According to a survey released by the consulting firm Gartner, the IT budgets managed by Brazilian CISOs (Chief Information Security Officers) are expected to grow by at least 6.6% in 2025. According to Gartner, the two priority areas for investment are artificial intelligence and cybersecurity. While the first is pointed out as the disruptive technology of the moment, the protective issue is justified by the considerable increase in attack attempts.
According to Check Point Research, cybercrimes targeting companies increased by 75% in the third quarter of 2024 compared to the same period last year. In Brazil, the increase was even greater, with 95% more investments.
Despite the significant growth, only financial injection may not be enough to ensure the expected success. In Denis Riviello's view, the cybersecurity director of theCG OneA technology company focused on information security, network protection, and integrated risk management, it is necessary to have prior planning of where the money will be allocated for the best use of resources. "Investments should always consider a thorough risk analysis, observe emerging trends, and prioritize compliance and cost-benefit with safety regulations," he explains.
According to the expert, the priorities for CISOs in 2025 should include advanced security technologies such as firewalls, Security Information and Event Management (SIEM) systems, and zero trust network access (ZTNA) solutions. Another central focus will be automation through the use of artificial intelligence, ensuring faster and more accurate responses to incidents. "The adoption of AI as a support tool should be treated as a priority for the next year," he emphasizes.
In addition to the solutions themselves, awareness and training of employees will continue to be key points for corporate security. According to the CG One executive, cybersecurity education programs, ongoing training, and awareness campaigns should receive special attention in the current context. "The arrival of new technologies, such as AI itself, requires a greater effort of understanding from the team. After all, technology is only effective when employees know how to use it," he adds.
Risk factors
Despite the importance of developing an advance plan before investments, Riviello highlights that there are certain practices that can jeopardize all the effort made by the company. Among the most common failures are the lack of alignment between investments and business objectives, underestimating potential operational and maintenance costs of solutions, the absence of learning from previous incidents, and, most importantly, underinvestment in the team and processes.
As a consequence of this flawed organization, the specialist warns about the inefficiency of protective methods and devices, the brand's reputational risk, and the difficulty in meeting regulatory requirements. "The cybersecurity budget should have a strategic focus, with well-defined priorities to ensure that the organization is prepared to face emerging threats," concludes Riviello.
