The CISO’s Dilemma - Doing More With Less in Cybersecurity - GDS Group

The CISO’s Dilemma – Doing More With Less in Cybersecurity

Article - Security
By Ben Thompson|21st February 2025

Who’d be a CISO, eh?

Unrealistic expectations. Intense pressure to perform. Rising threats and shrinking resources. Security leadership can often be a lonely place. And 2025 looks set to be another year in the trenches for security professionals across the globe.

First, the good news. Gartner expects that cybersecurity spending is expected to increase 15% over the course of 2025, up from $183.9 billion last year to $212 billion.

That’s a significant (not to mention welcome) jump. Proof positive that the business-critical nature of data and systems – and the strategic value of the security team in safeguarding those assets – is increasingly being recognized by savvy boards.

The bad news, of course, is that this rise reflects the increased volume of attacks and the growing sophistication of the attackers. Sure, there’s more money in the pot, but only because the threat landscape also got bigger.

And exponentially so. Because cyber threats are not just growing; they’re exploding.

Cyberattacks On the Up

According to Check Point Research, the average number of cyberattacks per organization per week reached 1636 in 2024, a staggering 30% increase year-over-year. And a big chunk of that rise can be attributed to advances in AI, especially generative AI, that give cybercriminals tools to increase their attack sophistication.

At our recent Security Insight Summit, the audience heard from Lee Whatford, cyber expert and former CISO for Dominos Pizza and Bettys & Taylors, who stressed the threat of AI attacks.

“We can’t avoid talking about AI. For the bad guys, it enhances their ability to develop phishing emails and other ways to breach our organizations. We’re seeing a lot of non-malware-based attacks. And that’s a real game-changer in terms of how we need to think about detection and response.”

Lee Whatford, former CISO for Domino’s Pizza and Bettys & Taylors

Both ransomware and phishing are on the rise. Indeed, last year saw some of the biggest and most damaging data breaches in recent history, according to TechCrunch, with over one billion customer records stolen over the course of the 12 month period. The cost of ransomware to US firms alone was estimated at over $40 billion in 2024.

And as such, the need to be more effective with our security investments has never been more important. The question is, where do you start?

Balancing Competing Priorities

“I think one of the biggest challenges for the CISO is going to be how to manage the foundational pieces – your basic hygiene, your people, etc. – with the new technologies that are emerging,” explained Aastha Sharotri Kloss, CISO over at AssetMetrix. One thing was clear, being a CISO is a real balancing act – not just for 2025, but will continue to be for the next few years as well.

With so many different elements to consider, assets to protect and potential entry points for attackers to exploit, taking a more holistic approach to security will clearly be vital.

“In my experience you cannot look at all those different elements in isolation, because everything is interlinked. The basic pillars of access management, business and continuity planning, application security, network and data security – you have to keep all of them in mind at all times. They are all priorities.”

Aastha Sharotri Kloss, CISO, AssetMetrix

Yet while the threat landscape becomes ever more complex and interconnected, our ability to respond has never been more challenged. According to the World Economic Forum, there will be a global shortage of more than four million cyber professionals this year, with 67% of organizations reporting a moderate-to-critical skills gap when it comes to cybersecurity.

Which means that augmenting those existing skillsets and capabilities will be key.

Automate Or Die

Enter automation. According to Whatford, one of the most pressing items for CISOs to get to grips with this year will be how to use AI and automation to reduce workload and increase our ability to respond quickly and effectively to emerging threats.

“What new models and mindsets do we need to detect, respond and protect ourselves against those new types of threat? There has to be a fundamental shift in thinking when it comes to how we use technology to replace some of the relatively slow human activity that we currently use in cybersecurity. We can do a lot more, a lot quicker and a lot more effectively if we automate. And if we don’t leverage that, we’re dead.”

Lee Whatford

Automation and AI are widely seen as key weapons in the fight against cybercriminals – not least because they’re already so widely used by the attack community. According to Darktrace’s State of AI Cybersecurity research report, 95% of cybersecurity professionals believe that AI-powered solutions will level up their organizations’ defences, and enable them to better meet increasingly sophisticated threats.

“We need to think about how we do more with less, how we give an uplift on the baseline of what good looks like when it comes to security. We’re already behind the bad guys. We’re just going to fall off a cliff if we don’t use some of that new technology ourselves.”

Lee Whatford

A Cautionary Note

Of course, automation is not an answer in and of itself. And as the landscape continues to evolve at pace, ensuring that your wider business processes and ways of working remain current and relevant in the context of that new environment remains critical – something that Whatford was quick to highlight.

“Automating things that are poorly thought through or represent outdated workflows just means things are going to get exponentially worse, exponentially quicker. So at the same time as we’re automating, we also need to rethink what a good process looks like. Only then can we start to force better practices into how we embed automation into the way we work.”

Lee Whatford

 

Ben Thompson, Writer, Editor, Public Speaker, Digital Transformation & Cybersecurity SME, and GDS Summit Host.

To attend GDS Group’s next Security Insight Summit and learn more about how CISO’s are responding to a rapidly changing world, please visit: https://gdsgroup.com/events/physical-summit/security-eu-apr-25/

By Ben Thompson|21st February 2025
Back to insights

Related content

View all
Security
Article

Consolidating Cybersecurity: Is it Worth it?

Airtight cybersecurity is what dreams are made of. You just need to figure out how to get there. Consolidate? Or consolidon't?
3 Minute Read
Patrick Mclean
Find out more
Security
Article

How Do You Balance Security and Agility While Staying Compliant?

If you're not compliant, you're at risk. If you're too focused on compliance, you slow down your ability to innovate. How do you strike the balance?
5 minute read
Josh Porter
Find out more
Security
Article

Cybersecurity in 2025: Challenges and Solutions

With the year ahead of you, now’s a better time than any to start rethinking your security measures.
3 Minute Read
Patrick Mclean
Find out more
Healthcare
Article

Healthcare: Staying Secure in 2025

For the healthcare industry making a robust cybersecurity strategy not just important but absolutely critical.
4 minute read
Patrick Mclean
Find out more
Security
Article

Building Operational Resilience in 2025

Hear from the experts on how you can prioritize your operational resilience for 2025.
4 minute read
Josh Porter
Find out more
Security
Article

Managing the Pressures of Being a CISO

Managing the pressures of being a CISO is a constant challenge. Here is how CISOs can lighten the load.
5 minute read
Josh Porter
Find out more
Security
Article

From Shadow IT to Shadow AI – Tackling Emerging Risks

Discover how security leaders are tackling the emerging risks of shadow AI
5 minute read
Josh Porter
Find out more
Security
Article

Cybersecurity Awareness: More Important Than Ever

Explore how top leaders are strengthening cybersecurity, tackling threats, and driving resilience.
7 minute read
Emily Apps
Find out more
Security
Article

Key Findings from the GDS Security Insight Summit North America

Dive into CISO focuses, such as leveraging AI and Zero Trust security, and discover expert future predictions. Join us at our next summit.
3 minute read
Elysia Sibley
Find out more