Survey surfaces 2025 cybersecurity challenges

A global survey of 476 IT and cybersecurity professionals finds just over half (52%) or respondents reporting their organization should be spending more on cybersecurity, with software and security awareness training topping the list of priorities at 27% each.

Conducted by Pollfish on behalf of OTRS AG, a provider of a platform for managing help desk requests, the survey also finds additional investments in infrastructure (26%) and personnel (21%) are close behind.

The survey suggests there is also still plenty of room for integration improvement, with only 28% very satisfied compared to 50% that are slightly satisfied. Another 11% are either dissatisfied or neutral. Tool complexity (46%) and integration difficulties (45%) and training requirements (37%) are the top three sources of frustration, the survey finds.

Nevertheless, the number of tools and platforms being employed appears to have increased in the last year, with 63% now using security information event management (SIEM) platforms, 58% employing security orchestration, automation and response (SOAR) tools and 68% using vulnerability management tools.

At the start of the new year, many cybersecurity teams are debating the merits of adopting more integrated platforms that promise to reduce the total cost of cybersecurity by, for example, simplifying integration versus continuing to invest in best-of-breed tools and platforms. The latter approach enables cybersecurity teams to adopt tools as they best see fit, but any time those tools need to be integrated, it’s up to the cybersecurity team to create and maintain them. In addition, the level of integration that might be achieved varies widely, so many cybersecurity teams will still find themselves swiveling between consoles as they respond to various threats.

Each cybersecurity team will need to decide for itself which approach makes the most sense for them. In many cases, investments in tools have already been made and retraining cybersecurity teams would require a significant effort. Ripping and replacing all those tools in favor of an integrated platform may not be economically feasible.

At the same time, any organization that hopes to take advantage of artificial intelligence (AI) to automate cybersecurity will need to aggregate threat intelligence. Fortunately, the total cost of collecting and integrating data is dropping as organizations adopt more standard interfaces.

Regardless of approach, tighter integration across tools and platforms will be crucial in the coming year as cybersecurity threats continue to increase in volume and sophistication. Cybersecurity teams are, as a result, under more pressure than ever to mitigate threats faster than ever. After all, time more than ever is money when cybercriminals can, for example, exfiltrate massive amounts of data in minutes. Hopefully, the next wave of investments in generative AI tools will make it easier to analyze all the data, but before anyone can achieve that goal the need to first collect the right data at the right time and then make it available at the right place is ultimately going to be the most important capability that cybersecurity teams will need to have in 2025.