Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
Heading into 2025, focusing on safeguarding revenue and minimizing business risks should be the top priority for CISOs. Investments aligned with business operations will drive the key initiatives.
Forrester’s most recent budget planning guide for security and risk emphasizes the importance of securing business-critical IT assets in the upcoming year. The budget increases for CISOs in 2025 should be directed towards addressing threats and controls in application security, people, and business-critical infrastructure.
Treat cybersecurity as a business decision first
The core message from Forrester’s planning guide is that cybersecurity investments need to be viewed as business decisions primarily. Making trade-offs on tools and spending to maximize revenue growth while achieving solid returns on investments is crucial.
Forrester advises CISOs to analyze any apps, tools, or suites contributing to tech sprawl and remove them from their tech stacks when introducing new technologies.
- 90% of CISOs will see a budget increase next year. Cybersecurity budgets are currently just 5.7% of IT annual spending on average. Forrester’s 2024 Budget Planning Survey predicts continued budget increases for the next 12 months.
- Get in control of tech sprawl now. Tech sprawl is identified as a significant challenge by Forrester, with an average of just over a third of CISO budgets allocated to software. Taking a conservative approach to introducing new tools and vendors is recommended to combat this issue.
- Cloud security, upgraded new security technology run on-premises, and security awareness/training initiatives are expected to increase security budgets by 10% or more in 2025. The focus on cloud security reflects its essential role in enterprise security posture.
Defending revenue starts with APIs and software supply chains
Protecting revenue is a critical aspect of a CISO’s role, particularly with the rise of digital-first initiatives. Securing software supply chains and API is essential due to the increasing complexity and variety of attack surfaces.
Hardening software supply chain and API security is a must-have. Forrester stresses the urgency of security in these areas, citing incidents of software supply chain breaches in many enterprises.
IoT sensors continue to be an attack magnet
IoT remains a popular attack vector for hackers targeting industrial control systems. Forrester’s Top Trends report highlights the vulnerability of IoT devices and the increasing risk they pose.
Ensuring IoT device access is protected using zero trust is essential to reduce the threat of breaches.
Pragmatism needs to dominate CISOs’ budgets in 2025
Forrester emphasizes the need for pragmatism in CISO budgets, focusing on consolidating tools and technologies to address the existing challenges in the cybersecurity landscape.
Cybersecurity should be seen as a growth engine, not just for deterrence purposes, and CISOs should consider elevating their role within the organization.
VB Daily
Stay in the know! Get the latest news in your inbox daily
Thanks for subscribing. Check out more VB newsletters here.
An error occurred.
Credit: venturebeat.com