CIO OPINION

CISOs are navigating a perfect storm of cyber threats, budget pressures, internal demands. Keeping pace with an evolving threat landscape, including ransomware, AI-driven attacks, supply chain risks, are primary challenges. CISOs also face budget constraints and must constantly justify ROI while under board pressure to demonstrate measurable risk reduction. Top executives from Acronis, BeyondTrust, Check Point Software, CPX, Fortinet, GBM, Halcyon, Infoblox, ManageEngine, Proofpoint, Sophos and Tenable, spell out the CISO’ s vast strategic and operating landscape.

2025 by UAE Cybersecurity Council and CPX, emphasises the growing role of CISOs and their role in driving governance, industry-specific strategies, and cybersecurity awareness. Talent shortages, team burnout, and turnover only add to the mounting pressure and significantly impede a CISO’ s ability to secure an organisation.

In 2024, 76 % of UAE and 84 % of Saudi Arabian CISOs named human error their top cybersecurity risk, increasing from 59 % and 48 %, respectively, the year prior. They also face excessive expectations, with burnout and budget cuts adding to the strain.

These realities reinforce the need for unified, humancentric cybersecurity that addresses threats where they start: with people, according to Emile Abu Saleh, Vice President, Northern Europe, Middle East Türkiye and Africa, Proofpoint.

State of the CISO

CISOs are navigating a perfect storm of cyber threats, budget pressures, and internal demands. To get through this perfect storm,“ CISOs need strategic partners, not just vendors. The best security vendors are those who think and speak like CISOs, demonstrating a deep understanding of enterprise risk and resilience,” says Saqib Chaudhry, Field CISO, CPX.

“ CISOs face a complex and rapidly evolving threat landscape, with increasing pressure to balance security, compliance, and business agility. While AI is accelerating innovation and business transformation, it is also introducing significant cybersecurity and privacy challenges,” says Miguel Khouri, General Manager, GBM Abu Dhabi.

Meanwhile, fragmented toolsets that limit visibility, sophisticated multi-vector attacks across cloud environments, talent shortages, and the ongoing challenge of aligning cybersecurity with business objectives continue to strain internal teams.

“ If the product does not include automations by default, provide APIs so that everything can be done by a machine. Do not require customers to understand arcane security decisions and ship products in a secure-by-default manner. Security updates should be applied by default and only require manual intervention in an emergency,” advises Chester Wisniewski, Field CISO, Sopho.

Point products and siloed controls do not work.“ What is needed is a consolidated security architecture that adapts to human behaviour and mitigates threats in real time. CISOs want partners who reduce complexity and help them stay ahead of attackers,” explains Proofpoint’ s Abu Saleh.

For too long, the industry has operated under the assumption that every vulnerability is a priority, to a scenario where security teams are constantly reacting to new threats or vulnerabilities as they appear, without making meaningful progress in managing the overall security landscape. However, a recent Tenable research report reveals that only

50 INTELLIGENTCIO MIDDLE EAST www. intelligentcio. com