into their strongest line of defense.
Adopt AI responsibly with clear governance on usage: 62.8 percent of respondents in our 2024 Data Loss Landscape Report cited employees with access to sensitive data ( i. e., accounting, sales ) as their biggest risk for data loss incidents. Without getting specific instructions, employees can easily type delicate organization data into LLM applications like DeepSeek and ChatGPT without unknowingly exposing risks and security breaches to the organization.
Great security leaders emphasize empowering people, whether it is through training to become adaptable teams, encouraging cross-departmental collaboration, or both.
Employ a multi-layered defense strategy: Bad actors target people, not only systems, and there are many touchpoints where dangerous people behaviors can be exploited – phishing emails, insider threats, social media, or poor cyber hygiene practices. A truly effective strategy must account for these vulnerabilities. The key here is adopting a human-centric approach that incorporates proactive and risky behavior.
What kind of budget should a company have to create effective cyber defense?
Cyber defense is not a one-size-fits-all investment. It depends on the organization’s size, industry, existing infrastructure and risk profile. The ideal budget should be in line with the protection of the data and the risk of financial and reputational harm.
A good benchmark is to allocate 10-15 percent of the overall IT budget to cybersecurity, but in high-risk industries like finance or healthcare, this figure should be higher. More importantly, cybersecurity spending should focus on people as much as technology. With over 90 percent of breaches starting from human error or phishing attacks, businesses must invest in threat protection, training, and a layered defense strategy.
Over the next twelve months, various industries will face a variety of threats. Email fraud is seen as the biggest threat by the public sector, transport, and financial services industries, while ransomware would impact manufacturing and product, retail, and healthcare over the next 12 months.
The pressure is still mounting for contemporary CISOs as a result of growing concern about personal liability and rising numbers reporting excessive expectations, burnout, and challenging budgets. If we want to make sure CISOs are well-equipped for the scope of the challenge they continue to face now and in the future, solving this issue must be top of the list.
What words of wisdom would you offer to aspiring leaders in the cybersecurity sector?
Cybersecurity is not just a technology issue – it’s a business imperative. For aspiring leaders in this space, my advice is threefold: stay vigilant, stay adaptable, and stay people-focused.
This year’s storm may reach its peak, and cyber security leaders will be in even greater danger as a result of a greater than ever reliance on cloud technology, a mass mobile workforce, and armies of cyber adversaries equipped with AI technologies. In fact, our recent data shows that over two-thirds ( 70 percent ) of global CISOs remain in fear of a material cyber attack in the next 12 months. Leaders in cyber security must continue to be alert and resilient in order to remain resilient.
Adaptability is key. Cybersecurity is not just about defending networks, it’s about understanding business risks, regulatory landscapes, and evolving threat vectors. Leaders who can bridge the gap between security, technology, and business strategy will drive the most impact.
Never lose sight of the human element. With over 90 percent of breaches originating from human error, a strong security culture is just as critical as the latest tools. Great security leaders emphasize empowering people, whether it is through training to become adaptable teams, encouraging cross-departmental collaboration, or both.