New CSC Survey Finds Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

WILMINGTON, Del.--(BUSINESS WIRE)--An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC¹, the leading provider of enterprise-class domain and domain name system (DNS) security.

The report, “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,” names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years.

“DNS and domain-related infrastructure are prime targets for cybercriminals,” says Ihab Shraim, chief technology officer for CSC’s Digital Brand Services division. “These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don’t act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well.”

AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks.

Despite these escalating concerns, only 7% of CISOs expressed being “very confident” in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it’s possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving.

“The human element continues to be the biggest security vulnerability,” adds Nina Hrichak, vice president of CSC’s Digital Brand Services. “As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That’s where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve.”

To receive a copy of CSC’s “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,” contact us at CSC@w2comm.com or visit the website.

¹CSC, in partnership with Pure Profile, surveyed 300 CISOs, CIOs, and senior IT professionals operating in Europe, the U.K., North America, and Asia Pacific to understand their current concerns and how they are navigating the evolving cybersecurity landscape, regulatory demands, and the rise of AI in cybercrime.

About CSC

CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC’s proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions.

Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscglobal.com.