Thank you to everyone who participated in this year’s survey on the key security themes and leadership trends shaping 2025. Once again, we’re humbled and impressed by the level of engagement and thoughtful responses from security leaders around the world. This year’s data reflects shifting priorities and the evolving challenges faced by those responsible for protecting organizations from an increasingly complex threat landscape.
Let’s dive into the results…
Below, we explore five key themes that emerged from this year’s survey data. Our findings aim to provide actionable insights for security leaders as they navigate the complexities of 2025 and beyond.
Theme One: AI Adoption and Risk Management Continue to Gain Momentum
Preparedness for AI/Generative AI Risks
Organizations are taking steps to address the evolving risks posed by AI. This year, 59.5% of respondents indicated they are in the early stages of preparation but making progress—a slight improvement from just under 57% reported last year. Meanwhile, 32.4% feel adequately prepared, and a small, but notable, 5.4% believe they are ahead of the curve—a decline from 11% in 2024. Only 2.7% admitted to being entirely unprepared, down significantly from 11% last year.
Active Use of AI in Security
AI applications in security continue to expand, with respondents highlighting automation, efficiency improvements, and threat detection as top use cases. While many organizations rely on vendor-integrated AI tools, the rise of generative AI is creating new opportunities for advanced event handling and SOC operations. Despite these advancements, many companies remain in the exploratory phase, reflecting a consistent challenge in moving from evaluation to full-scale deployment.
Recruiter’s Perspective:
The topic of AI dominated the conversation last year, not just in security. Companies recognize that AI will be a differentiating factor, both internally and externally — but security leaders are taking a measured approach, integrating AI thoughtfully into their programs. Security has always been a function where getting “more with less” has been a calling card, and I believe we will continue to see less emphasis put on how big your teams are and more focus on how impactful your program is. AI will accelerate this, but this mindset has been present and building for years.
Theme Two: CISO Optimism Amid New Challenges
Despite heightened risks and increasing scrutiny, cybersecurity leadership remains a largely optimistic career path, evidenced by the survey data below:
- Very optimistic: 44.7% (up from 32.4% last year)
- Cautiously optimistic: 42.1% (consistent with 2024)
- Semi-pessimistic: 10.5% (down from 16.2% last year)
- Pessimistic: 2.6% (down from 8.1% last year)
This steady optimism reflects the resilience and adaptability of security leaders, even in a constantly evolving threat landscape.
Shifts in CISO Responsibilities
Several key changes were highlighted this year:
- Increased Board of Directors (BoD) interaction (23%) — a continuation of the upward trend seen in 2024, where monthly reporting rose significantly.
- Greater focus on risk management (13%) — highlighting the growing emphasis on mitigating complex and emerging threats.
- More frequent D&O insurance discussions (17%) — a notable increase from last year’s anecdotal mentions, reflecting broader adoption.
- Broader organizational adjustments (13%) — consistent with the role’s expanding remit.
Recruiter’s Perspective:
The dust has settled a bit from the fallout of Uber and Solarwinds, though there is still some trepidation about a career in security. It was encouraging to see pessimism down across the board. This is certainly tied to companies leveraging D&O insurance or some level of protection for security executives in their offer letters. This has been and will remain, a hot topic at the offer stage (and earlier in many cases) for any CISO looking to make a move and something I have personally helped negotiate or educate clients on over the past few years.
Theme Three: Security Budgets and Investment Trends
Changes in Security Budgets
Investment in security is trending upward, with 43.2% of respondents expecting slight increases in 2025, up from just over 32% who anticipated slight increases last year. Notably, 10.8% anticipate a drastic increase in budget this year, up from 2% last year, reflecting a heightened organizational focus on cybersecurity and consistent with 2024’s findings. Another 21.6% expected a moderate increase in budget, somewhere between 10%-39%. While the expectations for larger investments are much higher, the overall sentiment is quite similar year over year, with around 75% of respondents expecting some level of budget growth in 2025.
Budget Priorities
- Automation Technology: 43.2% ranked as CISOs’ top priority (up from 32% in 2024).
- Talent Acquisition: 35.1%, reflecting a steady focus on addressing skill shortages (up from 27% in 2024).
Recruiter’s Perspective:
2024 felt like a holding pattern for many companies due to economic uncertainty, along with it being an election year in the U.S. However, by late summer, budgets seemingly opened up, and hiring began to pick up — and this momentum has carried into 2025. With that said, my advice to hiring managers: move quickly. I understand this is not a novel concept, but when the market heats up, top talent gets gobbled up quickly. And if these survey results are any indication, the competition for talent will be fierce.
Theme Four: The Expanding Role of the CISO
As the scope of the CISO role continues to grow, this year’s survey highlights several areas of increasing responsibility. That being said, the overall sentiment around expanding responsibilities in each of these functions is down from the previous year:
- IT Ownership: 59.5% (down from 66.7% last year)
- Privacy and Trust: 56.8% (down from 66.7% in 2024)
- Data Oversight: 51.4% (slightly down from 58% in 2024)
- Product and Engineering: 35.1% (down from 58.3% in 2024)
Reporting Structure
The only consistency across the CISO reporting structure is inconsistency. However, one thing remained consistent — 27% of CISOs now report directly to the CEO; this is on par with last year and a significant increase over the past two years. Most CISOs (51.3%) still report to other C-level technology executives, with 43.2% reporting to the CIO.
Recruiter’s Perspective:
As board visibility grows, expectations for CISOs continue to expand. I’ve seen a growing desire for CISOs to take on broader IT, product, and data responsibilities. And while the survey data shows a slight decline in these areas, these results are inconsistent with anecdotal evidence I’ve gathered from conversations with clients and CISOs. That being said, this data may reflect a sharper focus on core security competencies versus being spread too thin across too many functional areas. It’ll certainly be interesting to see how this evolves over the next year or two.
From a reporting standpoint, putting the “toothpaste back in the tube” will be hard. As we continue to see CEOs taking on CISOs as direct reports, I believe this will become the norm in the next 2-3 years, especially as CISO roles continue to expand. In my view, this will continue to progress gradually, especially at companies with multiple large business units that operate in silos, but as we see more and more CISOs make the case for reporting directly to the CEO, I believe we will soon reach cross-industry, broad adoption.
Theme Five: Challenges and Opportunities in 2025
Biggest Threats
- AI-related threats: 22% (up from 20% in 2024)
- Human factors: 19%
- Sophisticated threat actors: 15%
- Misuse of technology: 15%, likely tied to the rise of AI and the need for proper guardrails.
Top Recruiting Priorities
The need for skilled talent remains a critical focus, with security engineering/architecture (35.1%) and incident response (21.6%) leading the list of in-demand skills. This aligns with the broader emphasis on foundational security capabilities, consistent with priorities identified in 2024.
Diversity in Leadership
Progress toward leadership diversity remains slow. 5.4% of respondents identified as female, down from 6% in 2024, highlighting the need for continued focus on inclusivity. This is a massive area of opportunity for the security industry that remains relatively untapped to date.
Recruiter’s Perspective:
Recognizing that I may sound like a broken record at this point, AI is at the top of everyone’s mind this year, from security to broader business functions. With that in mind, unsurprisingly, the vast majority of survey respondents highlighted that AI—in one way or another— is a “threat” to their security posture. However, I believe that security leaders are uniquely positioned to harness AI for good (compared to some other C-suite functions) due to their natural collaboration and “we’re in this together” mindset. While AI promises to enhance speed and efficiency, it will be up to CISOs and security executives to ensure those gains don’t come at a significant cost. It’s no small task, but one thing is certain: AI is here to stay. The key is to enter this new era with eyes wide open.
Bonus Theme: Compensation Trends and Outlook
Current Compensation Expectations:
Responses show a broad range of compensation expectations. The most common brackets are $401K–$600K (24.3%) and $751K–$999K (21.6%), accounting for nearly half of all respondents—consistent with many other executive functions. Notably, 13.5% expect annual compensation between $1M and $2M, while only 5.4% anticipate exceeding $2M. While overall compensation aligns with other functions, CISO compensation remains highly inconsistent and continues to lag behind broader public company executive pay.
Changes in Compensation Over the Past Two Years:
Incremental increases have been the norm for most, with 35.1% reporting increases of less than 5% and 27% seeing 5%-10% growth. Larger increases (10%-15% and more than 15%) were experienced by 10.8% of respondents each, while 16.2% reported their compensation stayed relatively flat.
Future Compensation Trends:
Security executives are optimistic about compensation trends, with 56.8% expecting increases in line with industry and economic trends. A significant minority (13.5%) anticipate increases exceeding 15%. Meanwhile, 24.3% foresee no significant change, and only 5.4% predict decreases, highlighting a generally positive outlook.
Looking Ahead
The findings from this year’s survey offer a roadmap for navigating the challenges and opportunities in 2025. From AI integration to expanding leadership responsibilities, the role of the CISO continues to evolve in response to a dynamic threat landscape.
As always, the security community’s resilience and adaptability will be critical in shaping the future. Thank you for your valuable contributions to this year’s survey—we look forward to continuing the conversation in the year ahead!
Past SPMB Survey Results:
