CISO priorities in 2025

In late March, the popular CISO MindMap, a cheat sheet on infosec team priorities, was updated. However, the economic landscape began shifting just days after its release. Now that the likelihood of economic instability, recession, falling oil prices, and rising microchip costs has increased, many companies and their CISOs face a pressing issue: cost optimization. In light of these developments, we decided to examine the CISO MindMap from a different angle, and highlight new or crucial infosec projects that can contribute to budget savings without creating excessive organizational risks.

Optimization of tools

MindMap authors advice CISOs to “consolidate and rationalize infosec tools”. In an IDC study from 2024, something like half of all large organizations surveyed used more than 40 infosec tools, and a quarter – more than 60. This abundance typically leads to decreased productivity, employee fatigue from unsynchronized and uncoordinated alerts, and excessive expenditure.

The solution lies in either consolidating the tech stack under a single-vendor approach (one vendor for the security platform and all its components), or selecting the best tool in each category. The latter approach requires (i) strict compliance with open communication standards, and (ii) API integration capabilities. It’s better suited for technologically mature teams capable of allocating internal resources (primarily time) to properly and efficiently set up integrations according to the infosec department’s procedures.

For effective stack consolidation, there are specialized planning tools that can assess all infosec systems that have been implemented, identify gaps in coverage, and pinpoint areas of significant functional overlap. This analysis also reveals inefficiently used tools that can be safely eliminated. For some niche and infrequent tasks, open-source tools can bring about budget savings. However, for large systems like SIEM that see regular use, open-source solutions may not be cheaper than proprietary ones due to the extensive efforts required for implementation, fine-tuning and support.

Consolidation often goes hand-in-hand with automation, which is only achievable with a well-synchronized toolset. In the same above-mentioned IDC study, it was found that companies that consolidated their tools and adopted modern XDR and SOAR solutions achieved average cost savings of 16% and analyst time savings of 20%. Simultaneously, they saw an improvement in organizational security with Mean Time to Respond (MTTR) decreasing by 21% and incident resolution time by 19.5%.

Automation

While automation projects initially involve additional expenses, their implementation in infosec processes pays off in the long run by saving analyst time and mitigating the talent shortage. Automation is not necessarily based on neural networks and language models, but these trendy technologies are already making practical contributions in several infosec areas. Tangible results are primarily achievable through the following measures:

• Selective incident response automation
• Alert prioritization in the monitoring center
• Application of infosec policies to accounts and resources
• Verification of compliance of internal policies with regulatory ones and enforcement of these policies
• Risk assessment and prioritization of infosec controls
• Automated third-party risk management (TPRM)

Generative AI

Despite the economic challenges, many companies continue to prioritize the implementation of AI-powered tools, viewing these as essential for future competitiveness and economic efficiency. Some organizations have even issued management directives such as “Before you hire a new employee, prove that AI cannot do their job.”

From the infosec perspective, the widespread adoption of AI-powered technology has both advantages and disadvantages. On the one hand, the vast and poorly understood array of AI tools creates a significant additional workload on infosec teams. On the other, it provides an opportunity to launch and fund various infosec initiatives within the broader corporate AI implementation program. To effectively manage AI-related risks, a company needs to do the following:

• Establish standards and regulations for the use of AI-powered solutions, while keeping in mind the rapidly evolving regulatory landscape in this area
• Create a controlled list of approved AI tools for different departments and processes
• Regularly review recommendations and verify that all AI-driven processes comply with infosec policies
• Include AI tools in the asset inventory for vulnerability management and infosec assessments
•  Develop specialized training programs for both AI users and infosec personnel

Using open-source AI solutions instead of proprietary cloud systems can reduce operational costs and enhance data protection – especially when the solutions are deployed within the organization’s network or in a private cloud. However, the availability of suitable, high-quality open-source models depends on the specific use case.

Meaningful infosec metrics

This area doesn’t require substantial financial investment but it significantly simplifies the process of justifying infosec budgets to the board of directors. The composition of key metrics varies across industries and companies, but the following groups are worth considering:

• Risk level and achieved risk reduction expressed in financial terms
• Organizational readiness for attacks (MTTR, MTTD) and its trends
• Progress in ongoing infosec projects, including automation and tool consolidation
• Effectiveness of infosec measures and its trends: average time to remediate critical and other vulnerabilities, percentage of users successfully passing cybersecurity testing, and so on

Identity management

While implementing comprehensive IAM solutions can be expensive, companies can find a balance that provides significant risk reduction at a reasonable cost.

Many companies still lack basic infosec controls like multi-factor authentication. Even limited implementation of these controls significantly reduces the risk of compromise through credential theft. In addition to cost-effective solutions that utilize TOTP-based authenticator apps, 2025 has seen passkey-based solutions mature and become quite user-friendly on the major platforms (Microsoft, Google, Apple). This phishing-resistant, highly affordable authentication method is worth deploying at least for employees who have access to critical data and systems, and ideally, for everyone. Ultimately, the transition to passkeys can also improve efficiency for all employees, as password-free access saves time and reduces support costs for password-related issues.

Another aspect of IAM is centralized management of machine identities, API tokens, and other secrets. Due to a significant increase in attacks on cloud environments, investments in this area are likely unavoidable. However, many companies can strategically plan the implementation of appropriate tools by deploying open-source solutions in their infrastructure, utilizing secret managers included in their cloud provider subscriptions, and so on.

SOC cost management

Security operations centers (SOCs) represent a major expense in any infosec budget, with significant costs associated with analyst effort, data storage, and processing. Effective separation into “hot” and “cold” log storage can significantly reduce data storage costs. For large companies, it’s worth considering hierarchical or geographically distributed processing infrastructure. In some cases, such as with our SIEM – the Kaspersky Unified Monitoring and Analysis Platform – SIEM hardware savings can reach 50%.