2025 Cybersecurity Threat and Risk Management Report

46% of respondents say their organizations use AI/ML to prevent cyberattacks.

The average security budget is $24 million.

Outsourcing to managed security service providers (MSSPs) jumped from 47% in 2024 to 58% in 2025.

79% of respondents say their organization is making changes to its cybersecurity budget.

The primary drivers for AI/ML adoption are improving operational efficiency (41%) and maintaining competitive advantage (40%).

66% of respondents report cybersecurity incidents have increased significantly or increased in the past year. This is up from 61% in 2024.

Of organizations using AI/ML, 88% are incorporating generative AI at some level.

72% of respondents continue to significantly or moderately use Security Orchestration, Automation, and Response (SOAR) to reduce cyber threats.

Of organizations making budget changes, 71% say security budgets are increasing.

51% of respondents say their organizations have a Cybersecurity Incident Response Plan (CSIRP) applied consistently across the entire enterprise. This is up from 46% in 2024.

74% of respondents identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management.

66% of respondents say their organizations have fully or partially implemented Secure Access Service Edge (SASE).

67% of organizations are now using risk and threat assessments to inform budget decisions. This is up from 53% in 2024.

The effectiveness of CSIRPs in minimizing the consequences of cybersecurity incidents increased from 50% of respondents in 2024 to 57% of respondents in 2025

57% of respondents report automation has reduced the time to respond to vulnerabilities.

34% of respondents report seeing significant improvements in vulnerability response time due to automation.