Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025.

In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis.

Many CISOs across the UK and US, are concerned about their organization’s ability to handle a cyber crisis. This is owing to a number of reasons – the rising volume of cyber incidents (31%), lack of incident response planning (20%), and a lack of realistic, stress-tested crisis simulations (19%).

This drives CISOs to reallocate budgets towards crisis preparedness, as they seek to maintain security posture.

Key findings include:

  • 74% of CISOs reported their organizations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams - as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.
  • The findings highlight a growing recognition among CISOs of the importance of realistic, hands-on crisis simulations to build visibility and ensure their organizations can respond effectively during a crisis. In fact, as much as 16% of 2025 security budgets are being reallocated to simulation exercises following last year’s incidents.

    Haris Pylarinos, CEO and Founder at Hack The Box, commented: “Preparedness is the foundation of resilience, and crisis simulations play a crucial role in testing organizations security and workforce performance when it's most critical. Organizations are right to prioritize crisis simulation and must ensure that these are implemented in the right way. There is a need for these exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.”

    “The next evolution of crisis simulation is coupling AI with expert knowledge to deliver highly realistic and tailored scenarios that challenge senior management and front-line professionals. These will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment.”

    Lucas Kello, Associate Professor of International Relations at the University of Oxford, said: “With the expansion of artificial intelligence, the escalating cyber arms race is entering a new and more unstable phase. AI can act as both a weapon and a shield; it can enhance threats even as it helps to defeat them. The investment in crisis simulation exercises reflects a growing awareness that future cyber conflicts will transcend current threat models while requiring accelerated responses that outpace human reaction times.” “Cyber preparedness is now a matter of national and economic security. 2025 will be a critical year for setting new standards in how nations and industries both utilize and protect against AI.”

  • Featured

    • Freedom of Choice

      In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

    • Accelerating a Pathway

      There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

    • Protecting Your Zones

      It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

    • Street Smarts

      The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

    • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

      Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

    New Products

    • Luma x20

      Luma x20

      Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

    • Mobile Safe Shield

      Mobile Safe Shield

      SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

    • Automatic Systems V07

      Automatic Systems V07

      Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.