CISOs Increase Crisis Simulation Budgets

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Many Chief Information Security Officers (CISOs) plan to enhance their crisis simulation capabilities in 2025 with the aim to prepare for potential full-scale cyber crises, according to a new study by Hack The BoxOf the 200 UK and US-based CISOs surveyed, 74% said they plan to increase their crisis simulation budgets in 2025. 

According to Hack The Box, this decision reflects growing concerns around rising attack volumes, lack of incident response planning and inadequate stress-testing of crisis scenarios.

These concerns are heavily influenced by the wave of high-profile cyber-attacks that occurred in 2024, including national and global organisations like 23andMe, UK National Health Service, Cencora and Transport for London.

In 2024, teams in industries such as education, IT services, and technology exceeded the average solve rate of 15.8%, demonstrating a higher level of attack readiness.

IT services and technology sectors in particular showed strong performance in coding, forensics, and hardware security, reflecting their relevance to these industries.
Meanwhile, finance, healthcare, and business services teams lagged behind, placing last with below- average solve rates.

Business services teams in particular scored 25% lower than average.

Key findings include:

  • 74% of CISOs reported their organisations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.

CEO and Founder of Hack The Box, Haris Pylarinos, commented: “There is a need for these crisis simulation exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.. the next evolution of crisis simulation” will be powered by a combination of expert knowledge and AI systems...

“Highly realistic and tailored scenarios will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment,” Pylarinos concluded.  

Hack The Box    |    Hack The Box    |    InfoSecurity Magazine    |    Censuswide    |    Security Info Watch   | 


Dark Reading    |   SC Media    |    Red Packet    |   Security Info Watch   |     Security Online

Image: Design Master

You  Might Also Read: 

How CISOs Can Master Cyber Attack Communications:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Ransomware Readiness: Transforming Threat Into Organizational Resilience
EU Sanctions Russians For Attacks On Estonia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Site24x7

Site24x7

Site24x7 is an AI-powered observability platform for DevOps and IT operations.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

National Cyber Force (NCF)

National Cyber Force (NCF)

The National Cyber Force (NCF) is a partnership between defence and intelligence.