As cost pressures rise and cyber threats become more sophisticated, CISOs are increasingly looking to AI to reduce the strain, new research suggests.
Cybersecurity budgets are under pressure, with only two-in-ten global security leaders and consultants allocating more than 10% of their annual budget to cybersecurity - 12% down from 2023.
Notably, three-in-ten told Wipro for its 2025 State of Cybersecurity Report that investing in AI automation to bolster cybersecurity operations and reduce costs is a top priority.
A similar number are using AI to improve threat detection and response times, with a quarter using it to enhance incident response capabilities.
"Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats," said Tony Buffomante, SVP and global head of cybersecurity and risk services at Wipro.
"AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments."
There are, of course, challenges to AI adoption. More than three-quarters (84%) of respondents cited data quality and privacy as the biggest difficulty in implementing effective AI-driven cybersecurity solutions.
Other problems included a lack of expertise, a challenge for three-quarters of tech leaders, forcing them to depend on external resources or undertake costly upskilling programs.
Seven-in-ten respondents listed integration with legacy systems as a prominent challenge while budgetary constraints affect a similar number too - largely thanks to the need for significant investments in various hardware components and software licenses, along with continuous system monitoring and maintenance.
CISOs target tool sprawl to optimize costs
Other strategies used by CISOs to optimize costs include ‘tools rationalization’. This involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and improve efficiency while reducing costs.
Just over a quarter of respondents specifically highlighted tools rationalization as a key focus at present.
Tool sprawl has become a recurring issue for cybersecurity practitioners in recent years, with research in late 2024 showing teams were becoming frustrated with a growing array of disparate solutions.
Meanwhile, 23% are aiming to cut costs by undertaking security and risk management process optimization, and two-in-ten are aiming to simplify their operating model.
Security strategies require bold vision
Notably, Wipro’s study found organizations are taking a strategic approach to cybersecurity. There's an almost universal focus on Zero Trust security frameworks, with 97% of respondents identifying it as a top investment priority.
Meanwhile, 82% are investing in IoT device management and security to address the growing risks associated with the proliferation of connected devices.
Nearly eight-in-ten organizations are prioritizing investment in Secure Access Service Edge (SASE) to cope with rapid cloud adoption, the rise of remote work and the evolving threat landscape.
With an influx of AI tools, more than half (55%) of security leaders also said they are ramping up efforts to prioritize LLM guardrails. This, the study noted, is helping CISOs and security teams better manage and secure access to LLMs for enterprise applications.
"Increased technological complexity, constantly evolving regulations and a rise in sophisticated cyber threats across multi-hybrid cloud environments create daunting challenges for security teams," said Buffomante.
"CISOs need to adopt a risk-adjusted, outcome-oriented mindset and transition from technologists who merely prevent and react to breaches to risk strategists focused on optimizing enterprise cyber resilience."
MORE FROM ITPRO
- Bigger salaries, more burnout: Is the CISO role in crisis?
- CISOs are gaining more influence in the boardroom, and it’s about time
- Why the CISO role is so demanding – and how leaders can help
-
Google CEO Sundar Pichai says vibe coding has made software development ‘exciting again’News Google CEO Sundar Pichai claims software development has become “exciting again” since the rise of vibe coding, but some devs are still on the fence about using AI to code.
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Anthropic admits hackers have 'weaponized' its tools – and cyber experts warn it's a terrifying glimpse into 'how quickly AI is changing the threat landscape'News Security experts say Anthropic's recent admission that hackers have "weaponized" its AI tools gives us a terrifying glimpse into the future of cyber crime.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
