ANZ CIOs see cybersecurity as top priority for 2025

Managing cybersecurity and other technology risks will be top of mind for CIOs in 2025 across Australia and New Zealand (ANZ), with 82% of 109 respondents saying it is a key priority for next year, according to Gartner. Increased executive and board scrutiny on technology investments due to economic uncertainties is playing a role in IT leaders’ growing emphasis on risk management.

“Cybersecurity is becoming more and more of an issue in Australia. Audit and risk committees are not going away, regulators are not going away, and investors are not going away,” Andy Rowsell-Jones, distinguished VP analyst at Gartner, told CSO. “Cybersecurity has become one of those things you just have to do, and therefore, cybersecurity risk is becoming more of a priority for anybody who invests in it and anybody who manages it.”

Other focus areas for CIOs in ANZ include managing technology financials (59%); demonstrating the business value of IT (52%); and innovating and modernising enterprise applications and software (51%).

Cybersecurity remains CIOs’ top investment area

The research, which focuses on CIOs’ investment priorities, has once again found cybersecurity to be the top area CIOs (88%) will be investing more on in the coming year. Some of the reasons leading to this go beyond the high rates of cyber breaches Australia particularly faces but have also to do with increasing government regulation.

One such regulation, expected to be announced soon, is the possibility that ransomware payments will need to be disclosed. In December 2023, the Australian Federal government launched the Cyber Security Legislative Reforms consultation paper, which includes ransomware reporting obligations. At the time, the government stated that it wants to collect information on ransomware demand and possible payments made to attackers to understand and act quickly in identifying and stopping attackers. Submissions were made public in May but a recent cabinet reshuffle might be behind the delay in future announcements regarding the consultation, with Tony Burke being named as the new minister for home affairs and for cybersecurity.

Investment in cybersecurity is closely followed by CIOs’ next priorities: data analytics (84%), cloud platforms (83%), and generative AI (81%).

A total 94% of ANZ CIOs said improving operating margins is the most critical outcome from digital technology investments in 2025, a big jump from last year’s 48%. Ensuring compliance and minimising risks follows close by with 92%, also a significant increase from 2024’s 57%. CIOs have reconfigured their spending patterns for democratisation and to understand consumption economics, according to Gartner VP advisory services Brian Ferreira.

What should CISOs expect

CISOs are likely to be under even more scrutiny as CIOs will need to be on top of investments and results to ensure executives and boards are aware of why increased investment is needed and what the organisation is getting in return.

They must prepare for any upcoming changes in regulation that could impact where the cybersecurity budget is spent. That includes international legislations for those businesses that are present in other countries.