Nearly all chief information security officers (CISOs), at 98%, anticipate a significant rise in cyberattacks over the next three years, according to a new survey by CSC. The business administration service provider polled 300 CISOs, chief information officers (CIOs) and senior IT professionals worldwide. Its findings additionally revealed that 67% classified cybersecurity threats as either critical or significant for 2024. Expectations for 2025 are similarly concerning, with 70% predicting an increase in threats.
Notably, 87% of CISOs also identify AI-powered domain generation algorithms (DGAs) as a direct threat. Meanwhile, 97% express serious concerns about third-party AI systems gaining access to company data, highlighting the need for rigorous AI governance frameworks.
Despite these pressing challenges, only 7% of CISOs report being “very confident” in their organisations’ ability to manage domain-based attacks. Merely 22% believe their current tools are adequate to address these threats. This suggests potential underestimation or lack of preparedness concerning the complexities and rapid evolution of domain security risks among many organisations.
Respondents of the survey identified cybersquatting, domain and DNS hijacking, and DDoS attacks as the top security threats for 2024. Over the next three years, ransomware and malware are projected to become significant concerns alongside cybersquatting and domain hijacking. These findings point to an evolving threat landscape requiring continuous adaptation and innovation in security measures.
“DNS and domain-related infrastructure are prime targets for cybercriminals,” said CSC digital brand services division chief technology officer Ihab Shraim. “These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate.”
The survey by CSC also sheds light on current outsourcing practices within cybersecurity management. While outsourcing is prevalent, inconsistencies remain. A significant majority (97%) express concern over granting AI-based third-party systems access to company data. Meanwhile, 18% of respondents rely exclusively on in-house resources, whereas approximately 30% utilise a hybrid approach combining external specialists with internal efforts.
According to the report, cyber threats are becoming more sophisticated, with traditional methods being supplemented by innovative approaches that increase in volume and complexity. Many modern attacks initiate with social engineering techniques paired with tactics such as lookalike domains to bolster credibility and establish groundwork for future incursions.
Cybersecurity budgets rising in some companies
The study also highlights concerns regarding compliance with Know Your Customer (KYC) policies by domain registrars. Almost all respondents expressed worries about this issue. Moreover, three-quarters (76%) conveyed only “somewhat confidence” in their company’s capabilities to mitigate domain attacks, acknowledging the challenging and resource-intensive nature of addressing these threats effectively.
Budget allocations for cybersecurity have significantly increased between 2024 and 2025, reflecting the growing importance of cybersecurity in overall risk management strategies. Decisions regarding these allocations are primarily made by chief risk officers or risk management teams (23%), finance teams (21%), or the CISO or IT team (18%).
Read more: 97% of CISOs prioritise Zero Trust strategies amid escalating cyber threats, study finds
