CISOs bet big on AI tools to reduce mounting cost pressures
AI automation is a top priority for CISOs, though data quality, privacy, and a lack of in-house expertise are common hurdles


As cost pressures rise and cyber threats become more sophisticated, CISOs are increasingly looking to AI to reduce the strain, new research suggests.
Cybersecurity budgets are under pressure, with only two-in-ten global security leaders and consultants allocating more than 10% of their annual budget to cybersecurity - 12% down from 2023.
Notably, three-in-ten told Wipro for its 2025 State of Cybersecurity Report that investing in AI automation to bolster cybersecurity operations and reduce costs is a top priority.
A similar number are using AI to improve threat detection and response times, with a quarter using it to enhance incident response capabilities.
"Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats," said Tony Buffomante, SVP and global head of cybersecurity and risk services at Wipro.
"AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments."
There are, of course, challenges to AI adoption. More than three-quarters (84%) of respondents cited data quality and privacy as the biggest difficulty in implementing effective AI-driven cybersecurity solutions.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Other problems included a lack of expertise, a challenge for three-quarters of tech leaders, forcing them to depend on external resources or undertake costly upskilling programs.
Seven-in-ten respondents listed integration with legacy systems as a prominent challenge while budgetary constraints affect a similar number too - largely thanks to the need for significant investments in various hardware components and software licenses, along with continuous system monitoring and maintenance.
CISOs target tool sprawl to optimize costs
Other strategies used by CISOs to optimize costs include ‘tools rationalization’. This involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and improve efficiency while reducing costs.
Just over a quarter of respondents specifically highlighted tools rationalization as a key focus at present.
Tool sprawl has become a recurring issue for cybersecurity practitioners in recent years, with research in late 2024 showing teams were becoming frustrated with a growing array of disparate solutions.
Meanwhile, 23% are aiming to cut costs by undertaking security and risk management process optimization, and two-in-ten are aiming to simplify their operating model.
Security strategies require bold vision
Notably, Wipro’s study found organizations are taking a strategic approach to cybersecurity. There's an almost universal focus on Zero Trust security frameworks, with 97% of respondents identifying it as a top investment priority.
Meanwhile, 82% are investing in IoT device management and security to address the growing risks associated with the proliferation of connected devices.
Nearly eight-in-ten organizations are prioritizing investment in Secure Access Service Edge (SASE) to cope with rapid cloud adoption, the rise of remote work and the evolving threat landscape.
With an influx of AI tools, more than half (55%) of security leaders also said they are ramping up efforts to prioritize LLM guardrails. This, the study noted, is helping CISOs and security teams better manage and secure access to LLMs for enterprise applications.
"Increased technological complexity, constantly evolving regulations and a rise in sophisticated cyber threats across multi-hybrid cloud environments create daunting challenges for security teams," said Buffomante.
"CISOs need to adopt a risk-adjusted, outcome-oriented mindset and transition from technologists who merely prevent and react to breaches to risk strategists focused on optimizing enterprise cyber resilience."
MORE FROM ITPRO
- Bigger salaries, more burnout: Is the CISO role in crisis?
- CISOs are gaining more influence in the boardroom, and it’s about time
- Why the CISO role is so demanding – and how leaders can help
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Nvidia, Deutsche Telekom team up for "sovereign" industrial AI cloud
News German telecoms giant will host industrial data center for AI applications using Nvidia technology
-
CEOs and CISOs at odds over the benefits of generative AI
News While CEOs are hugely enthusiastic, CISOs worry about governance and legacy technology
-
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
AI security blunders have cyber professionals scrambling
News Growing AI security incidents have cyber teams fending off an array of threats
-
How is the role of the CISO evolving?
Supported Content This role now stands as a pivotal figure in organizational strategy and security posture
-
The FBI says hackers are using AI voice clones to impersonate US government officials
News The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Almost a third of workers are covertly using AI at work – here’s why that’s a terrible idea
News Employers need to get wise to the use of unauthorized AI tools and tighten up policies
-
Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level”
News Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Law enforcement needs to fight fire with fire on AI threats
News UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.