In today’s fast-paced digital world, cyber threats are evolving at an unprecedented rate, requiring security leaders to stay vigilant and proactive in their defense strategies. To address this ever-changing landscape, the 2025 Fortra State of Cybersecurity Survey was conducted to provide valuable insights for SOC teams, CISOs, and other cybersecurity decision-makers. Drawing from the input of 12 key cybersecurity roles spanning 24 industries, this report aims to equip organizations with the necessary information to shape their cybersecurity strategies for the upcoming year.
One of the key findings from the survey is the evolving nature of cyber threats, with social engineering, phishing, and smishing attacks remaining top concerns among cybersecurity practitioners. The advancement of Generative AI (Gen AI) has enhanced the sophistication of these threats, posing a greater challenge for security teams to detect and mitigate. The use of Gen AI in next-generation attacks is on the rise, leading to an increased awareness among security professionals about the risks posed by emerging technologies.
While the perceived risk of zero-day attacks has reportedly decreased, recent incidents involving critical vulnerabilities patched by Apple and Microsoft serve as reminders that these threats are far from extinct. Security teams have evolved to respond more effectively to zero-day attacks, with well-defined playbooks helping to minimize the impact and speed up response times.
Looking ahead to 2025, security initiatives are expected to focus on identifying and closing security gaps, improving security awareness and culture, and prioritizing cloud security. Despite a slight decrease in the emphasis on cloud security, organizations are increasingly incorporating cloud services into their operations, necessitating a comprehensive approach to securing these environments.
Challenges in implementing these initiatives include budgetary constraints, with many organizations struggling to allocate their cybersecurity budgets effectively. To optimize security spending, organizations are advised to assess their cybersecurity maturity, proactively prevent and detect threats, optimize and consolidate security tools, and develop scalable response strategies aligned with business objectives.
In response to the growing complexity of the cybersecurity landscape, security vendors are increasingly consolidating their offerings to streamline security operations and reduce costs. By focusing on key considerations such as coverage of the full kill chain, elimination of redundant tools, and compliance requirements, organizations can enhance their security posture and improve efficiency.
Furthermore, the need for specialized security talent is highlighted, with functions like penetration testing requiring deep expertise and specialized skills. Outsourcing security services, such as penetration testing and vulnerability management, can provide organizations with advanced expertise, cost savings, and the flexibility to scale their security programs as needed.
In conclusion, the 2025 Fortra State of Cybersecurity Survey underscores the urgency for cybersecurity leaders to adapt to the evolving threat landscape by strengthening security awareness programs, optimizing security investments, and addressing staffing shortages. By remaining proactive and agile in their defense strategies, organizations can better protect against current and future threats, ensuring a resilient cybersecurity posture in the years to come.