As 2025 approaches, the landscape of cybersecurity is poised for significant transformation, driven largely by increased accountability among Chief Information Security Officers (CISOs) and the demanding expectations of corporate boards. A survey reveals that 90% of cybersecurity and risk leaders anticipate budget increases for the upcoming year, indicative of a commitment from stakeholders to enhance security measures amid evolving threats.
A substantial portion of these budgets, approximately 35.9%, is allocated towards software expenses, making it crucial for CISOs to demonstrate a clear return on investment (ROI) for cybersecurity initiatives. Achieving demonstrable results, however, presents challenges, as quantifying the effectiveness of security software can be complex and elusive. Nonetheless, experts highlight specific areas where automation can streamline processes and increase efficiency. Automation of Security Operations Center (SOC) workflows, for instance, is recommended to reduce alert fatigue among analysts, allowing them to concentrate on complex threats and intrusion attempts.
The challenges of financial justification are underscored in Forrester’s “Budget Planning Guide 2025: Security and Risk,” which outlines how CISOs have managed to secure their budgets amid wider organisational cost-cutting measures. On average, cybersecurity spending represents only 5.7% of overall IT budgets, yet market forecasts suggest significant growth potential. According to Gartner’s latest projections, end-user spending on information security is set to increase from $184 billion in 2024 to $294 billion by 2028, with a compound annual growth rate (CAGR) of 12.43%. The fastest-growing segment of this market is expected to be security software, with a forecasted increase from $59.9 billion in 2022 to $134.3 billion by 2028, reflecting a CAGR of 14.4%.
Stephanie Balaouras, Forrester’s vice president and group director, articulated the urgency of this moment during a recent webinar, highlighting the convergence of advancements in artificial intelligence (AI), novel security threats, and emerging encryption technologies. She noted, “When you think about AI, when you think about some of the novel threats that we’re looking at, we are at this inflection point.” Gartner further forecasts that by 2028, generative AI will be involved in 22% of cyberattacks and data breaches, underpinning the necessity for enhanced security measures.
CISOs are responding to this imperative by prioritising investments in cloud infrastructure, data management, and advanced security technologies. Forrester’s insights suggest that 2025 will see CISOs focusing on cloud security, on-premises security technology, and heightened training initiatives, each expecting a minimum budget increase of 10%. Moreover, it is becoming critical for CISOs to align their strategies with revenue generation to enhance their standing within organisations. Jeff Pollard, VP and principal analyst at Forrester, stated, “When something touches as much revenue as cybersecurity does, it is a core competency.”
One area of notable concern is software supply chain security, with recent data indicating that 91% of enterprises experienced security incidents within a year. This vulnerability underscores the urgency for CISOs to enhance their protective measures, particularly concerning legacy systems, open-source libraries, and APIs prone to exploitation. Forrester advocates for robust investment in exposure management and cyber risk quantification, especially as organisations increase their reliance on AI and cloud-based applications.
As businesses prepare for the next phase of digital transformation, attention must also be directed towards innovations in cybersecurity technology. Forrester highlights four key technology areas crucial for investment: exposure management and cyber risk quantification, post-quantum security measures, security data lakes, and the native integration of AI and machine learning into security infrastructures.
CIO-CISO collaboration is also being viewed as a fundamental strategy for success in the approaching fiscal year, with experts advocating for a unified approach to resource management and data accessibility. Bob Grazioli, CIO of Ivanti, emphasised that “executives need to consolidate resources — budgets, personnel, data and technology — to enhance an organization’s security posture.”
The current trends in AI automation and cybersecurity are indicative of a broader commitment among businesses to address vulnerabilities and protect assets in an increasingly complex digital landscape. The push for tighter integration, automation, and ROI-oriented strategies signifies a transformative period in which efficacy in cybersecurity practices will play a pivotal role in shaping business resilience and growth.
Source: Noah Wire Services