Elevating Cybersecurity 2025

The complexity surrounding the CISO role1 The increasing complexity of the cyber landscape is reshaping the role of the CISO. The transformation of the cyber landscape calls for dialogue between practitioners and business leaders to redefine the fundamental attributes of the CISO.2 Before examining this in more detail, this paper explores how each of these factors of complexity – and their interplay – affects and shapes the CISO role and mandate. –Geopolitics: Geopolitical tensions exert an influence on cyber strategy in nearly 60% of organizations, according to the Global Cybersecurity Outlook 2025 survey. In addition, the Microsoft Digital Defense Report 2024 emphasizes the escalation of state-sponsored cyberthreats.3 Current geopolitical tensions – which can lead to wars or tariffs – require CISOs to adapt their security strategy and advise the business on their approach to security towards different events, such as changing regulations, technologies under sanctions, reputational damage and so forth. The current debates on data sovereignty, driven by the shifting geopolitical landscape, are also influencing countries’ and organizations’ technology narratives. As systems become increasingly fragmented regionally, it makes it harder for CISOs to aggregate data to detect attacks. CISOs need to find efficient ways to gain central visibility over a more diverse and dynamic systems landscape. –Cybercrime: Some 72% of respondents to the Global Cybersecurity Outlook 2025 survey said that cyber risks have risen in the past year. Some of the factors may include the rise of cyber-enabled fraud, driven by an increase in phishing and social engineering attacks. Additionally, identity theft is one of the top risks that concerns people on an individual level. The increased volume of cybercriminal networks and cybercrime types – including advanced persistent threats (APTs) developed by state- sponsored groups, scam farms, ransomware and supply chain attacks – means that CISOs need to proactively determine how to make threat intelligence actionable and valuable for their organizations and focus on establishing trusted collaboration lines with peers within their ecosystem. –Regulatory requirements: According to the Global Cybersecurity Outlook 2025 survey a total of 78% of leaders from private organizations feel that cyber and privacy regulations effectively reduce risk in their organization’s ecosystems. However, the complexity and proliferation of regulatory requirements poses a significant challenge. Geopolitical tensions and emerging technologies, among other factors, have led to diverging regulations across regions. The cybersecurity compliance landscape thus becomes more fragmented, adding layers of compliance levels. CISOs need to devote more resources to managing a higher number of (sometimes opposing) requirements. –Emerging technologies: Some 66% of respondents to the Global Cybersecurity Outlook 2025 survey believe that AI will affect cybersecurity in the next 12 months, but only 37% have processes in place for safe AI deployment.4 Additionally, AI-related spending across industries is projected to reach approximately $639 billion by 2028.5 The rise of digitalization and innovation – with the development of technologies such as quantum computing – expands the attack surface that CISOs manage, while rapidly evolving technologies demand that CISOs and their teams stay continuously informed about both the associated risks and the potential benefits to the business. CISOs need to balance the speed of innovation while adapting quickly to ensure the resilience of their organizations.1.1 The intricate landscape in which the CISO operates Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs 6