Cyber Defense Group (CDG), a provider of bespoke cybersecurity solutions for small and medium-sized enterprises (SMEs), released its report, “2025 Cybersecurity Strategy Insights Report,” which sheds light on organizational leaders’ difficulties in executing a coordinated response to cyberthreats.
Including insights from 300 U.S. IT security professionals, the report reveals misalignments undermining security strategies and execution and the benefits of adopting an ecosystem approach when one in two organizations have been breached in the last 12 months.
Security Leaders Report Lower Confidence in Threat Resilience
Regardless of job title, nearly all (92%) of respondents stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles.
Two-thirds (68%) of CEO respondents reported being very confident in their organization’s security posture, likely stemming from their direct involvement in hiring security leaders and shaping overarching strategies. However, CEOs’ disconnect from the day-to-day realities of threat data and security responses may create a gap in their understanding. On the technical end, CIOs had a more grounded perspective, with only 31% being very confident and 62% having general confidence.
Responses from senior security leaders provide a different perspective. Only 5% of CSOs said they were very confident, while the majority expressed moderate confidence or neutrality. As the individuals most directly affected by security preparedness strategies, budgets, talent shortages, and evolving threats, their response indicates gaps and challenges in current systems and processes.
To fix some of the top issues contributing to the rise in misalignment between security teams and non-technical executives, it is important to understand how today’s security organizations are run. The report revealed that while a majority of organizations primarily rely on either a mix of in-house and contractor security work (39%) or fully in-house teams (36%), there is a rising interest in external support and expertise. A quarter of respondents are now investing in part-time or fractional roles or fully outsourcing to an external vendor.
Regardless of title and security team structure, respondents in the report highlighted they could benefit from:
- Improving speed and flexibility (58%)
- Cohesive strategy and program development (54%)
- Specialized expertise to address advanced threats (52%)
- Enhancing executive-level oversight and visibility (42%)
- Addressing budget limitations without compromising security (42%)
Rising Threats and Budget Strains Leave Organizations Vulnerable
Varying degrees of trust in organizations’ security strategies and posture have created a disconnect in properly allocating security resources — leaving gaps in defenses. Almost half of the respondents (49%) said that their organizations suffered a security breach in the last 12 months, including data exfiltration, ransomware attacks, and unauthorized access.
Despite the prevalence of attacks and the increase in AI-powered threats, which require new strategies, talent, and skills to combat, security budgets increased by only 8% in 2024 according to IANS Research. On top of the lack of funds, organizations are facing significant talent shortages and skills gaps as the new year begins. In the U.S. alone, according to another recent report, there is a need for over 225,200 additional workers to fill approximately 470,000 open cybersecurity jobs — numbers that don’t account for leader and staff burnout and frequent turnover.
CISOs Key to Bridging Oversight, Expertise and Business Gaps
Despite a lackluster investment in cybersecurity in 2024, the CDG report revealed that over three-quarters (76%) of security leaders are planning to increase their budgets in 2025 to address growing risks, prioritizing greater use of tools and products (85%), internal staff (64%), and external consultants (59%).
The budget increases come when 54% of respondents expressed a need for support in setting strategies and developing programs, and 45% of security leaders identified a need for improved executive-level oversight and visibility.
To bridge the confidence gap, secure buy-in from CEOs, and add more support and insight for security teams, the report revealed that technical and security leaders are increasingly seeing the benefit of turning to a virtual chief information security officer (vCISO). Respondents listed the positives of hiring a vCISO as:
- Cost-effective access to seasoned security leadership without the cost of a full-time CISO topped the list (28%)
- On-demand access to flexible and scalable expertise (19%)
- Strategic oversight and alignment with business goals (15%)
- Specialized expertise to fill a temporary need (12%)
- Addressing the skills gap without a full-time hire (11%)
“The sophistication and pace of today’s threat actors, combined with the findings in the ’2025 Cybersecurity Strategy Insights Report,’ make it abundantly clear that organizations can no longer afford to approach cybersecurity in silos,” said Lou Rabon, CEO, Cyber Defense Group. “Aligning leadership, business strategy, and cybersecurity program resources is critical to building an ecosystem approach with resilience against cyber threats. By leveraging vCISOs and their teams, we can enhance collaboration between technical and security teams while delivering actionable outcomes-based security® that resonates with executives and boards. This approach helps organizations transform challenges into opportunities and strengthens their security posture.”
Read the complete findings of the “2025 Cybersecurity Strategy Insights Report” including breakdowns by industry sector, in the full report.
