What Fundamental Obstacles Hinder the Adoption of the Latest Cybersecurity Trends?

The escalating threat of cyberattacks demands a proactive and adaptive approach to security. Experts predict that cybercrime will cost the US a staggering $10.5 trillion annually in 2025. This projection underscores the urgent need for organizations to continuously implement new security measures. With the constant introduction of new services, tools, cyberthreats, and third-party integrations, static security models can’t keep up with the complexity and speed of change.

Many organizations face significant hurdles in swiftly adopting necessary security measures. Key roadblocks include a shortage of skilled cybersecurity professionals, budget constraints, reliance on legacy systems, the intricate nature of cloud security, and organizational resistance to change.

To effectively defend against evolving attack vectors and vulnerabilities, organizations must prioritize continuous updates and the implementation of robust security measures.

What Key Resource and Operational Constraints Impede the Integration of Advanced Security Measures?

The most pressing challenge for CISOs remains resource constraints, insufficient staff, limited budgets, and outdated or inadequate technology, hindering their ability to bolster security programs and meet compliance. Let's examine these challenges.

Budget Constraints

According to Anand Thangaraju, FIELD CISO at West Region and ePlus Inc., 70% of CISOs identified budget constraints as a primary obstacle to achieving cybersecurity objectives. He further noted that 61% reported their security budget competing with investments in digital transformation, AI, and cloud initiatives. As Figure 1 illustrates, the overall security budget growth rate in 2024 was 8%, a recovery from 2023 but still significantly lower than 2021 and 2022 levels. This leaves many organizations and CISOs struggling to prioritize tools and services across diverse systems and applications.

However, organizations tend to increase security budgets only after experiencing a breach, said Dheeraj Gurugubelli, Senior Director at EY-Parthenon's Cybersecurity and Data Privacy practice. In his RSAC TM 2023 webcast, Gurugubelli elaborated on the impact of limited budgets and economic uncertainty, stating, “Many organizations are reducing costs, often by shrinking security budgets and laying off security teams, which impairs their ability to defend against increasingly sophisticated cyberattacks.” .

Balancing immediate cybersecurity costs against the long-term repercussions of data breaches is critical. While minimizing short-term expenses can seem attractive, the potential for long-term consequences – including the $4.8 million average cost of a 2024 data breach, eroded customer trust, and reputational damage – underscores the need for proactive investment. Effective budget planning is crucial for organizations to implement robust cybersecurity measures and prevent severe attacks.

Figure 1. Source: RSACTM 2025 Conference Presentation

Shortage of Skill Cybersecurity Professionals

A primary challenge in the cybersecurity landscape is the significant shortage of skilled professionals. Globally, there's a deficit of 4.8 million cybersecurity professionals needed to adequately secure organizations. This shortage weakens overall cybersecurity defenses, leaving organizations more vulnerable to increasingly sophisticated cyberthreats. The lack of cyber professions is largely due to limited budgets that constrain the hiring of crucial cybersecurity staff and the common but unrealistic search for a "cybersecurity unicorn.” A more productive strategy involves moving away from this "unicorn hunt" and instead focusing on nurturing and raising what Kim Jones calls, "a cadre of solid thoroughbreds”. By upskilling existing IT staff and strategically hiring for specific skill gaps, organizations can foster a stronger security culture and ultimately establish more robust and effective cybersecurity teams.

Diverse Multi-Cloud Environments

Cloud adoption is widespread. Todd Moore, Vice President, Encryption Products at Thales and Nelly Porter, Group Product Manager, Cloud Security at Google stated in their RSACTM 2025 presentation that cloud migration spending reached $3.5 billion in 2021 and as of 2024, 98% of financial service organizations are utilizing cloud.

While offering numerous benefits, Rupanjana Mukherjee, Principal Security Architect at Google Mandiant and Jon Sabberton Senior Manager at Mandiant highlighted key challenges in hybrid multi-cloud environments in their RSAC TM 2025 presentation, including:

• Multiple Identity Planes: Integrating on-premises solutions (e.g., Active Directory) with diverse cloud identity solutions creates interconnected systems that attackers can exploit to steal credentials and move laterally.
• Lack of Network Segmentation: Co-hosting mixed-criticality workloads within the same network boundaries enables attackers to pivot and compromise sensitive data.
• Inconsistent Security Controls: Managing varied security configurations across multiple cloud platforms elevates risk.
• Abuse of Trust Relationships: Attackers can exploit on-premises access (e.g., VPN) to infiltrate cloud environments.
• Continuous Monitoring, Patching, and Governance: Limited visibility across complex cloud environments leads to inconsistencies in these critical areas.

Organizational Resistance and Insufficient Training

Employees often resist new security measures due to uncertainty, perceived increased workload or workflow disruption, skepticism about their necessity, and fear of change.

To support cybersecurity culture, organizational leaders need to discuss these changes with employees and address concerns, rather than simply demanding implementation. A supportive cybersecurity culture starts with listening to employee feedback.

Adequate training on new security tools and applications can significantly reduce resistance. Furthermore, continuous education is paramount for equipping them to identify and counter cyberthreats effectively.

Legacy Systems

Many organizations face technical and operational challenges when implementing modern security, and one significant technical problem stems from legacy systems. Many operational technology (OT) security systems are built on outdated legacy protocols, making it difficult to implement robust security measures without significant upgrades or patches. Fundamentally, legacy systems simply were not designed with modern security requirements and regulations.

Furthermore, integrating modern security solutions with legacy applications is often complicated due to interoperability problems, proving to be costly to implement, and introducing potential risks during the integration process. Beyond these technical hurdles, organizations also encounter operational challenges such as a lack of in-house expertise to manage and secure these older systems, as well as  difficulty in maintaining compliance with evolving security standards when core infrastructure remains outdated.

Secure the Modern, Evolving Landscape

Addressing persistent challenges like budget constraints, cybersecurity skills gap, complex multi-cloud environments, organizational resistance, and outdated legacy systems demonstrate a shift towards modern security. By strategically implementing Multi-Factor Authentication (MFA), embracing Zero Trust principles, establishing continuous monitoring, and forging partnerships with other organizations, businesses can build an adaptive security posture that effectively counters increasingly sophisticated threats.