An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC, the leading provider of enterprise-class domain and domain name system (DNS) security.

The report, "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years.

"DNS and domain-related infrastructure are prime targets for cybercriminals," says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. "These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well."

AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks.

Despite these escalating concerns, only 7% of CISOs expressed being "very confident" in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it's possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving.

"The human element continues to be the biggest security vulnerability," adds Nina Hrichak, vice president of CSC's Digital Brand Services. "As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve."