A recent Cyber Defense Group (CDG) report found that 92% of IT professionals stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles.

Two-thirds (68%) of CEO respondents reported being very confident in their organization’s security posture, likely stemming from their direct involvement in hiring security leaders and shaping overarching strategies. However, CEOs’ disconnect from the day-to-day realities of threat data and security responses may create a gap in their understanding. On the technical end, CIOs had a more grounded perspective, with 31% being very confident and 62% having general confidence.

Responses from senior security leaders provide a different perspective. Five percent of CSOs said they were very confident, while the majority expressed moderate confidence or neutrality. As the individuals most directly affected by security preparedness strategies, budgets, talent shortages, and evolving threats, their response indicates gaps and challenges in current systems and processes.

To fix some of the top issues contributing to the rise in misalignment between security teams and non-technical executives, it is important to understand how today’s security organizations are run. The report revealed that while a majority of organizations primarily rely on either a mix of in-house and contractor security work (39%) or fully in-house teams (36%), there is a rising interest in external support and expertise. A quarter of respondents are now investing in part-time or fractional roles or fully outsourcing to an external vendor.

Regardless of title and security team structure, respondents in the report highlighted they could benefit from:

• Improving speed and flexibility (58%)
• Cohesive strategy and program development (54%)
• Specialized expertise to address advanced threats (52%)
• Enhancing executive-level oversight and visibility (42%)
• Addressing budget limitations without compromising security (42%)

Almost half of the respondents (49%) said that their organizations suffered a security breach in the last 12 months, including data exfiltration, ransomware attacks, and unauthorized access.

Despite a lackluster investment in cybersecurity in 2024, the report revealed that over three-quarters (76%) of security leaders are planning to increase their budgets in 2025 to address growing risks, prioritizing greater use of tools and products (85%), internal staff (64%) and external consultants (59%).

The budget increases come when 54% of respondents expressed a need for support in setting strategies and developing programs, and 45% of security leaders identified a need for improved executive-level oversight and visibility.

To bridge the confidence gap, secure buy-in from CEOs, and add more support and insight for security teams, the report revealed that technical and security leaders are increasingly seeing the benefit of turning to a virtual chief information security officer (vCISO). Respondents listed the positives of hiring a vCISO as:

• Cost-effective access to seasoned security leadership without the cost of a full-time CISO topped the list (28%)
• On-demand access to flexible and scalable expertise (19%)
• Strategic oversight and alignment with business goals (15%)
• Specialized expertise to fill a temporary need (12%)
• Addressing the skills gap without a full-time hire (11%)

Read the report.

https://www.securitymagazine.com/articles/101391-76-of-security-leaders-plan-to-increase-their-security-budgets-in-2025