81% of security leaders expect cyberattacks in the next 12 months, reveals study

Over 80 per cent of the security leaders anticipate a cyberattack on their organizations in the next 12 months, while only 48 per cent believe they can prevent one, revealed a new study by HCLTech. The Global Cyber Resilience Study 2024-25 also found that 54 per cent of the security leaders identify AI generated attacks as the biggest security risk, whereas 76 per cent of the security leaders faced high to moderate challenges in resuming business fully in the aftermath of a cyberattack.

“Building a strong digital foundation for modern organizations requires robust prevention, response and recovery capabilities against cyberattacks. With AI-driven threats on the rise and recovery becoming more complex, adopting a strategy centered on comprehensive resilience is essential. This includes investing in cyber resilience solutions, zero-trust controls and AI-assisted automation, and streamlining security tools through a platform-based approach. With over 26 years of experience, we believe our solutions will enable organizations to strike a stronger balance between managing cyber risks and addressing cost pressures, ultimately driving enhanced operational efficiency,” said Jagadeshwar Gattu, President, Digital Foundation Services, HCLTech.

According to the study, North America witnessed the highest incidence of reported attacks at 64 per cent of surveyed security leaders indicating their organization had been targeted, followed by 57 per cent in Europe and 51 per cent in the Australia-New Zealand region. In response to these rising threats, 63 per cent of security leaders plan to increase cybersecurity investments over the next 12 months.

Improving compliance and risk management emerged as the top priority for 84 per cent of respondents, followed closely by investments in SOC automation (76%) and incident response and recovery capabilities (75%), reflecting a clear focus on strengthening both proactive and reactive cybersecurity measures.

While only 35 per cent of security leaders feel confident in their in-house expertise to manage cybersecurity risks, 90 per cent expect to continue relying on external sourcing to bolster their capabilities. Additionally, only 37 per cent feel they are effective in communicating their organization's IT security posture to the board and C-suite, highlighting a gap in both internal expertise and strategic communication at the leadership level.

“Cybersecurity is a strategic capability for businesses—and CISOs and CROs (Chief Risk Officers) must serve as a critical bridge between the board and technology/business teams, transitioning to real-time risk governance and control execution to manage rapidly changing threat landscapes. As cyber threats evolve daily, the effective implementation of a cyber strategy increasingly relies on automation and AI,” said Amit Jain, EVP and Global Head, Cybersecurity Services, HCLTech.

“HCLTech’s dynamic cybersecurity framework is designed to address these challenges, improving stakeholder relationships and enhancing visibility into cyber preparedness and resilience,” added Jain.