CISOs prioritize AI-driven automation to optimize cybersecurity spending
Cybersecurity leaders and consultants identified AI-driven automation and cost optimization as top organizational priorities, according to Wipro.
30% of respondents are investing in AI automation to enhance their cybersecurity operations. AI-driven automation can help in detecting and responding to threats more quickly and accurately, thereby reducing the need for extensive manual intervention.
26% of respondents are focusing on tools rationalization. This approach involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and improve efficiency while reducing costs.
Another significant area is security and risk management process optimization, with 23% of organizations targeting this for cost savings. Streamlining these processes can lead to more effective risk management and better allocation of resources. Apart from these priorities, 20% are focusing on simplifying operating models to achieve better visibility and faster response across reduced attack surfaces.
Strategic cybersecurity investment trends
The integration of AI into cybersecurity has the potential to significantly change how organizations detect, prevent and respond to cyber threats and enhance their security posture. Many CISOs are leveraging AI to improve threat detection and response times (31%) and to build enhanced incident response capabilities (24%).
Only 10% of organizations reported allocating more than 12% of their annual IT budget to cybersecurity, compared to 21% in 2023. Looking at this another way, only 20% of organizations are allocating more than 10% of their annual IT budget for security compared to 32% in 2023.
This focus on AI to manage threats is only topped by implementing zero trust security frameworks, which is a top investment priority for 97% of survey respondents.
93% are focused on AI-driven threat detection and response to enhance security measures. 82% are investing in IoT device management and security to address the growing risks associated with the proliferation of connected devices.
“Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats. AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments,” said Tony Buffomante, SVP & Global Head — Cybersecurity & Risk Services at Wipro.
CISO reporting
For well over a decade, it’s been most common for CISOs to report to CIOs. This has been reasonably effective for IT risk management. Survey data reveals that 53% of organizations still have their CISOs reporting to the CIO. 22% of organizations now have their CISOs report directly to the CEO or have regular CEO reviews, and 8% report to the CFO. Additionally, 17% of CISOs report to other C-level executives such as the COO, CRO or the general counsel.
Some organizations are transitioning cybersecurity into a business-risk-aligned management structure to enhance accountability at the board level, promote risk-aware behavior throughout the organization, and strengthen the case for necessary cybersecurity investments. This realignment ensures that cybersecurity is recognized not merely as an IT concern but as a vital element of the overall business strategy.