Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025.

In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis.

Many CISOs across the UK and US, are concerned about their organization’s ability to handle a cyber crisis. This is owing to a number of reasons – the rising volume of cyber incidents (31%), lack of incident response planning (20%), and a lack of realistic, stress-tested crisis simulations (19%).

This drives CISOs to reallocate budgets towards crisis preparedness, as they seek to maintain security posture.

Key findings include:

  • 74% of CISOs reported their organizations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams - as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.
  • The findings highlight a growing recognition among CISOs of the importance of realistic, hands-on crisis simulations to build visibility and ensure their organizations can respond effectively during a crisis. In fact, as much as 16% of 2025 security budgets are being reallocated to simulation exercises following last year’s incidents.

    Haris Pylarinos, CEO and Founder at Hack The Box, commented: “Preparedness is the foundation of resilience, and crisis simulations play a crucial role in testing organizations security and workforce performance when it's most critical. Organizations are right to prioritize crisis simulation and must ensure that these are implemented in the right way. There is a need for these exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.”

    “The next evolution of crisis simulation is coupling AI with expert knowledge to deliver highly realistic and tailored scenarios that challenge senior management and front-line professionals. These will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment.”

    Lucas Kello, Associate Professor of International Relations at the University of Oxford, said: “With the expansion of artificial intelligence, the escalating cyber arms race is entering a new and more unstable phase. AI can act as both a weapon and a shield; it can enhance threats even as it helps to defeat them. The investment in crisis simulation exercises reflects a growing awareness that future cyber conflicts will transcend current threat models while requiring accelerated responses that outpace human reaction times.” “Cyber preparedness is now a matter of national and economic security. 2025 will be a critical year for setting new standards in how nations and industries both utilize and protect against AI.”

  • Featured

    • Smarter Access Starts with Flexibility

      Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

    • Trends Keeping an Eye on Business Decisions

      Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

    • The Future is Happening Outside the Cloud

      For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

    • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

      Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

    • The Impact of Convergence Between IT and Physical Security

      For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

    New Products

    • Automatic Systems V07

      Automatic Systems V07

      Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

    • ResponderLink

      ResponderLink

      Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

    • QCS7230 System-on-Chip (SoC)

      QCS7230 System-on-Chip (SoC)

      The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.