CISOs Predict Surge in Cyber Attacks, Highlight Domain-Based Threats and AI Risks in CSC Survey
A recent survey conducted by CSC, a leading provider of enterprise-class domain and domain name system (DNS) security, reveals that an overwhelming 98% of chief information security officers (CISOs) anticipate a significant surge in cyber attacks over the next three years. The report, titled “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,” highlights growing concerns about cybersquatting, domain-based attacks, ransomware, and the increasing role of artificial intelligence (AI) in amplifying cyber threats. The findings underscore the urgent need for organizations to strengthen their cybersecurity measures as the digital threat landscape becomes more complex.
The survey, which polled 300 CISOs, chief information officers (CIOs), and senior IT professionals across Europe, the U.K., North America, and Asia Pacific, identifies cybersquatting, DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top global cyber threats in 2024. These risks are expected to escalate further as cybercriminals leverage AI-driven tools and advanced technologies to launch increasingly sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware rank highest among the cybersecurity concerns keeping CISOs awake at night.
The Growing Threat of AI-Powered Attacks
One of the most alarming findings from the report is the widespread concern over AI-powered domain generation algorithms (DGAs). A staggering 87% of CISOs view these algorithms as a direct threat, capable of enabling attackers to automate the creation of malicious domains at scale. DGAs allow cybercriminals to evade traditional detection methods, making it harder for organizations to defend against phishing campaigns, malware distribution, and other domain-based attacks.
Moreover, 97% of respondents expressed concerns about granting third-party AI systems access to company data, emphasizing the critical need for robust AI governance frameworks. As AI continues to permeate both legitimate and malicious operations, organizations face mounting pressure to balance innovation with security. Without proper safeguards, the integration of AI into business processes could inadvertently expose sensitive data to exploitation.
Confidence in Mitigating Domain-Based Attacks Remains Low
Despite the clear and present danger posed by domain-based threats, only 7% of CISOs surveyed expressed being “very confident” in their ability to combat such attacks. Additionally, a mere 22% believe they have the right tools in place to address these evolving risks. This lack of confidence highlights significant gaps in preparedness and underscores the challenges organizations face in keeping pace with rapidly advancing cyber threats.
“DNS and domain-related infrastructure are prime targets for cybercriminals,” said Ihab Shraim, chief technology officer for CSC’s Digital Brand Services division. “Attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don’t act quickly may find themselves navigating not just technical fallout but reputation and regulatory consequences as well.”
The Human Element: A Persistent Vulnerability
While technological advancements play a key role in shaping the cybersecurity landscape, human error remains a persistent vulnerability. Nina Hrichak, vice president of CSC’s Digital Brand Services, emphasized this point, stating, “The human element continues to be the biggest security vulnerability. As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time.”
To address these challenges, organizations must prioritize employee training and invest in advanced monitoring tools that provide real-time visibility into domain activity. Partnering with experienced cybersecurity providers can also help bridge knowledge gaps and enhance an organization’s ability to detect and respond to threats swiftly.
Key Findings from the Report
- Cyber Attack Surge Expected: 98% of CISOs predict a significant increase in cyber attacks over the next three years.
- Top Threats Identified: Cybersquatting, domain and DNS hijacking, and DDoS attacks are the top global cyber threats in 2024.
- AI-Powered Risks: 87% of CISOs cite AI-powered domain generation algorithms as a direct threat, while 97% express concerns about third-party AI systems accessing company data.
- Confidence Gap: Only 7% of CISOs feel “very confident” in their ability to mitigate domain-based attacks, and just 22% believe they have the necessary tools in place.
- Human Factor: Internal education and awareness lag behind the sophistication of modern cyber threats, leaving organizations vulnerable to DNS hijacking and subdomain takeovers.
Recommendations for Organizations
To navigate the evolving threat landscape effectively, CSC recommends that organizations adopt a proactive approach to cybersecurity. This includes implementing robust domain and DNS security measures, leveraging advanced AI-driven monitoring tools, and fostering a culture of cybersecurity awareness within the workforce. Collaborating with trusted partners can also provide valuable insights and agility, helping businesses stay ahead of emerging threats.
For a comprehensive understanding of the findings and actionable recommendations, readers can request a copy of CSC’s “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation” by contacting CSC@w2comm.com or visiting the CSC website.
About CSC
CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC’s proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions.
Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscglobal.com.
