CISOs Increase Crisis Simulation Budgets

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Many Chief Information Security Officers (CISOs) plan to enhance their crisis simulation capabilities in 2025 with the aim to prepare for potential full-scale cyber crises, according to a new study by Hack The BoxOf the 200 UK and US-based CISOs surveyed, 74% said they plan to increase their crisis simulation budgets in 2025. 

According to Hack The Box, this decision reflects growing concerns around rising attack volumes, lack of incident response planning and inadequate stress-testing of crisis scenarios.

These concerns are heavily influenced by the wave of high-profile cyber-attacks that occurred in 2024, including national and global organisations like 23andMe, UK National Health Service, Cencora and Transport for London.

In 2024, teams in industries such as education, IT services, and technology exceeded the average solve rate of 15.8%, demonstrating a higher level of attack readiness.

IT services and technology sectors in particular showed strong performance in coding, forensics, and hardware security, reflecting their relevance to these industries.
Meanwhile, finance, healthcare, and business services teams lagged behind, placing last with below- average solve rates.

Business services teams in particular scored 25% lower than average.

Key findings include:

  • 74% of CISOs reported their organisations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.

CEO and Founder of Hack The Box, Haris Pylarinos, commented: “There is a need for these crisis simulation exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.. the next evolution of crisis simulation” will be powered by a combination of expert knowledge and AI systems...

“Highly realistic and tailored scenarios will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment,” Pylarinos concluded.  

Hack The Box    |    Hack The Box    |    InfoSecurity Magazine    |    Censuswide    |    Security Info Watch   | 


Dark Reading    |   SC Media    |    Red Packet    |   Security Info Watch   |     Security Online

Image: Design Master

You  Might Also Read: 

How CISOs Can Master Cyber Attack Communications:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Ransomware Readiness: Transforming Threat Into Organizational Resilience
EU Sanctions Russians For Attacks On Estonia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Sensible Vision

Sensible Vision

SensibleVision helps organizations transparently protect data and prevent costly security breaches by constantly verifying the identities of people who use computers or mobile devices.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Cylab - Carnegie Mellon University

Cylab - Carnegie Mellon University

Carnegie Mellon University CyLab is the University's security and privacy research institute.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

QualySec

QualySec

QualySec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.

Atumcell

Atumcell

Atumcell’s targeted risk assessment exposes emerging threats before they cause harm.