Now in its eleventh year, our survey and report examine the evolving threats and solutions, funding and buying patterns, and how the industry is responding to various micro and macro trends. This year’s report consolidates perspectives from senior-level decision-makers including CISOs, CIOs, VPs, directors, and IT managers at enterprises with 500+ employees.
For our 2024 report, our research goal was to understand how security leaders are responding to technology shifts like the migration to the cloud and AI, especially within the context of increasing resource constraints.
Top-line findings include:
- Identity-based attacks remain high. Nearly 50% of firms lost credentials to phishing and third-party attacks (i.e. an outside vendor, supplier or partner in an organization’s supply chain), as cybercriminals used legitimate identity privileges to spread ransomware, exfiltrate data, and extort victims.
- The variance in the types of attacks security teams face is increasing over time. 76% of companies reported three or more different security incident types. Over two years, firms with four incident types increased 341% YoY, up from 7% to 29%.
- The skills shortage persists. For the second year in a row, cloud infrastructure security is reported to be the hardest role to fill on security teams.
- Budget growth has slowed. Large enterprise (companies with 1000+ employees) security budgets went up 16%, increasing at a slower pace this year after achieving growth rates of 22% and 19% over the last two years. Mid-sized (companies with 500-999 employees) security budgets went down 1%, falling slightly after 5% and 51% growth in previous years.
- Leaders are finding ways to invest in innovative solutions. 89% of security leaders indicated that AI is important to improving their security in 2025. And, despite slowing budget growth, firms allocated 29% more budget for new, innovative, and experimental security solutions this year.
- Security teams are struggling to protect AI models while trying to fully realize AI’s true potential. Security incidents caused AI model drift at 11% of surveyed enterprises last year, up 304% YOY.
The critical importance of security has never been clearer. 86% of security leaders believed their C-suite understands the business impact of security, an increase of 16% from last year and 43% from 2022. With the second year of decreased venture funding, a persistent talent shortage, and slowed budget growth, CISOs leaders have been forced to be more strategic in navigating the increasingly complex threat landscape. We find it encouraging that despite these headwinds, CISOs are finding ways to invest in innovation and proactively engage with AI, both as a threat and a solution.
As threats and priorities evolve, and the attack surface area expands, enterprises need security solutions that meet the moment. We’re always eager to talk to founders building emerging technologies to help security teams protect their assets.
Download the full report here.
