The rise of cybersecurity incidents in recent months has highlighted the importance of investment in Cybersecurity. Ransomware attacks on firms such as M&S, Co-op, and Harrods have highlighted the vulnerability of even blue-chip organisations to these attacks. Recent research by Logicalis (2025 CIO Report) has shown rising attacks, and despite rising investment, there are still gaps in the cyber security posture.
In the twelve months prior to the survey, 80% of UK organisations admitted to having a cyber incident, with 20% suffering multiple breaches. This compares to the UK Government Cyber Security Breaches survey 2024, which identified only 50% as having breaches over a slightly earlier period. According to Logicalis, the rest of the world had suffered 88% breaches.
That increase is backed by Logicalis, with 34% saying they experienced an increase in breach volumes from the previous year. Worryingly, CIOs believe that security coverage needs improvement despite increased investment. The majority of boards are aware of the risk and are spending more on Cybersecurity. Where IT budgets are cut, IT leaders will have to allocate a greater proportion of IT spending on security. 91% of CIOs believe they need to improve Cybersecurity.
Why are we seeing increased breaches?
Logicalis questions whether AI, often seen as a benefit for cybersecurity solutions, is also a factor in the increased threat. The National Cyber Security Centre certainly believes so. Its report, “The near-term impact of AI on the cyber threat”, notes, “Artificial intelligence (AI) will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years.”
Two further judgements, the report highlights the following:
- AI will almost certainly make cyber attacks against the UK more impactful because threat actors will be able to analyse exfiltrated data faster and more effectively and use it to train AI models.
- AI lowers the barrier for novice cybercriminals, hackers-for-hire and hacktivists to carry out effective access and information-gathering operations. This enhanced access will likely contribute to the global ransomware threat over the next two years.
CIOS are aware of the new threat. However, only 42% of UK CIOs expect to see an increased risk from AI in the future, despite the NCSC’s warning. Perhaps worryingly, only 31% strongly agree that their organisation has fully implemented an AI security policy. There is also uncertainty about countering the threat, with 52% not confident about investing in AI.
The report does not surface any qualitative response about why this is the case. Logicalis may argue that organisations should partner with a firm that has a greater awareness of the cybersecurity landscape, such as themselves.
Logicals launched Intelligent Security last year. It provides a blueprint approach to deliver proactive, advanced security for customers worldwide. Their experience has helped them improve their cybersecurity stance at firms, including Jersey Electric and ESW.
What should IT Leaders do next?
The result of the increased threat is that IT leaders face a familiar task: do more with less. The difference is that cybercrime poses an existential threat to organisations. Get it wrong, and the company can face compliance penalties, brand damage and a loss of trust from customers. Get it right, and life continues. Though there may be increased questions about the amount spent on Cybersecurity.
In the UK, 96% of CIOs are confident that their security investments meet their organisation’s needs. However, is this confidence misplaced, with only 59% of global CIOs feeling the same? Possibly not, as 95% of UK CIOs believe there is room for improvement in cybersecurity spending. Only 58% of global CIOs are fully confident in their ability to identify potential security gaps.
There is some disagreement about where the threats are coming from:
- Data breaches (45%)
- Malware/ransomware attacks (41%)
- Phishing (38%)
- Social engineering (35%)
Emerging threats include AI-driven threats (19%) and deepfakes (10%). It will be interesting to see whether these increase in next year’s report.
Therefore, the difficulty is where CIOS should focus their investments:
- 54% say they still lack access to a solution that fully fits the business
- 43% acknowledge having overinvested in tools they don’t use
- 61% say their patching systems are too complex to manage effectively
In addition to the emergence of deepfakes and sophisticated social engineering, staff awareness and, therefore staff training is another area to invest in. 52% of UK CIOs said that staff awareness and the resulting mistakes are still a significant risk they will have to mitigate in the future. A question not posed by Logicalis is whether this is still an IT expense, a departmental expense or one left to HR.
Neil Eke, CEO at Logicalis UKI, commented, “We’re seeing a disconnect between rising cybersecurity spend and actual resilience. The issue isn’t investment. It’s optimisation. Security teams are battling complexity, disjointed tooling and emerging threats faster than they can adapt. CIOs, not just in the UK, but globally, need support to focus on risk visibility and smarter, outcome-based partnerships to drive real protection.”
“AI is both the battleground and the solution. CIOs who invest strategically in AI-led cyber defence while addressing the human factor through education and simple security instructions will be the ones who stay ahead.”
Enterprise Times: What does this mean
The future is uncertain. With the emergence of AI and the growing number of proof points that organisations are at a higher risk of breaches. CIOs must find partners who fully understand the threat landscape and can not only help identify the gaps within their cybersecurity strategy but also provide direct advice on what solutions they need to adopt to improve their security at the right cost point.
It isn’t easy to calculate the ROI of cybersecurity spending. Could Logicalis identify better metrics than just where you breached last year? It is a challenge to consider.
