What should CISOs consider for the 2025 budget?

According to a survey released by consulting firm Gartner, IT budgets organized by Brazilian CISOs (Chief Information Security Officers) are expected to grow by at least 6% in 2025. According to Gartner, the two priority areas for investment are artificial intelligence and cybersecurity. While the former is pointed out as the disruptive technology of the moment, the protective aspect is justified by the considerable increase in attempted attacks. 

According to Check Point Research, cybercrimes targeting companies increased by 75% in the third quarter of 2024 compared to the same period last year. In Brazil, the increase was even greater, with 95% more attacks. 

Despite the significant growth, merely injecting funds may not be sufficient to guarantee the expected success. In the view of Denis Riviello, cybersecurity director at CG One, a technology company focused on information security, network protection, and integrated risk management, prior planning on where the money will be allocated is necessary for optimal resource utilization. “Investments should always consider an in-depth risk analysis, observe emerging trends, and prioritize compliance and cost-benefit with security regulations,” he explains. 

Further in the expert's opinion, CISOs“ priorities for 2025 should include advanced security technologies such as firewalls, Security Information and Event Management (SIEM) systems, as well as Zero Trust Network Access (ZTNA) solutions. Another central focus will be automation via the use of artificial intelligence, ensuring more agile and precise responses to incidents. ”The adoption of AI as a support tool should be treated as a priority for the coming year," he emphasizes. 

Beyond the solutions themselves, employee awareness and training will continue to be fundamental points for corporate security. According to the executive from CG One, cybersecurity education programs, continuous training, and awareness campaigns should receive special attention in the current context. “The arrival of new technologies, such as AI itself, requires a greater understanding effort from the team. After all, technology is only efficient when employees know how to use it,” he adds. 

Risk Factors

Despite the importance of building a plan prior to investments, Riviello highlights that certain practices can jeopardize all the effort undertaken by the company. Among the most common failures are the lack of alignment between investments and business objectives, underestimating potential operational and maintenance costs of the solutions, the absence of learning from previous incidents, and, primarily, underinvestment allocated to the team and processes. 

As a consequence of this flawed organization, the expert warns about the inefficiency of protective methods and apparatus, the reputational risk to the brand, and the difficulty in complying with regulatory requirements. “The cybersecurity budget must have a strategic focus, with well-defined priorities to ensure the organization is prepared to face emerging threats,” concludes Riviello.