As US federal funding cuts, tariffs, and rising geopolitical instability negatively affect economic sentiment, CISOs face a different risk landscape from even six months ago. This volatility, coupled with mounting threats to an expanded attack surface and the challenges of securing AI, is weighing on security programs in 2025. To confront and control volatility, security leaders must act immediately to optimize spend, commit to a structured approach to change management, and improve enterprise risk management (ERM). Take these actions and you’ll help your enterprise navigate the chaos and improve its security posture.