New research: The state of cybersecurity 2025

AI is simultaneously revolutionising and destabilising security operations, budgets are tightening, and political cyber attacks are becoming the norm. The Wipro State of Cybersecurity Report 2025 gives us a clear-eyed view of where we stand – and where we need to go.

Here’s our quick briefing on the key takeaways. 

AI: The friend, the foe, the future

The challenges that AI brings to cybersecurity are growing; and so are the potential solutions. Now, 93% of organisations are investing in AI-driven threat detection and response, and 30% are deploying AI automation to boost efficiency and cut costs. AI’s strengths bring faster detection, deeper insights, and streamlined incident response.

On the other side of the coin, AI is causing trouble. As Tony Buffomante (SVP and Global Head of Cybersecurity and Risk Services at Wipro) put it: “AI is both innovator and disruptor.”

Cybercriminals are using AI to craft more convincing phishing attacks and automate malware. Unsurprisingly, email phishing remains the top cyber risk in 2025 – cited by 65% of security leaders.

What’s holding teams back from full AI adoption? Mainly data quality and privacy concerns (84%), lack of AI expertise (75%), and integration with existing infrastructure (72%). 

If we want AI to work for us, we need the skills and controls to use it responsibly. 

Cyber threats are more persistent and more political 

Between 2022 and 2025, nation-state attacks surged, with 86% targeting intellectual property and 42% aimed at government bodies. But the private sector isn’t off the hook – 32% of publicised attacks hit commercial organisations.

The attack types? Espionage, data destruction, and sabotage lead the pack. What’s scarier is the long tail: 31% of organisations experienced repeat breaches within three years, often by unrelated threat actors capitalising on previous incidents.

We need continuous monitoring, faster incident response, and more resilient architecture – not just compliance-driven security postures.

Budgets are shrinking but expectations are growing

Wipro found that only 10% of companies are allocating more than 12% of their IT budgets to cybersecurity. That’s a sharp drop from 21% in 2023. The days of asking for more budget are over, at least for now; so it’s about doing more with what you’ve got.

The top cost-optimisation move is AI-driven automation, followed by security tool rationalisation and streamlining risk management processes.

That’s why strategic investments are focused: Zero Trust frameworks (97%), AI (93%), IoT security (82%), and SASE (78%) top the list.

Cybersecurity is maturing at the board level

One very bright side is that boards are finally getting involved, with 64% of organisations now having proactive cyber governance structures – either designated board members with cyber experience, or standalone cyber risk committees.

And communication is improving too. Of the organisations surveyed, 50% report cyber risk to the board quarterly, and 25% do so monthly. The shift from reactive to strategic board involvement is a positive signal, and one security leaders can leverage.

Still, only 22% of CISOs report directly to the CEO. Most still report to the CIO (53%), which can limit visibility and strategic influence. If cybersecurity is a business risk (not just a tech issue), then its leaders need a seat at the executive table.

Tomorrow’s threats: Deepfakes, agentic AI, and post-quantum 

If you’re subscribed to our newsletter, you’ll get an email from us this week all about the security risks that come with AI agents. They’re expanding the attack surface in ways that traditional tools aren’t prepared for as we use them to carry out complex tasks on our behalf. 

Deepfakes also pose serious reputational and financial risks. Wipro found reputational damage to be the most concerning outcome, followed by fraud and operational disruption.

And quantum computing is coming. Already, 36% of organisations are investing in quantum-resistant encryption and hybrid cryptographic platforms.

2025 is a year of paradox. We have greater capabilities, but greater risk. Smarter tools, but tighter budgets. More visibility, but more sophisticated threats.

Instead of choosing between innovation and control, the path forward requires us to design systems where both coexist. Cybersecurity isn’t just a technology play anymore. It’s a business imperative, a boardroom priority, and a shared responsibility across…well, everyone. 

Cybersecurity leaders – how are you preparing? Drop us a message and share your thoughts. We might reach out to feature your comments in a future article.