CISOs bet big on AI tools to reduce mounting cost pressures

Female CISO advises colleague in a security operations center while working on desktop computers.

(Image credit: Getty Images)

As cost pressures rise and cyber threats become more sophisticated, CISOs are increasingly looking to AI to reduce the strain, new research suggests.

Cybersecurity budgets are under pressure, with only two-in-ten global security leaders and consultants allocating more than 10% of their annual budget to cybersecurity - 12% down from 2023.

Notably, three-in-ten told Wipro for its 2025 State of Cybersecurity Report that investing in AI automation to bolster cybersecurity operations and reduce costs is a top priority.

A similar number are using AI to improve threat detection and response times, with a quarter using it to enhance incident response capabilities.

"Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats," said Tony Buffomante, SVP and global head of cybersecurity and risk services at Wipro.

"AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments."

There are, of course, challenges to AI adoption. More than three-quarters (84%) of respondents cited data quality and privacy as the biggest difficulty in implementing effective AI-driven cybersecurity solutions.

Other problems included a lack of expertise, a challenge for three-quarters of tech leaders, forcing them to depend on external resources or undertake costly upskilling programs.

Seven-in-ten respondents listed integration with legacy systems as a prominent challenge while budgetary constraints affect a similar number too - largely thanks to the need for significant investments in various hardware components and software licenses, along with continuous system monitoring and maintenance.

CISOs target tool sprawl to optimize costs

Other strategies used by CISOs to optimize costs include ‘tools rationalization’. This involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and improve efficiency while reducing costs.

Just over a quarter of respondents specifically highlighted tools rationalization as a key focus at present.

Tool sprawl has become a recurring issue for cybersecurity practitioners in recent years, with research in late 2024 showing teams were becoming frustrated with a growing array of disparate solutions.

Meanwhile, 23% are aiming to cut costs by undertaking security and risk management process optimization, and two-in-ten are aiming to simplify their operating model.

Security strategies require bold vision

Notably, Wipro’s study found organizations are taking a strategic approach to cybersecurity. There's an almost universal focus on Zero Trust security frameworks, with 97% of respondents identifying it as a top investment priority.

Meanwhile, 82% are investing in IoT device management and security to address the growing risks associated with the proliferation of connected devices.

Nearly eight-in-ten organizations are prioritizing investment in Secure Access Service Edge (SASE) to cope with rapid cloud adoption, the rise of remote work and the evolving threat landscape.

With an influx of AI tools, more than half (55%) of security leaders also said they are ramping up efforts to prioritize LLM guardrails. This, the study noted, is helping CISOs and security teams better manage and secure access to LLMs for enterprise applications.

"Increased technological complexity, constantly evolving regulations and a rise in sophisticated cyber threats across multi-hybrid cloud environments create daunting challenges for security teams," said Buffomante.

"CISOs need to adopt a risk-adjusted, outcome-oriented mindset and transition from technologists who merely prevent and react to breaches to risk strategists focused on optimizing enterprise cyber resilience."

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.