CISOs Increase Crisis Simulation Budgets

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Many Chief Information Security Officers (CISOs) plan to enhance their crisis simulation capabilities in 2025 with the aim to prepare for potential full-scale cyber crises, according to a new study by Hack The BoxOf the 200 UK and US-based CISOs surveyed, 74% said they plan to increase their crisis simulation budgets in 2025. 

According to Hack The Box, this decision reflects growing concerns around rising attack volumes, lack of incident response planning and inadequate stress-testing of crisis scenarios.

These concerns are heavily influenced by the wave of high-profile cyber-attacks that occurred in 2024, including national and global organisations like 23andMe, UK National Health Service, Cencora and Transport for London.

In 2024, teams in industries such as education, IT services, and technology exceeded the average solve rate of 15.8%, demonstrating a higher level of attack readiness.

IT services and technology sectors in particular showed strong performance in coding, forensics, and hardware security, reflecting their relevance to these industries.
Meanwhile, finance, healthcare, and business services teams lagged behind, placing last with below- average solve rates.

Business services teams in particular scored 25% lower than average.

Key findings include:

  • 74% of CISOs reported their organisations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.

CEO and Founder of Hack The Box, Haris Pylarinos, commented: “There is a need for these crisis simulation exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.. the next evolution of crisis simulation” will be powered by a combination of expert knowledge and AI systems...

“Highly realistic and tailored scenarios will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment,” Pylarinos concluded.  

Hack The Box    |    Hack The Box    |    InfoSecurity Magazine    |    Censuswide    |    Security Info Watch   | 


Dark Reading    |   SC Media    |    Red Packet    |   Security Info Watch   |     Security Online

Image: Design Master

You  Might Also Read: 

How CISOs Can Master Cyber Attack Communications:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Ransomware Readiness: Transforming Threat Into Organizational Resilience
EU Sanctions Russians For Attacks On Estonia »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

GrabDefence

GrabDefence

GrabDefence enables digital businesses to thrive by safeguarding their ecosystem against fraud risk, digital identity threats and compliance challenges.