2025 marks the twelfth year of Scale’s annual Cybersecurity Perspectives Survey. Each year, we tap security leaders at enterprises with 500+ employees in roles such as CISO, CIO, VP, director, or IT manager to learn about emerging threat vectors, changes in budget allocation, and the impact of broader market trends on cybersecurity.
Last year’s report focused heavily on cloud migrations, with cloud infrastructure security leading investment priorities. 2024 also reinforced security leaders’ concern with AI – both from a defensive and offensive perspective.
AI focus has carried through to the 2025 survey, where we see an almost ubiquitous attention on the threat vectors AI introduces and the solutions that it promises. In fact, of the top six challenges facing enterprises, three are related to AI, with AI-driven cyber-attacks leading at #1.
As market attention shifts towards AI-generated attack patterns and defense, many of the priorities of cybersecurity leaders remain the same. Data privacy requirements are increasing, third-party breaches underscore the importance of application security, and organizations remain concerned about protecting their identity perimeter.
Some of the other top-line findings included in the report:
Cybersecurity effectiveness improved for the first time in three years. The average effectiveness of cybersecurity protections improved for the first time in three years, increasing to 61% efficacy this year from 48% in 2023. Encouragingly, 70% of security leaders were most protected against general phishing attacks, with only 28% of firms reporting compromise.
AI-driven cyber attacks topped ransomware as the leading unaddressed challenge. Three of the top six unaddressed security challenges related to some form of AI this year, while ransomware (#3) fell from first place behind the evolving threat landscape (#2). 50% of firms suffered an attack against a cloud service last year, while 45% of firms experienced a data breach.
CISOs prioritized application security and data privacy. CISO security strategies were influenced by concerns about new and emerging data privacy requirements — as well as third-party data breaches. Top priorities were application security (1st), data privacy (2nd), and threat intelligence (3rd), while network security returned to the list in 4th this year.
Security budgets bounced back to double-digit growth. Security budgets showed double-digit growth. Mid-sized security budgets increased 11% YoY, while enterprise security budgets grew 17% YoY. The top two threats from 2024 drove security budgets for 2025, with cloud security (12%) and data security (10%) ranking 1st and 2nd in this year’s budget priorities.
Market gaps were identified in IAM, API security, and application security. Market opportunities were uncovered in identity access management, API security, and application security, with a 15%+ delta between “satisfaction” and “importance.” Nearly half of firms (49%) intended to build in-house tools. Of those, 26% intended to build cloud infrastructure security solutions.
While some security tools are proving effective against a mounting number of attacks, there are still opportunities for significant investment to better the broader security posture of the enterprise. Teams remain under resourced and under funded, with over 40% of respondents reporting a lack of security professionals, an excess of manual labor, and a deluge of alerts and false positives.
We are excited about the next generation of security tooling and optimistic about the potential to ease the pain of staffing shortages in cybersecurity. AI-powered platforms have the potential to augment gaps in personnel and better triage and reason over alerts, reducing workloads and relieving teams of excessive turnover. The market is ready for this transformation, with 75% of firms expressing interest in AI agents to automate SOC investigations. With an increase in venture dollars to the cybersecurity market over the last year, we are confident that AI-native startups and incumbents introducing AI to their existing product lines will up-level the capabilities of the cybersecurity landscape as a whole.
We hope this survey provides insight for builders, investors, and operators into how their customers and peers view the current security landscape and what is to come. As we look to next year’s survey, we remain committed to backing founders that are building to stop the bad actors of today and secure the attack vectors of tomorrow.
Download the full report here.
