CISOs Increase Crisis Simulation Budgets

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Many Chief Information Security Officers (CISOs) plan to enhance their crisis simulation capabilities in 2025 with the aim to prepare for potential full-scale cyber crises, according to a new study by Hack The BoxOf the 200 UK and US-based CISOs surveyed, 74% said they plan to increase their crisis simulation budgets in 2025. 

According to Hack The Box, this decision reflects growing concerns around rising attack volumes, lack of incident response planning and inadequate stress-testing of crisis scenarios.

These concerns are heavily influenced by the wave of high-profile cyber-attacks that occurred in 2024, including national and global organisations like 23andMe, UK National Health Service, Cencora and Transport for London.

In 2024, teams in industries such as education, IT services, and technology exceeded the average solve rate of 15.8%, demonstrating a higher level of attack readiness.

IT services and technology sectors in particular showed strong performance in coding, forensics, and hardware security, reflecting their relevance to these industries.
Meanwhile, finance, healthcare, and business services teams lagged behind, placing last with below- average solve rates.

Business services teams in particular scored 25% lower than average.

Key findings include:

  • 74% of CISOs reported their organisations are increasing annual budgets for crisis simulation exercises in 2025, motivated by last year’s major incidents.
  • 73% identified practical crisis simulations and incident response exercises involving both technical and non-technical teams as their top business priority for 2025.
  • 77% stated they would allocate greater budgets for cyber crisis simulations if the exercises were more realistic and actionable.

CEO and Founder of Hack The Box, Haris Pylarinos, commented: “There is a need for these crisis simulation exercises to be increasingly realistic and engaging, to equip both technical and non-technical teams of all levels with the confidence needed to decisively defend against evolving threats.. the next evolution of crisis simulation” will be powered by a combination of expert knowledge and AI systems...

“Highly realistic and tailored scenarios will unite previously disparate business units as one and allow real-world performance to be benchmarked in a controlled environment,” Pylarinos concluded.  

Hack The Box    |    Hack The Box    |    InfoSecurity Magazine    |    Censuswide    |    Security Info Watch   | 


Dark Reading    |   SC Media    |    Red Packet    |   Security Info Watch   |     Security Online

Image: Design Master

You  Might Also Read: 

How CISOs Can Master Cyber Attack Communications:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Ransomware Readiness: Transforming Threat Into Organizational Resilience
EU Sanctions Russians For Attacks On Estonia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.