Almost all cybersecurity leaders (97%) are currently prioritising the implementation of Zero Trust security frameworks, highlighting their significance in today’s threat landscape, according to a new study by Wipro. The “State of Cybersecurity Report 2025” surveyed over 100 global cybersecurity leaders and consultants, revealing a growing trend towards integrating AI into cybersecurity strategies amidst rising cost pressures and sophisticated cyber threats.
The survey identified AI-driven automation and cost optimisation as key priorities for organisations. Notably, 30% of respondents ranked AI automation as a top priority to bolster cybersecurity operations and reduce costs. Other prevalent cost-optimising strategies include tools rationalisation, cited by 26% of participants, security and risk management process optimisation (23%), and operating model simplification (20%).
The expanding role of AI in threat management
AI’s role in managing cyber threats is expanding, with 31% of CISOs using AI to improve threat detection and response times, while 24% are leveraging it to build stronger incident response capabilities. Despite the critical role of AI, the report highlights that only 10% of organisations allocate more than 12% of their annual IT budget to cybersecurity, a reduction from 21% in 2023. This budgetary constraint indicates that allocations may not be keeping pace with the increasing sophistication of cyber threats.
“Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats,” said Wipro SVP and cybersecurity and risk services global head Tony Buffomante. “AI offers a solution by helping organisations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments.”
Meanwhile, the report claims that organisational reporting structures for CISOs remain varied. Over half (53%) continue to report to chief information officers (CIOs), while 22% now report directly to CEOs or have regular CEO reviews. Another 8% report to chief financial officers (CFOs), with an additional 17% reporting to other C-level executives such as the chief operating officer (COO), chief risk officer (CRO), or general counsel.
To harness AI for cyber resilience, the report advises that CISOs collaborate with peers for effective data governance and establish comprehensive cybersecurity training programmes for all employees. AI is driving significant productivity gains, enhancing threat detection capabilities, automating repetitive tasks, and addressing security vulnerabilities. These advancements allow cybersecurity teams to concentrate on strategic initiatives.
Cost optimisation continues to be a pressing issue as CISOs face increased pressure to maximise security investments within limited financial resources. The study notes that cyber strategies are evolving from simple budget increases towards a more outcome-driven approach. This strategy emphasises the effective utilisation of people, processes, and technology to deliver enhanced cybersecurity and greater risk-adjusted returns on investments.
Last month, an Ernst & Young (EY US) study revealed notable C-suite disconnects, with 84% of executives reporting cybersecurity incidents in the past three years. An analysis of Russell 3000 companies showed these incidents often lead to a 1.5% decline in stock price within 90 days, emphasising the tangible market impact.
Read more: C-suite divides on cybersecurity threats pose organisational risks, study finds
