Austin, Texas, USA, June 26, 2025
Futurum Research Uncovers That Cybersecurity is a Board-Level Concern, Resulting in increased investment.
Futurum research uncovers that Cybersecurity is a board-level concern, resulting in increased investment.
Findings from the Futurum Research 1H25 Cybersecurity Decision Maker IQ study reveal a significant shift in the strategic importance of cybersecurity within modern enterprises. The comprehensive research indicates a clear trend towards direct CISO-CEO reporting, increased board-level engagement, and a material surge in cybersecurity budget allocations, underscoring the critical role security now plays in business strategy.
The study highlights that organizational structures are evolving in accordance with growing cybersecurity concerns, with approximately one-third of Chief Information Security Officers (CISOs) now reporting directly to the CEO’s office. This elevated reporting line signifies a recognition of cybersecurity as a core business function, moving beyond traditional IT and Security departments to become a boardroom-level concern. This strategic alignment ensures that security initiatives are directly integrated into top-level business objectives and risk management strategies.
Figure 1: Cybersecurity is Prioritized by Leadership and in Budgets
Approximately one-third of CISOs report directly to the CEO. 38% indicated that cybersecurity leadership presents to the board of directors on a quarterly basis, and 36% indicated that they present monthly. This is driving a material increase in spend; nearly three-quarters of respondents indicated that they expect their cybersecurity budget to increase over the next 12 months.
“The move towards CISOs reporting directly to the CEO is more than just an organizational tweak; it’s a profound statement about cybersecurity’s strategic imperative,” stated Fernando Montenegro, Vice President at Futurum Research. “It reflects an understanding that cyber risk is enterprise risk, and effective security leadership needs a direct line to executive decision-making to truly protect the business.”
Parallel to this shift in reporting, the study found a dramatic increase in board-level engagement concerning cybersecurity. A substantial 38% of cybersecurity leadership teams present to their board of directors on a quarterly basis, while an additional 36% indicate even more frequent monthly presentations. This consistent and high-level dialogue ensures boards are well-informed about the evolving threat landscape, organizational vulnerabilities, and the efficacy of current security measures, facilitating more agile and informed governance.
This heightened visibility and direct engagement are directly influencing financial commitments. The Futurum Research study found compelling evidence of increased investment, with nearly three-quarters of all respondents expecting their cybersecurity budget to increase over the next 12 months. This anticipated surge in spending reflects a proactive stance by organizations to fortify their defenses against an increasingly sophisticated and persistent array of cyber threats.
“Increased board engagement and rising budgets signal a mature approach to cybersecurity, recognizing it not as a cost center but as a fundamental enabler of business resilience,” commented Krista Case, Research Director at Futurum Research. “Organizations are now willing to invest significantly to mitigate risks, protect critical assets, and maintain stakeholder trust in an environment where cyber incidents can have catastrophic impacts.”
The findings collectively paint a picture of a cybersecurity landscape where security is no longer an afterthought but a central pillar of corporate governance and strategic planning. Businesses are clearly prioritizing robust security frameworks, competent leadership, and ample financial resources to navigate the complexities of the digital age securely. This proactive investment is crucial for maintaining operational continuity, safeguarding sensitive data, and preserving brand reputation in the face of escalating cyber risks.
Read more in the “1H 2025 Cybersecurity Decision Maker Survey Report” on the Futurum Intelligence Platform.
About Futurum Intelligence for Market Leaders
Futurum Intelligence’s Cybersecurity & Resilience IQ service provides actionable insight from analysts, reports, and interactive visualization datasets, helping leaders drive their organizations through transformation and business growth. Subscribers can log into the platform at https://app.futurumgroup.com/, and non-subscribers can find additional information at Futurum Intelligence.
Follow news and updates from Futurum on X and LinkedIn using #Futurum. Visit the Futurum Newsroom for more information and insights.
Other Insights from Futurum:
Futurum Intelligence Cybersecurity IQ – Subscribers*
Futurum Research 2025 Key Issues & Predictions
Futurum Cybersecurity Decision Maker Survey on Cyber Incidents
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
Krista Case is Research Director, Cybersecurity & Resilience at The Futurum Group. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
