Full Report
74% of CISOs plan to increase their cyber crisis simulation budgets in 2025
Analysis Summary
# Industry News: CISOs Prioritize Crisis Simulation Following High-Profile Attacks
## Summary
A new study by Hack The Box indicates that 74% of surveyed UK and US CISOs plan to increase their budgets for crisis simulation exercises in 2025, driven by concerns over rising attack volumes and fallout from major 2024 incidents. Cyber incident live drills are now a top business priority, with a significant portion of security budgets being reallocated to enhance preparedness through more realistic and AI-assisted simulation scenarios.
## Key Details
- Date: Announced January 27, 2025 (Survey conducted Dec 4-9, 2024)
- Companies Involved: Hack The Box (Survey provider), 200 UK/US CISOs (Respondents)
- Category: Market Research / Trend Analysis
## The Story
The report highlights a significant shift in CISO priorities heading into 2025. Following heavily publicized cyber incidents involving organizations like 23andMe, Cencora, the UK’s NHS, and Transport for London in 2024, a substantial majority (74%) of CISOs intend to increase spending on crisis simulation capabilities. This heightened focus stems from perceived inadequacies in incident response planning and stress-testing. Crucially, 73% of respondents cited live cyber incident drills as their top priority for 2025, resulting in 16% of security budgets being reallocated toward crisis preparedness. The CEO of Hack The Box suggested the next generation of these simulations will integrate AI to create highly realistic, benchmarkable scenarios that engage both technical and non-technical teams.
## Business Impact
### For the Companies Involved
- **Hack The Box (and similar simulation providers):** This signals a massive growth opportunity as demand for sophisticated, realistic, and personalized simulation platforms intensifies, positioning them well for increased revenue streams in 2025.
### For Competitors
- **Incident Response and Retainer Firms:** While preparedness spending increases, there may be a relative decrease in immediate, post-breach response needs if simulations prove effective, although the quality of response planning they can offer will now be under greater scrutiny.
- **Security Training Vendors:** Vendors focusing purely on foundational security awareness without incorporating crisis management may see their solutions de-prioritized in favor of high-fidelity live drills.
### For Customers
- **Increased Confidence:** Customers of organizations investing heavily in these simulations should see improved resilience, potentially leading to faster, more organized responses during actual security events, mitigating downtime and data loss.
- **Higher Expectations:** Customers may increasingly expect public disclosures that highlight advanced preparation, including successful crisis simulation outcomes.
### For the Market
- **Budget Reallocation:** The confirmed reallocation of 16% of security budgets toward crisis preparedness indicates a maturity shift in cybersecurity spending—moving from purely preventative technology procurement to validating operational readiness.
- **Demand for Realism:** The strong willingness (77%) to invest further if simulations are more realistic is driving a market requirement for advanced simulation technology, likely favoring solutions integrating expert knowledge and AI.
## Technical Implications
The future of crisis simulation appears heavily influenced by **AI**. AI systems are expected to power the creation of "highly realistic and tailored scenarios." This implies a move away from static tabletop exercises toward dynamic, evolving simulations that mimic attacker behavior and can test organizational decision-making under cognitive load, potentially validating the effectiveness of existing security stacks in real-time operational contexts.
## Strategic Analysis
- **Market Positioning:** Cybersecurity spending is proving its operational value. Simulation platforms are shifting from being niche training tools to essential components of enterprise risk management frameworks, placing them centrally in CISO long-term strategy.
- **Competitive Advantage:** Organizations demonstrating superior resilience validated through excellent simulation performance can use this as a key differentiator in attracting and retaining high-value customers cautious about recent high-profile breaches.
- **Challenges:** The primary challenge will be ensuring these new, high-investment simulations provide **actionable intelligence** rather than just a successful completion metric. If simulations remain theater rather than true stress tests, budget increases will not yield proportionate security improvements.
## Industry Reactions
- **Analyst opinions:** Analysts are likely viewing this as crucial maturation. Spending focus shifting from just "buying tools" to "testing processes" is a strong indicator of security governance strengthening across the board.
- **Expert commentary:** Experts like Hack The Box's CEO emphasize bridging the gap between technical readiness and business continuity, stressing the need to equip **non-technical teams**—a common failure point in real crises.
- **Market Response:** The market for advanced breach and attack simulation (BAS) and specialized cyber range companies is expected to see significant influx of capital and new entrants aiming to capitalize on the realism requirement.
## Future Outlook
- **Predictions and expectations:** We can expect increased vendor focus on AI integration within simulation platforms throughout 2025, prioritizing scenario personalization and cross-departmental team testing.
- **What to watch for:** Watch for emerging benchmarks and standards for "successful" crisis simulation, as CISOs will need metrics to justify these increased budgets to boards. Reports detailing the integration of AI into these drills will be closely followed.
## For Security Professionals
Security teams must prepare for more frequent, realistic, and high-stakes simulation exercises. For practitioners, this means translating technical findings from simulations into concrete, demonstrable fixes, and preparing to operate under intense simulated pressure alongside business leaders. Incident responders will become key stakeholders in designing and executing these high-fidelity tests.