Our Take
Criminals have professionalized, but the article conflates operational structure with capability gains and offers no independent data on attack success rates or breach velocity.
Why it matters
CISOs are caught between rising board expectations for network uptime and shrinking security budgets in a geopolitically tense environment. Understanding how threats have industrialized helps frame the urgency of investment to leadership.
Do this week
CISO: Audit your multivendor security tool stack for blind spots between domains before Q3 budget cuts hit, so you can justify consolidated AI-driven monitoring to your CFO.
Cybercriminals Adopted Corporate Structure in 2025
HPE Threat Labs documented a shift in how organized cybercriminals operate throughout 2025. The group now uses automation and AI to exploit longstanding vulnerabilities at greater scale and speed, organized under a professional hierarchy similar to corporate structures (per the HPE In the Wild Report, published in partnership with MIT Technology Review).
Governments were the most frequently targeted sector globally in 2025, followed by finance, technology, defense, and manufacturing. This distribution reflects nation-state espionage and organized crime motivated by both geopolitical tension and financial gain.
The threat landscape is shaped by five factors, three of which are internal to enterprise control and two external. Internally, enterprises face rising user expectations for network uptime across multiple devices and locations, financial pressure to achieve security with constrained budgets, and operational complexity from multivendor IT infrastructure spanning cloud and on-premises systems. Externally, geopolitical and economic uncertainty strain supply chains and IT spending. These forces compound as cybercriminals escalate their campaigns.
The Real Pressure: Budget Misalignment
The article highlights a structural contradiction: boards expect networks to be both fully functional and secure regardless of cost, yet CISOs face pressure to "achieve more with less." This gap widens in tight economic climates. When multivendor environments lack unified visibility, threat monitoring becomes fragmented and manual labor-intensive, making both security and cost management harder.
Geopolitical factors compound the problem. Nation-state targeting and organized crime aligned with regional interests create adversaries that are difficult to identify and plan against. A breach in one domain (cloud, on-prem, or edge) can cascade because visibility is incomplete and enforcement tools are disconnected.
The article proposes that "the network can be an excellent security sensor and enforcement point" if built with native AI-driven capabilities for zero-trust policy enforcement and 24x7 threat monitoring. This framing positions network architecture as the solution layer, not a cost center.
Audit and Consolidate Your Threat Visibility
Start by mapping which domains (cloud, on-premises, edge, devices, IoT) are monitored by which tools and which are dark. Most multivendor environments have gaps where alerts from one vendor don't communicate to another.
Next, calculate the cost of your current manual security operations: how many FTE are spent on alert triage, policy updates, and compliance reporting. Use this baseline to pitch AI-driven network monitoring to finance as a cost-reduction play, not just a risk mitigation one.
Prioritize zero-trust policy enforcement across your most sensitive data flows before geopolitical or budget pressure forces a reactive response. The article's data does not quantify breach velocity or success rates under industrial-scale attack, so focus on your own incident metrics: mean time to detect (MTTD) and mean time to respond (MTTR). If these are degrading, your current tool stack cannot keep pace with the industrialized threat landscape.