Introduction
In response to the escalating frequency and sophistication of cyber threats, Chief Information Security Officers (CISOs) are prioritizing enhancements in crisis simulation capabilities [1] [2]. This strategic focus is reflected in their budgetary plans for 2025, aiming to bolster organizational preparedness against cyber incidents.
Description
Many Chief Information Security Officers (CISOs) are planning to enhance their crisis simulation capabilities in 2025 [2], with 74% of 200 surveyed UK and US-based CISOs indicating an intention to increase their crisis simulation budgets [2], reallocating 16% of their overall security budgets for this purpose. This decision is driven by rising concerns over increased attack volumes [2], with 31% of CISOs citing the growing frequency of cyber incidents, as well as insufficient incident response planning [2], noted by 20% of respondents.
The urgency for improved crisis preparedness has been underscored by a series of high-profile cyber-attacks in 2024 affecting organizations such as 23andMe, the UK National Health Service [2], Cencora [2], and Transport for London [2]. In 2024 [1] [2], sectors like education [2], IT services [2], and technology demonstrated a higher attack readiness [2], surpassing the average solve rate of 15.8% [2], while finance [2], healthcare [2], and business services teams performed below average [2], with business services scoring 25% lower than average [2].
Additionally, 77% of CISOs expressed a willingness to allocate larger budgets for cyber crisis simulations if the exercises were more realistic and actionable [2]. Haris Pylarinos [2], CEO and Founder of Hack The Box [2], emphasized the need for increasingly realistic and engaging crisis simulation exercises to prepare both technical and non-technical teams to effectively defend against evolving threats [2]. He suggested that future simulations will integrate expert knowledge with AI systems to create tailored scenarios that enhance collaboration across business units [2], ensuring organizations are better equipped to respond to the reshaped cyber threat landscape.
Conclusion
The proactive measures being adopted by CISOs highlight a critical shift towards more robust cyber defense strategies. By reallocating budgets and focusing on realistic crisis simulations, organizations aim to mitigate the risks posed by cyber threats. The integration of AI and expert knowledge in these simulations is expected to foster improved collaboration and readiness across various sectors, ultimately fortifying defenses against future cyber challenges.
References
[1] https://squid-contrabass-bswx.squarespace.com/blog/threat-briefing-31-january-2025
[2] https://www.cybersecurityintelligence.com/blog/cisos-increase-crisis-simulation-budgets–8215.html