According to a survey released by the consulting firm Gartner, the IT budgets organized by Brazilian CISOs (Chief Information Security Officer) should grow by at least 6,6% in 2025. According to Gartner, the two priority areas for investments are artificial intelligence and cybersecurity. While the former is pointed out as the disruptive technology of the moment, the protective measure is justified by the considerable increase in attempted attacks.
According to Check Point Research, cyber crimes targeting companies increased by 75% in the third quarter of 2024 compared to the same period the previous year. In Brazil, the increase was even greater, with 95% more invested.
Despite the significant growth, only financial injection may not be enough to ensure the expected success. In Denis Riviello's view, cybersecurity director ofCG One,technology company focused on information security, network protection and integrated risk management, it is necessary to have a prior plan of where the money will be allocated for the best use of resources. Investments should always consider a thorough risk analysis, "observe emerging trends and prioritize compliance and cost-effectiveness with security regulations", explain.
Still in the opinion of the expert, the priorities of CISOs for 2025 should include advanced security technologies, like firewalls, security information and event management systems (SIEM), in addition to zero trust network access (ZTNA) solutions. Another central focus will be automation through the use of artificial intelligence, ensuring faster and more accurate responses to incidents. "The adoption of AI as a support tool should be treated as a priority for the next year", highlights.
In addition to the solutions themselves, the awareness and training of employees will continue to be fundamental points for corporate security. According to the executive of CG One, cybersecurity education programs, continuous training and awareness campaigns should receive special attention in the current context. "The arrival of new technologies", like the AI itself, requires a greater effort of understanding from the team. After all, technology is only efficient when employees know how to use it, he adds.
Risk factors
Despite the importance of creating a plan in advance for investments, Riviello emphasizes that there are certain practices that can jeopardize all the effort made by the company. Among the most common failures is the lack of alignment between investments and business objectives, underestimate the potential operational and maintenance costs of the solutions, the absence of learning from previous incidents and, mainly, the underinvestment allocated to the team and processes.
As a consequence of this failed organization, the specialist warns about the inefficiency of protective methods and devices, the reputational risk of the brand and the difficulty in meeting regulatory requirements. "The cybersecurity budget must have a strategic focus", with well-defined priorities in order to ensure that the organization is prepared to face emerging threats, concludes Riviello.
