Almost all Chief Information Security Officers (CISOs) expect a sharp rise in cyber attacks over the next three years, with artificial intelligence (AI)-enabled threats driving increased complexity in the global threat landscape.
This is according to a new report titled “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation”, based on research by domain and digital threat intelligence provider CSC.
The survey covered 300 CISOs, CIOs, and senior IT professionals across various sectors.
Cybersquatting and AI-Driven Domain Attacks Lead Threat Outlook
The study highlights cybersquatting, domain-based attacks, and ransomware as the foremost concerns for 2024 and beyond.
These risks are predicted to intensify as cybercriminals adopt AI tools, particularly domain generation algorithms (DGAs), to create malicious domains at scale.
A significant 87% of respondents identified AI-powered DGAs as a critical cyber threat, reflecting concerns that threat actors can bypass traditional domain monitoring systems using these techniques.
AI Access to Corporate Data Raises Alarms
Beyond DGAs, 97% of security leaders voiced concerns about third-party AI systems accessing corporate data, underscoring the urgent need for stricter governance and controls over how AI technologies are integrated into enterprise environments.
The report warns that unchecked AI access could introduce new attack vectors and expose sensitive data, especially in businesses that lack proper oversight and risk mitigation frameworks.
Confidence in Defensive Readiness Remains Low
Despite awareness of these growing threats, only 7% of CISOs expressed strong confidence in their organisations’ ability to mitigate domain-based attacks.
Another 22% felt they had adequate tools, leaving a majority uncertain about their preparedness.
This lack of assurance is linked to gaps in internal domain security expertise and the evolving nature of digital threats, according to CSC’s analysis.
DNS Infrastructure Still a Key Target
The report identifies DNS and domain infrastructure as persistent points of vulnerability.
These systems are prime targets for cybercriminals aiming to disrupt email, websites, portals, and communication networks through DNS hijacking or subdomain takeovers.
“DNS and domain infrastructure are prime targets,” said Ihab Shraim, CTO of CSC’s Digital Brand Services.
“Attackers use AI and reconnaissance tools to impersonate brands and hijack services. A single DNS breach can cripple a company’s digital operations,” he added.
Human Error Remains a Critical Weakness
CSC also highlights the human factor as a major risk. Many organisations lack 24/7 domain monitoring or the internal capability to respond rapidly to suspicious activity.
Security leaders noted that employee awareness and technical skills have not kept pace with the sophistication of attacks.
“The human element continues to be the biggest vulnerability,” said Nina Hrichak, Vice President at CSC. “Without continuous education and strategic partnerships, companies risk falling behind as attacks grow more advanced.”
Bottom Line
With 98% of CISOs anticipating a rise in cyber attacks by 2027, the report calls for urgent investment in domain security, AI governance, and human capacity-building.
The study emphasizes that organizations that fail to act risk not just operational damage but also reputational and regulatory fallout.
Read more:
- 44% of Zero-day Exploits Targeted Enterprise Security Tools, Google Reports
- 53% of Enterprise Users Installs Extensions with ‘High’ or ‘Critical’ Permissions, LayerX Report Find
- Small Businesses Now Top Targets for Ransomware Attacks
Source: Security Brief
About Author
