

“Four-in-ten plan to lower security infrastructure spend through tool or vendor reduction, and nearly half plan to lower security headcount spend,” the report reads.

Of the organizations that plan headcount reduction, 60% of them also plan to limit infrastructure spending, the survey showed.

“Smaller organizations struggle to find fit with the current market of security tools. They can’t afford to allocate people or cash to security, and they struggle to use the tools that they do buy. Sometimes, the answer is to outsource,” the report reads.

More than two-thirds (73%) of surveyed professionals said they have both an incident response team and a security operation center for known events in their organization. One-fifth had only one of the teams, 5% outsourced security functions, and 2% were working without these capabilities. Currently, 95% of respondents are using SIEM (Security Information and Event Management).

“Larger organizations hire a lot of people and buy a lot of tools, but then they have to integrate. They may be wealthy in process, people, and product, but that doesn’t mean all of those pieces are fitting together optimally,” the report noted.

Back in November, the latest Cybersecurity Workforce Study from ISC2 revealed that the gap between the demand for cybersecurity professionals and their availability has widened to unprecedented levels. Globally, four million cyber pros are needed to fill the global cybersecurity workforce gap, a record high. However, the estimate is not for the job market but for the resources needed to adequately secure organizations.