Singapore – February 8, 2025 – A new report from Splunk highlights a concerning trend: 94% of Chief Information Security Officers (CISOs) experienced a disruptive cyberattack over the last year. These findings come at a time when many organizations are slashing their cybersecurity budgets, leaving them more exposed to emerging threats.
The 2025 CISO Report, conducted in partnership with Oxford Economics, reveals that what are often seen as “small” cuts in security budgets are, in fact, leading to significant vulnerabilities. More than half (62%) of CISOs attribute these breaches to insufficient funding, which has led to delays in security upgrades and a scaling back of important business initiatives.
The report emphasizes a clear and urgent message: CISOs must secure continued investment to ensure resilience in the face of growing cyber threats.
The Cost of Cutting Back on Cybersecurity
As budgets are reduced, many CISOs are being forced into difficult decisions, which can compromise security:
- 52% of CISOs have been forced to postpone critical security updates.
- 50% have had to reduce security solutions in an effort to cut licensing costs.
- 40% have imposed hiring or promotion freezes, impacting the ability to expand security teams.
“There’s a direct correlation between budget cuts and the vulnerabilities that are exposed,” said Michael Fanning, Chief Information Security Officer at Splunk. “Cybersecurity needs consistent investment to address emerging threats and maintain a resilient infrastructure. The perception that small cuts won’t impact security is misguided and can have severe consequences.”
Despite the rising stakes, only 29% of CISOs believe they have the necessary budget to meet their cybersecurity objectives. In contrast, 41% of boards think the budget is sufficient, exposing a significant gap between CISOs and board members when it comes to understanding cybersecurity funding needs.
A Growing Disconnect Between CISOs and Boards
The report highlights an ongoing disconnect between CISOs and boards on the importance of cybersecurity funding. While 38% of boards in the Asia-Pacific (APAC) region prioritize business growth over cybersecurity, many CISOs struggle to align their initiatives with broader organizational goals
In total, 62% of CISOs say they have strong relationships with their boards, but many find it challenging to clearly communicate the return on investment (ROI) of cybersecurity spending. The need for CISOs to act as business leaders and bridge this gap between security and business priorities has never been clearer.
“Boards need to understand that cybersecurity is not just an IT issue—it’s a business issue that requires buy-in at the highest levels,” said Shefali Mookencherry, Chief Information Security and Privacy Officer at the University of Illinois Chicago. “CISOs must evolve into business leaders who can bridge the gap between security and business goals, ensuring that cybersecurity becomes a strategic enabler for organizational growth.”
Key Findings from the 2025 CISO Report:
- Cybersecurity Budgets: 64% of CISOs are concerned that their current budgets are insufficient to address evolving cyber threats and regulatory requirements. However, 41% of boards believe the cybersecurity budget is sufficient.
- Consequences of Reduced Funding: 62% of CISOs report that cyberattacks were a direct result of reduced support for business initiatives or postponed security updates. Additionally, 50% reported security solution reductions and 40% have frozen hiring.
- CISO Influence: 82% of CISOs now report directly to the CEO, a significant increase from 47% in 2023, showing a growing influence in the C-suite. However, 29% of CISOs believe their boards lack the necessary cybersecurity expertise to make informed decisions.
- Balancing Skills and Expectations: While boards expect CISOs to develop business acumen, emotional intelligence, and strong communication skills, many CISOs face challenges in balancing these expectations with their core responsibility of securing the organization.
- Regulatory Pressure:21% of CISOs have admitted to being pressured not to report compliance issues. However, 59% said they would blow the whistle if their organization ignored compliance regulations.
The Road Ahead: Strengthening Board Relationships and Aligning Security with Business Goals
As the cybersecurity threat landscape continues to evolve, it’s crucial for CISOs to strengthen their relationships with board members and ensure their security strategies are aligned with broader organizational goals. Building trust with boards, clearly demonstrating the ROI of cybersecurity investments, and reinforcing the business value of security will be vital for ongoing support.
“Cybersecurity is no longer just a tech concern—it’s a business imperative,” said Michael Fanning. “CISOs need to engage with the board as key stakeholders in driving organizational resilience. This means aligning security with business objectives and demonstrating clear value to ensure the organization is protected against future threats.”
By adopting a business-focused approach and highlighting the strategic benefits of cybersecurity, CISOs can ensure their organizations are not only secure but also prepared for the challenges of tomorrow.
You may also like
-
Diligent Survey Finds Nearly Half of Responding Organisations in Asia Will Make AI a Priority by 2026
-
Trend Micro Predicts 2026 as the Year Cybercrime Becomes Fully Industrialised Inbox AI Overview
-
Lumen Technologies and Palo Alto Networks collaborate to increase cybersecurity capabilities in the Asia-Pacific region
-
Salesforce Study Finds 91% of Singapore Tech Leaders View Data Overhaul as Key to AI Success
-
Aryaka Announces Unified SASE as a Service 2.0, Evolving Platform for Era of Hybrid Workforce and AI