CISOs Increase Crisis Simulation Budgets

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Many Chief Information Security Officers (CISOs) plan to enhance their crisis simulation capabilities in 2025 with the aim to prepare for potential full-scale cyber crises, according to a new study by Hack The BoxOf the 200 UK and US-based CISOs surveyed, 74% said they plan to increase their crisis simulation budgets in 2025. 

According to Hack The Box, this decision reflects growing concerns around rising attack volumes, lack of incident response planning and inadequate stress-testing of crisis scenarios.

These concerns are heavily influenced by the wave of high-profile cyber-attacks that occurred in 2024, including national and global organisations like 23andMe, UK National Health Service, Cencora and Transport for London.

In 2024, teams in industries such as education, IT services, and technology exceeded the average solve rate of 15.8%, demonstrating a higher level of attack readiness.

IT services and technology sectors in particular showed strong performance in coding, forensics, and hardware security, reflecting their relevance to these industries.
Meanwhile, finance, healthcare, and business services teams lagged behind, placing last with below- average solve rates.

Business services teams in particular scored 25% lower than average.

Key findings include:

  • 74% of CISOs reported their organisations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.

CEO and Founder of Hack The Box, Haris Pylarinos, commented: “There is a need for these crisis simulation exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.. the next evolution of crisis simulation” will be powered by a combination of expert knowledge and AI systems...

“Highly realistic and tailored scenarios will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment,” Pylarinos concluded.  

Hack The Box    |    Hack The Box    |    InfoSecurity Magazine    |    Censuswide    |    Security Info Watch   | 


Dark Reading    |   SC Media    |    Red Packet    |   Security Info Watch   |     Security Online

Image: Design Master

You  Might Also Read: 

How CISOs Can Master Cyber Attack Communications:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Ransomware Readiness: Transforming Threat Into Organizational Resilience
EU Sanctions Russians For Attacks On Estonia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

CyFIR

CyFIR

CyFIR is a network investigation and Incident Response tool for performing live computer investigations across any size enterprise.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.