As cost pressures rise and cyber threats become more sophisticated, CISOs are increasingly looking to AI to reduce the strain, new research suggests.
Cybersecurity budgets are under pressure, with only two-in-ten global security leaders and consultants allocating more than 10% of their annual budget to cybersecurity - 12% down from 2023.
Notably, three-in-ten told Wipro for its 2025 State of Cybersecurity Report that investing in AI automation to bolster cybersecurity operations and reduce costs is a top priority.
A similar number are using AI to improve threat detection and response times, with a quarter using it to enhance incident response capabilities.
"Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats," said Tony Buffomante, SVP and global head of cybersecurity and risk services at Wipro.
"AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments."
There are, of course, challenges to AI adoption. More than three-quarters (84%) of respondents cited data quality and privacy as the biggest difficulty in implementing effective AI-driven cybersecurity solutions.
Other problems included a lack of expertise, a challenge for three-quarters of tech leaders, forcing them to depend on external resources or undertake costly upskilling programs.
Seven-in-ten respondents listed integration with legacy systems as a prominent challenge while budgetary constraints affect a similar number too - largely thanks to the need for significant investments in various hardware components and software licenses, along with continuous system monitoring and maintenance.
CISOs target tool sprawl to optimize costs
Other strategies used by CISOs to optimize costs include ‘tools rationalization’. This involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and improve efficiency while reducing costs.
Just over a quarter of respondents specifically highlighted tools rationalization as a key focus at present.
Tool sprawl has become a recurring issue for cybersecurity practitioners in recent years, with research in late 2024 showing teams were becoming frustrated with a growing array of disparate solutions.
Meanwhile, 23% are aiming to cut costs by undertaking security and risk management process optimization, and two-in-ten are aiming to simplify their operating model.
Security strategies require bold vision
Notably, Wipro’s study found organizations are taking a strategic approach to cybersecurity. There's an almost universal focus on Zero Trust security frameworks, with 97% of respondents identifying it as a top investment priority.
Meanwhile, 82% are investing in IoT device management and security to address the growing risks associated with the proliferation of connected devices.
Nearly eight-in-ten organizations are prioritizing investment in Secure Access Service Edge (SASE) to cope with rapid cloud adoption, the rise of remote work and the evolving threat landscape.
With an influx of AI tools, more than half (55%) of security leaders also said they are ramping up efforts to prioritize LLM guardrails. This, the study noted, is helping CISOs and security teams better manage and secure access to LLMs for enterprise applications.
"Increased technological complexity, constantly evolving regulations and a rise in sophisticated cyber threats across multi-hybrid cloud environments create daunting challenges for security teams," said Buffomante.
"CISOs need to adopt a risk-adjusted, outcome-oriented mindset and transition from technologists who merely prevent and react to breaches to risk strategists focused on optimizing enterprise cyber resilience."
MORE FROM ITPRO
- Bigger salaries, more burnout: Is the CISO role in crisis?
- CISOs are gaining more influence in the boardroom, and it’s about time
- Why the CISO role is so demanding – and how leaders can help
-
B2B IAM – the hidden value of third-party identitieswhitepaper
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Passwords are a problem: why device-bound passkeys can be the future of secure authenticationIndustry insights AI-driven cyberthreats demand a passwordless future…
-
Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)News Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May
-
AI breaches aren’t just a scare story any more – they’re happening in real lifeNews IBM research shows proper AI access controls are leading to costly data leaks
-
The rise of GhostGPT – Why cybercriminals are turning to generative AIIndustry Insights GhostGPT is not an AI tool - It has been explicitly repurposed for criminal activity
