Introduction
In 2025 [1] [2] [3] [4] [5] [6] [7] [8], Chief Information Security Officers (CISOs) in the UK and US are prioritizing enhanced crisis simulation exercises in response to increasing cyber threats and notable incidents from the previous year. This shift reflects a broader trend towards improving organizational preparedness and response capabilities in the face of evolving cybersecurity challenges.
Description
In 2025 [1] [2] [3] [4] [5] [6] [7] [8], a significant 74% of Chief Information Security Officers (CISOs) from a survey of 200 professionals in the UK and US plan to enhance their organizations’ budgets for crisis simulation exercises. This decision is driven by rising concerns over increasing attack volumes and several high-profile cybersecurity incidents in 2024, which affected organizations such as the NHS [7], CrowdStrike [3] [6], Transport for London, 23andMe [2] [7], and Cencora [2] [6] [7]. Following these events, many CISOs are reevaluating their organizations’ preparedness for potential large-scale cyber crises [3] [4], with 31% expressing concerns about the frequency of cyber incidents, 20% citing inadequate incident response planning, and 19% highlighting a lack of realistic, stress-tested crisis simulations [4] [8].
A majority of CISOs, specifically 73%, emphasize the importance of live cyber incident drills that actively engage both technical and non-technical teams. Furthermore, 77% express a willingness to allocate larger budgets for cyber crisis simulations if these exercises are designed to be more realistic and actionable [3]. This trend underscores a growing recognition of the necessity for hands-on crisis simulations to enhance organizational visibility and response capabilities during cyber crises [1] [6]. Notably, up to 16% of security budgets for 2025 are being redirected towards crisis preparedness in response to last year’s events [1].
Haris Pylarinos [1] [2] [3] [6] [8], CEO and Founder of Hack The Box [1] [2] [3], highlights the critical role of crisis simulations in evaluating an organization’s security and workforce performance under pressure [1]. He advocates for prioritizing these simulations [1], stressing the need for them to be realistic and engaging to empower teams at all levels to effectively counter evolving threats and build confidence in their defensive capabilities.
Looking ahead, the future of crisis simulation is expected to incorporate artificial intelligence alongside expert knowledge to create highly realistic and customized scenarios that challenge both senior management and frontline professionals. This innovative approach aims to unify previously separate business units and facilitate benchmarking of real-world performance in a controlled environment [1]. Additionally, the integration of AI is seen as essential in the escalating cyber arms race, with experts noting that future cyber conflicts will require rapid responses that exceed human reaction times [6]. As such, cyber preparedness is becoming critical for national and economic security [6], making 2025 a pivotal year for establishing new standards in the use and protection against AI in cybersecurity [6].
Conclusion
The increased focus on crisis simulation exercises in 2025 highlights the growing importance of proactive cybersecurity measures. By investing in realistic and comprehensive simulations, organizations aim to bolster their defenses against sophisticated cyber threats. The integration of artificial intelligence in these exercises is poised to revolutionize crisis preparedness, ensuring rapid and effective responses to future cyber incidents. As cyber threats continue to evolve, these efforts are crucial for safeguarding national and economic security, setting new benchmarks for cybersecurity standards.
References
[1] https://www.securityinfowatch.com/cybersecurity/press-release/55263592/hack-the-box-cisos-spark-surge-in-2025-crisis-simulation-budgets
[2] https://ciso2ciso.com/cisos-boost-crisis-simulation-budgets-amid-high-profile-cyber-attacks-source-www-infosecurity-magazine-com/
[3] https://insight.scmagazineuk.com/cisos-increase-budget-for-crisis-simulation
[4] https://betanews.com/2025/01/27/high-profile-cyberattacks-prompt-boost-in-crisis-simulation-budgets/
[5] https://www.infosecurity-magazine.com/news/ciso-boost-crisis-simulation/
[6] https://securitytoday.com/Articles/2025/01/27/Survey-CISOs-Increasing-Budgets-for-Crisis-Simulations-in-2025.aspx?admgarea=cybersecurity
[7] https://aboutdfir.com/infosec-news-nuggets-1-27-2025/
[8] https://www.digit.fyi/hack-the-box-cyber-crisis-simulations/
