Majority of CFO’s plan to increase technology budgets in 2025

In a recent survey conducted by Gartner, a significant majority of Chief Financial Officers (CFOs) have indicated plans to increase technology budgets in 2025. This trend is particularly pronounced in Europe, where upcoming regulatory changes, such as the Network and Information Security Directive 2 (NIS2), are compelling organizations to enhance their cybersecurity frameworks.

Prioritize Technology Investments

The Gartner survey, which included responses from 301 CFOs and senior finance leaders, revealed that 82% plan to boost technology spending in 2025. This marks a notable increase from previous years, underscoring the growing recognition of technology as a critical driver of business resilience and competitiveness. The survey also highlighted that 71% of CFOs intend to increase their investments in Artificial Intelligence (AI) by 10% or more compared to the previous year. This surge in AI investment reflects the technology's potential to revolutionize various business processes and decision-making capabilities.

Alexander Bant, Chief of Research in the Gartner Finance practice, emphasized the importance of aligning AI investments with organizational goals: "As organizations venture further down the AI path, executives must agree on their ultimate goals for use of this technology." This alignment ensures that AI initiatives are strategically integrated to deliver maximum value.

The European Context: NIS2 Directive

In Europe, the impetus to increase technology budgets is further strengthened by regulatory developments. The NIS2 Directive, which came into force in January 2023, requires member states to transpose its provisions into national law by October 17, 2024. This directive aims to enhance cybersecurity across the European Union by establishing a unified legal framework that applies to 18 critical sectors, including energy, transport, healthcare, finance, and digital infrastructure.

The NIS2 Directive mandates that medium-sized and large entities in these sectors implement appropriate cybersecurity risk management measures and report significant incidents to relevant national authorities. This comprehensive approach seeks to bolster the resilience of network and information systems against an evolving threat landscape.

A key aspect of the directive is the requirement for member states to develop national cybersecurity strategies. These strategies must encompass policies for supply chain security, vulnerability management, and cybersecurity education and awareness. Additionally, the directive establishes a network of Computer Security Incident Response Teams (CSIRTs) to facilitate information exchange and coordinated responses to cyber incidents.

Implications for European Businesses

The convergence of increased technology budgets and the implementation of the NIS2 Directive presents both challenges and opportunities for European businesses. Organizations are now compelled to reassess their cybersecurity infrastructures and ensure compliance with the new regulatory standards. A recent survey carried out by the author in the Belgian market also underscored a lack of budgets by IT departments to implement the needed controls for the NIS2 directive.

For many companies, this necessitates significant investments in advanced cybersecurity solutions, staff training, and the development of robust incident response protocols. While these initiatives require substantial financial outlays, they are essential for mitigating the risks associated with cyber threats and ensuring business continuity.

Moreover, the directive's emphasis on supply chain security means that businesses must also evaluate the cybersecurity practices of their partners and suppliers. This holistic approach aims to address vulnerabilities that could be exploited through interconnected networks and systems.

The Gartner survey underscores a decisive shift among CFOs towards increased technology investments, particularly in AI, as organizations strive to enhance their operational capabilities and resilience. In Europe, the enactment of the NIS2 Directive adds a regulatory imperative to this trend, compelling businesses to elevate their cybersecurity standards.

For European enterprises, this confluence of technological ambition and regulatory obligation presents a unique opportunity to fortify their defenses against cyber threats. By strategically aligning investments with compliance requirements and organizational objectives, CFOs can steer their companies towards a more secure and prosperous future.