What We Do
How We Do
Resources
Company
Partners
Get Started
Blog

Cybersecurity Spending: Where to Allocate Your Budget in 2025

BY Greg Crowley

October 17, 2024 | 8 MINS READ

Managed Detection and Response

Ransomware

Cybersecurity Strategy

Sensitive Data Protection

Third-Party Cyber Risk

Generative AI

Want to learn more on how to achieve Cyber Resilience?

TALK TO AN EXPERT

When it comes to budgeting for cybersecurity, one of the most important steps is understanding where to focus your resources. The reality is, not every cybersecurity threat needs to keep you up at night; however, the ones that do can disrupt your entire business if you’re not ahead of them.

Building a smart cybersecurity budget means focusing your resources on the highest-impact threats while ensuring your security program is agile enough to scale with your business.

But here’s the thing: your budget shouldn’t just address today’s risks; it needs to tackle what’s urgent now, while leaving room for what’s coming next.

As we get into 2025, here’s a look at the top threats shaping the cybersecurity landscape and how to ensure your 2025 cybersecurity budget covers the evolving threat landscape.

Ransomware-as-a-Service (RaaS) & Initial Access Brokers (IABs)

Ransomware has transformed into an organized criminal industry, fueled by Ransomware-as-a-Service (RaaS) models that enable less sophisticated attackers to execute highly damaging campaigns. RaaS lowers the technical barrier for cybercriminals by offering ready-to-use ransomware kits that are easy to purchase, enabling even amateur hackers to launch attacks against small and medium-sized businesses (SMBs) and large enterprises alike.

Based on research from eSentire’s Threat Response Unit (TRU), threat actors have consistently targeted SMBs, with Lockbit being the most prolific RaaS threat that uses affiliates for attacks since 2020. In fact, between January 2020 and June 2023, the Lockbit group launched approximately 1,700 attacks against U.S. organizations, many of which were SMBs.

Moreover, Initial Access Brokers (IABs) have further strengthened the ransomware ecosystem by providing attackers with pre-compromised network access. These brokers sell credentials and access to compromised systems on underground forums, turning organizations into easy prey for ransomware affiliates. For instance, VPNs and Remote Desktop Protocol (RDP) servers are common entry points frequently sold by IABs, offering attackers a foothold into your network for a relatively low cost. It is no surprise that in recent years, more than 40% of these access points were listed for sale on popular Dark Web forums.

For your budget and priorities, this means investing in solutions that can prevent unauthorized access and quickly detect and respond to any breaches. Consider allocating budget for:

Generative AI & Social Engineering at Scale

The rapid growth of Generative AI (GenAI) has introduced a new advantage for launching cyberattacks, particularly for social engineering. AI-powered tools now allow attackers to create convincing phishing emails, deepfake videos, and voice impersonations that are nearly indistinguishable from legitimate communications. These AI-driven attacks are not only more sophisticated but also more frequent, as AI enables cybercriminals to automate phishing campaigns and craft highly targeted attacks at scale.

For instance, a cybercriminal can create a deepfake video of a trusted executive in your organization to manipulate unsuspecting employees into approving a fraudulent financial transaction. This level of personalization and realism makes it increasingly difficult for employees to discern real communications from fraudulent ones, increasing the risks to your organization.

Beyond phishing, AI is also being used to enhance malware, evade traditional detection mechanisms, and optimize the timing of attacks for maximum effectiveness. To stay protected, organizations must invest in AI-powered defenses that can keep pace with these evolving threats.

To address AI-driven threats, you should focus your budget on:

Credential Theft and Insider Threats

Stolen credentials remain one of the primary ways that attackers can infiltrate corporate networks. Once a hacker has compromised a user’s credentials, either through phishing, brute-force attacks, or malware, they can impersonate legitimate users, allowing them to move laterally across your network and escalate privileges to gain access to sensitive data.

The stealthy nature of credential theft, which often allows attackers to remain undetected for extended periods, makes this threat particularly dangerous. Moreover, the shift to hybrid work models, which has increased the reliance on remote access tools, only increases the risks associated with credential misuse.

What’s more, this threat is compounded by insider risks, whether intentional or accidental. Employees with access to critical systems can cause substantial damage, either by exploiting their privileges or by making mistakes that lead to data leaks.

To mitigate credential theft and insider threats, direct your budget toward:

Browser-based Threats & Web Security Gaps

With many organizations conducting business online, web-based attacks have become a critical threat to manage. Browser vulnerabilities are often exploited through malicious extensions, drive-by downloads, and phishing sites designed to mimic legitimate web pages.

Attackers increasingly rely on browser-based tactics to trick users into downloading malware or exposing sensitive credentials. Furthermore, the rise of AI-enhanced malware has only added to the complexity of defending web-based interactions.

The potential damage from browser-based threats is significant, and with most ransomware attacks originating from compromised user activity online, securing this entry point is a cost-effective way to protect your organization.

Therefore, your budget should include investments in:

Tackling today’s cyber threats means more than just reacting to the latest headlines. It’s about making strategic, forward-thinking decisions that allow your cybersecurity budget to stretch further, target the right risks, and prepare your organization for what’s coming next.

By prioritizing investments in areas like 24/7 multi-signal MDR, IAM, and advanced threat intelligence, you’re not just addressing immediate threats, you’re building a robust, scalable security program that can evolve with your business.

To learn how eSentire can help you prioritize your cybersecurity budget in 2025, contact an eSentire cybersecurity specialist today.

Greg Crowley
Greg Crowley Chief Information Security Officer

Greg Crowley is an accomplished executive with over 20 years in Information Technology and Cybersecurity with extensive experience in managing enterprise security and mitigating risk for global hybrid networks. Greg believes that as a leader in the cyber world, being able to communicate and execute a strategic vision to defend and protect is the most important part of his role. Prior to joining eSentire, Greg oversaw the overall cybersecurity function as Vice President of Cybersecurity and Network Infrastructure at WWE (World Wrestling Entertainment). He spent over 17 years in various leadership roles across engineering, infrastructure and security within that organization. Greg holds a Bachelor's degree from Queens College. He is a Certified Information Security Manager (CISM) and a Certified Information Systems Security Professional (CISSP).

Read the Latest from eSentire