A recent study conducted by Hack The Box has revealed that a significant number of Chief Information Security Officers (CISOs) are looking to boost their crisis simulation capabilities in 2025. This decision stems from concerns regarding the increasing frequency of cyber-attacks, insufficient incident response planning, and the need for more rigorous stress-testing of crisis scenarios.
The study, which surveyed 200 CISOs based in the UK and the US, found that 74% of respondents plan to increase their crisis simulation budgets in the coming year. The uptick in budget allocation underscores the urgency felt by these cybersecurity leaders to better prepare for potential full-scale cyber crises.
The motivation behind this push for enhanced crisis simulation capabilities can be traced back to the notable cyber-attacks that rocked organizations in 2024. Incidents involving companies such as 23andMe, Cencora, the UK’s National Health Service (NHS), and Transport for London (TfL) served as wake-up calls for many CISOs, highlighting the need for more robust preparatory measures.
According to the findings of the study, a majority of CISOs view crisis simulations as a crucial component of improving overall cyber preparedness. In fact, 73% of respondents identified cyber incident live drills as their top business priority for 2025, with 16% of security budgets being reallocated to cater to crisis preparedness efforts.
Furthermore, the study revealed that 77% of CISOs expressed a willingness to prioritize cyber crisis simulations if they were more realistic and actionable. This underscores the importance of conducting exercises that accurately reflect the complexity and dynamics of real-world cyber threats.
Haris Pylarinos, CEO and Founder of Hack The Box, emphasized the need for crisis simulations to evolve into more immersive and practical experiences. He highlighted the importance of equipping both technical and non-technical teams with the confidence and skills needed to effectively combat evolving cyber threats.
Pylarinos also touched on the potential for leveraging expert knowledge and AI systems to drive the next phase of crisis simulation evolution. By creating highly realistic and tailored scenarios, organizations can unite different business units and gauge their real-world performance in a controlled environment.
The Hack The Box study, which was published on January 27, 2025, sheds light on the shifting priorities and strategies within the cybersecurity landscape. As cyber threats continue to evolve and escalate, CISOs are increasingly recognizing the importance of proactive crisis preparedness measures to safeguard their organizations.
Overall, the study underscores the critical role that crisis simulations play in enhancing cyber resilience and readiness in the face of a rapidly changing threat landscape. By investing in realistic and actionable training exercises, CISOs can better position their teams to respond effectively to cyber crises and protect their organizations from potential harm.