Top Focus Areas for CISOs in 2025

While managing organizational risk is core to their function, CISOs are increasingly called upon to help enable the business, as well – or at least not to hinder it. Security measures ideally are integrated into growth and transformation initiatives. But it can be a challenge for security leaders to balance the pace of digital initiatives with implementing the necessary measures to protect the organization.

As platforms, technologies and third party vendors continue to multiply, security threats are expanding at the same time. CISOs seem to have more assets and platforms to protect just as they have more threats to manage. As Gartner notes in Cybersecurity Trends: Resilience Through Transformation, “Security and risk management leaders are tasked with improving organizational resilience in a world of increasing risk.” 

Each year, we ask C-level security leaders across our communities about their top priorities, challenges and investments in our Leadership Perspective Survey. We follow up the survey with hundreds of conversations with CISOs, and all of this information helps to inform the topics at our community events. 

As we continue gathering and analyzing this year’s survey data, here are some high level themes that are emerging for CISOs in 2025:
 

1. Integrating AI in Cybersecurity for Enhanced Risk Management

For CISOs, AI and GenAI usage have several implications: they are supporting the secure adoption of AI, they have concerns about AI-generated phishing attacks, and they want to use AI to enhance their cybersecurity measures. In terms of securing AI adoption at their organizations, CISOs mention challenges like controlling data in the public domain and implementing the right AI governance models. One CISO noted that with GenAI, “We have to be able to match the pace of the rapid change. If we don't have the right pieces in place, shadow IT will take over.”

In conversations with CISOs, many are concerned about managing AI-related threats. One security executive mentioned deep fakes and how to ensure authentication protocols are set up to prevent them. In supplementing their cybersecurity efforts, some security leaders are pursuing AI solutions for threat intelligence, to automate certain tasks, or even to fill in some of the gaps they have with resourcing.

Currently, Generative and Traditional AI are among the top 10 priorities for CISOs in our survey. They continue to seek valuable and measurable use cases for integrating AI into the security function. 
 

1. Modernizing Security Operations

While Security Operations is not new to their list of priorities, this year CISOs are looking to modernize and optimize their operations. Some believe that automation will reduce the workload of their Security Operations Center (SOC), and other leaders are enhancing their monitoring and protection capabilities.

Several CISOs mentioned that they outsource their SOC, or have a hybrid strategy, and are looking to mature their operations or approaches. Some security leaders intend to do more detection response exercises. One also noted that they are “interested in how to distribute accountability for security operations throughout the organization.”

At the current response rate, Security Operations is ranked fourth among CISOs priorities in the survey, which appears to be higher in importance than in recent years.
 

1. Evolving CISO Roles for Strategic and Operational Resilience

Cyber resilience is emerging as an early – but clear – top priority for CISOs in 2025. Security leaders recognize that it’s not a matter of if an incident occurs, but when, and building up resilience is improving how fast they are able to recover business operations. 

As threats increase in volume, variability and intensity, organizations need robust response strategies to handle the attacks. An effective response involves quick identification, containment, and mitigation of threats. As one CISO stated, “This is why we are investing in it now – so we can plan on continuing to operate.”

A few security executives noted that they are seeking reliable measures of their resilience or ways to compare themselves to an industry standard. Another CISO commented that they want to achieve a “reasonable level [of resilience] without doubling our costs.” 

Others say that this priority is connected to their evolving role as business leaders, not merely technical or cybersecurity leaders. One CISO said that “the focus is on resilience beyond just cybersecurity.”

In the Gartner Top 9 Trends in Cybersecurity 2025, they also observe the changing role of CISOs and cybersecurity, noting that “Board directors and C-suite leaders now widely view cyber risk as a core business risk to manage — not a technology problem to solve.”

As CISOs navigate how to support business growth while managing risk to the organization, we look forward to bringing them together to collaborate, share and learn from each other. To participate in a community, apply to join your regional CISO Community, or if you are already a member, sign in to the app to check out and register for upcoming community programs.