Investing.com — Wolfe Research on Tuesday released findings from its 2025 cybersecurity survey, which gathered insights from 131 Chief Information Security Officers (CISOs). The survey highlights key trends in security spending, strategic priorities, and vendor adoption for the upcoming year.
Security budgets are expected to grow more modestly in 2025 compared to previous years. Only 27% of respondents anticipate budgets increasing by more than 10%, a drop from 43% in 2024.
Small and Medium-sized Businesses (SMBs) are more optimistic, with 39% forecasting double-digit growth, compared to just 19% of enterprise CISOs. On the other hand, 25% of enterprises expect their budgets to decrease, compared to 8% for SMB CISOs.
Wolfe analysts believe this trend bodes well for vendors such as SentinelOne (NYSE:), Cloudflare (NYSE:), Rapid7 (NASDAQ:), and Okta (NASDAQ:).
Per survey results, Data Security has overtaken Cloud Security as the top CISO priority for the first time in three years, reflecting an increased focus on protecting sensitive information. AI and machine learning security ranked as the second-highest priority.
Notably, 37% of respondents stated that AI-related initiatives “are at least part of the reason their security budget is increasing,” Wolfe referrals.
Vendor preferences also showed notable changes. Identity-related solutions remain a top focus for CISOs in 2025, with Identity Governance & Administration (IGA), Privileged Access Management (PAM), and Access Management (AM) ranking fourth, fifth, and sixth in priority, respectively. Combined, these segments highlight Identity as the highest overall priority in security strategies.
According to the survey, vendors like Okta, Cyberark Software Ltd (NASDAQ:), and SailPoint experienced meaningful improvements in spending trends, with Okta seeing the largest jump in vendor rankings.
While platform-based strategies gained traction among enterprise CISOs, the overall enterprise spending trend remains subdued. 76% of enterprise respondents characterized their security strategy as platform-focused or transitioning toward a platform, compared to 60% last year.
Despite this, enterprise spending for major platform vendors such as CrowdStrike (NASDAQ:), Palo Alto Networks (NASDAQ:), and Microsoft (NASDAQ:) declined year over year.
“We believe this trend will be most positive in 2025 for Zscaler (NASDAQ:) where enterprise spending trends remain steady and the company saw a 10pp improvement in the percentage of enterprise customers who plan on buying more of their platform,” Wolfe analysts noted.
In terms of segment-specific spending, Data Security and AI/ML Security topped the list, with 54% and 53% of respondents respectively planning to increase their budgets in these areas. Meanwhile, Firewall hardware saw the highest percentage of respondents expecting to decrease spending, reflecting a shift in priorities.
The survey also revealed increasing interest in adopting third-party AI security tools. Microsoft was the top-cited vendor for securing AI-related technologies, mentioned 24 times by respondents. However, uncertainty in the space remains, as many CISOs expressed limited clarity on viable options for securing generative AI models and tools.
