As we approach 2025, the focus for Chief Information Security Officers (CISOs) should be on safeguarding revenue and minimizing business risks. Forrester’s latest budget planning guide emphasizes the importance of securing business-critical IT assets as a top priority for the upcoming year. The guide suggests that CISOs prioritize addressing threats and controls in application security, people, and business-critical infrastructure to ensure a strong security posture.
CISOs are advised to invest in areas such as software supply chain security, API security, and IoT/OT threat detection, as these are deemed essential for business operations. By protecting new digital businesses and ensuring the safety of IT infrastructure, CISOs can drive revenue gains and advance their careers.
Treat cybersecurity as a business decision first
Forrester’s planning guide emphasizes that cybersecurity investments should be viewed as a business decision first and foremost. CISOs are encouraged to make trade-offs on tools and spending to maximize revenue growth and returns on investments. The guide also highlights the importance of streamlining tech stacks by eliminating unnecessary tools and applications.
- 90% of CISOs are expected to receive a budget increase in 2025, with cybersecurity budgets currently representing only 5.7% of IT annual spending on average. Budgets are projected to continue increasing, with a significant percentage of CISOs anticipating a rise in funding.
- Tech sprawl is identified as a major challenge for CISOs, with software accounting for over a third of cybersecurity budgets. To combat tech sprawl, CISOs are advised to adopt a conservative approach when introducing new tools and vendors.
- Cloud security, new security technology on-premises, and security awareness/training initiatives are expected to drive security budget increases by 10% or more in 2025. Cloud security, in particular, is a high priority due to its crucial role in enterprise security postures.
Defending revenue starts with APIs and software supply chains
Protecting revenue in the digital landscape requires a focus on hardening software supply chains and API security. Forrester highlights the increasing complexity and volume of attack surfaces in software supply chains and API repositories, urging organizations to prioritize security in these areas to prevent incidents.
Malicious actors often target open-source components and legacy APIs, making software supply chains and APIs vulnerable to attacks. Implementing an API security strategy that integrates with DevOps workflows and prioritizing API security measures are crucial for enhancing security.
IoT sensors continue to be an attack magnet
IoT devices remain a popular target for cyber attackers, especially in industrial settings where vulnerable IoT sensors can compromise critical systems. Organizations are advised to focus on securing IoT devices using zero trust principles and following guidelines such as NIST Special Publication 800-207.
Pragmatism needs to dominate CISOs’ budgets in 2025
Forrester emphasizes the need for pragmatism in CISOs’ budget decisions, urging them to streamline cybersecurity tools and technologies. By treating cybersecurity spending as a business investment and aiming for growth, CISOs can elevate their role within organizations and navigate the evolving threat landscape effectively.
Overall, CISOs are encouraged to prioritize revenue protection, invest in essential security areas, and adopt a strategic approach to cybersecurity budgeting to ensure business resilience and growth in 2025.
