Cybersecurity Trends and Predictions 2025 From Industry Insiders: Part 2Cybersecurity Trends and Predictions 2025 From Industry Insiders: Part 2

Cybersecurity was a significant concern for organizations in 2024, as it became increasingly more difficult to protect sensitive data and critical infrastructure from theft, damage, and unauthorized access by bad actors. So it was no surprise that the top cybersecurity stories on ITPro Today last year were a quiz testing your IT security knowledge and a cybersecurity reference guide for IT professionals.

What's in store for cybersecurity in 2025? IT leaders and industry insiders are claiming in 2025 zero trust will become the gold standard, another major breach will highlight the need for end-to-end encryption, and there will be a successful prosecution of a CISO.

Read on to see what else they are expecting in the cybersecurity space in 2025. Below are their predictions, broken into security categories.

But first, explore our 2025 tech predictions, including "anti-predictions" that challenge widely anticipated IT trends with fresh insights from our experts:

Top Cybersecurity Predictions of 2025: Part 2

We were inundated with so many cybersecurity predictions that we split them into two articles. Part 2 covers the following topics:

Related:Top 10 Cybersecurity Articles of 2024

Click here for Part 1, which covers AI's impact on cybersecurity; ransomware; phishing and other attacks; identity theft, data security and privacy, fraud; nation-state attacks; and quantum computing.

Zero Trust

Zero Trust to Become Gold Standard as Cyber and Physical Security Converge

As cyber and physical security increasingly intersect, zero-trust architectures will be essential to safeguard access and mitigate vulnerabilities. Organizations must ensure all users, devices and systems are verified continuously with robust access controls to prevent unauthorized intrusions into physical security systems. I anticipate zero-trust becoming the industry standard, especially for facilities leveraging IoT and cloud-based solutions, where the stakes for security and operational continuity are higher than ever. — Greg Parker, Global Vice President, Security and Fire, Life Cycle Management, Johnson Controls

Biometric and Zero Trust Identity Management Will Take Over

Passwords have overstayed their welcome. By 2025, passwords will be replaced by real-time, behavior-based identity verification and dynamic access controls, driven by biometrics and AI risk assessments. Zero trust frameworks will become standard, treating all access requests as potentially malicious to reduce attack surfaces and strengthen cloud security. To counter insider threats, zero trust must evolve to include behavioral analysis, adopting a "never trust, always verify, and continuously monitor" model. — Jimmy Mesta, CTO and founder, RAD Security

Related:Cybersecurity Acronyms Cheat Sheet

Zero Trust Becomes Security Standard

Zero trust principles will become standard practice, with organizations moving beyond traditional perimeter-based security to focus on identity verification and access controls. … Federal and commercial entities will consider zero trust as the principal behind all decisions for any organization. — Max Shier, CISO, Optiv

Zero Trust Is Changing in 2025

While zero trust principles remain foundational, security leaders in 2025 need to move beyond just assuming "never trust, always verify." The most effective security strategies now center on Continuous Security Validation and Contextual Access Control — approaches that actively adapt to threats in real-time rather than relying on static verification rules. To get started, implement automated security controls that continuously validate your security posture across all systems and access points, paired with dynamic access policies that adjust based on user behavior, device health, and threat intelligence. Consider solutions that offer real-time monitoring capabilities and can automatically adjust access permissions based on risk signals. — Shrav Mehta, CEO and founder, Secureframe

Related:How Do I Tell My IT Security Manager To Stop Crying Wolf?

'Zero Trust for AI' Will Begin to Emerge as a Key Security Conversation

AI can be a powerful ally in security, but it also introduces new risks—especially when users place unchecked confidence in its results. Blindly trusting AI-generated outputs will become a major vulnerability for organizations. This will lead to the rise of a new cybersecurity mandate: "Zero trust for AI." Unlike traditional zero trust principles, zero trust for AI is not a prediction for the future; it's a concept ready for discussion now, bringing a nuanced approach to trusting AI. This framework will require organizations to verify, validate and fact-check AI outputs before allowing them to drive critical security decisions. This shift will encourage security teams to roll out trust incrementally, allowing for a more controlled and secure integration of AI. Human oversight will become a non-negotiable component of AI deployments within security environments. — Steve Povolny, senior director, Security Research & Competitive Intelligence and co-founder, TEN18 by Exabeam

High Availability for Zero Trust Security Architectures

With enterprises continuing to adopt zero trust architectures, there will be a growing emphasis on ensuring that security applications supporting zero trust (e.g., identity and access management, endpoint protection, and authentication systems) remain highly available. Failover clustering will become essential for these applications to operate without interruption, allowing enterprises to enforce continuous security measures and authentication processes even during maintenance or unexpected system issues. — Cassius Rhue, vice president, customer experience, SIOS Technology

Rapid Adoption of Zero Trust and NIST Cybersecurity Framework as IT and OT Systems Converge

As operational technology (OT) systems increasingly become smarter and more connected, we'll see a rapid shift in the security strategies and technologies that organizations deploy. OT environments will begin to look a lot more like IT environments and traditional security architectures, such as the Purdue Enterprise Reference Architecture, will become obsolete in favor of modern approaches like zero trust that promise greater gains in operational and cyber resilience. — Trevor Dearing, director of Critical Infrastructure Solutions, Illumio

Zero Trust Becomes True Foundation for Authentication

The concept of zero trust — a security model in which no user, application or service is granted access to IT resources by default — is not exactly new. However, even at organizations that have adopted zero trust for some of their authentication processes, zero trust has often not become fully embedded across all authentication models. I see 2025 as the year when this will finally change. The ever-expanding scope and complexity of cybersecurity threats means that old authentication models — ones in which users are deemed trustworthy automatically based on factors like whether they are internal to a network or because they're already logged into another resource or application — simply no longer work in modern environments. Going forward, expect businesses to discard traditional authentication models in favor of a zero trust approach. — Scott Wheeler, cloud practice lead, Asperitas

Rise of Zero Trust Architecture

By 2025, zero trust will be the dominant architecture model, fully replacing outdated perimeter-based models. Security controls will focus increasingly on the workforce and workloads rather than just the workplace, leading to enhanced protection across diverse environments. — TK Keanini, chief technology officer, DNSFilter

Zero-Trust Security Advances to Meet Rising AI-Powered Cyberthreats

Organizations in 2025 will benefit from more seamless zero-trust architecture implementations, with security measures becoming both stronger and less disruptive to daily operations. However, as has occurred historically, this advancement will be matched by increasingly sophisticated cyberthreats. Criminals will also be leveraging AI, but they will use it to create more convincing attacks that expand beyond traditional text-based phishing to include even more lifelike deep fake audio and video impersonations of executives — a concerning development that will require an increased vigilance. — Russ P. Reeder, CEO, ATSG

AI's Impact on Zero Trust Adoption

In 2025, we will no doubt see increased adoption of zero trust architecture by organizations of many different sectors, as the chain reaction following the implementation of zero trust into the FBI and the U.S. Air Force, among other federal departments, will reverberate throughout the nation and globally. With this adoption will come a seismic shift in the culture of these organizations. Because zero trust requires close collaboration between IT, security teams, and business units, security will finally become a priority for all employees and will be integrated into every aspect of the business. We can expect to see increased security posture, enhanced user and device management, and overall more secure data in organizations thanks to zero trust architecture. AI will also have a profound impact on zero trust adoption. AI will enhance the zero trust architecture by providing intelligent automation, adaptive security, and real-time risk analysis. Additionally, zero trust frameworks will secure AI systems themselves, ensuring that AI applications and data are protected against emerging threats. Together, they will create a more resilient, scalable, and proactive approach to cybersecurity. — Thyaga Vasudevan, EVP Product, Skyhigh Security

Cloud Security

Cloud Security in the Age of Multicloud and Hybrid Environments

The shared responsibility model for cloud security is proving insufficient as multicloud and hybrid environments expand. As outages and third-party supply chain attacks increase, we'll see more reliance on developers who understand the full scope of major cloud platforms, while MFA becomes essential across all CSPs. — George Gerchow, head of trust, MongoDB

Cloud Detection and Response Will Be Essential

As cloud environments become essential, perimeter-based security is obsolete. By 2025, Cloud Detection and Response (CDR) will be crucial for securing cloud-native infrastructures with real-time monitoring, machine learning, and actionable insights. CDR will address misconfigurations and external threats, ensuring visibility across multi-cloud setups. Additionally, real-time CDR tools must expand to cover edge infrastructure vulnerabilities, which remain a risk due to rushed pandemic-era deployments. — Jimmy Mesta, CTO and founder, RAD Security

Code-to-Cloud Security Set to Redefine Protection from Development to Deployment

The convergence of cloud security and application security will drive code-to-cloud approaches to become standard in cloud security solutions. As cloud environments grow more complex, identifying and fixing security issues at the code level before production becomes essential. This approach integrates security throughout the software lifecycle — from development through runtime. With DevSecOps, CI/CD integration, and automated threat response, code-to-cloud strategies streamline security practices, making it easier to trace vulnerabilities back to their source and resolve them quickly. — Gilad Elyashar, chief product officer, Aqua Security

Automated Runtime Blocking to Lead the Charge in Cloud Security Defense

With the huge increase in the volume and frequency of attacks on cloud environments, defenders will have to automate their side as well in order to scale to the challenge. We expect more organizations will adopt runtime blocking controls to close security gaps in real time. This shift is vital in cloud-native environments, where applications and workloads operate across dynamic platforms, expanding the attack surface. Runtime blocking provides proactive defense, helping companies meet shared responsibility requirements, enhance threat response, and maintain regulatory compliance. — Gilad Elyashar, chief product officer, Aqua Security

Cloud Exposure and Consolidation Risks

Organizations will start to realize just how exposed their cloud infrastructure and applications are, and that some of their choices in the past 12-18 months were too aggressive towards consolidation, leaving large gaps. The expectation that you can replace five to six tools with a single tool is unrealistic, especially at this point of maturity in the cloud-native market. A successful transition requires restructuring teams to support this major change. Companies must completely change the way they handle cloud vulnerabilities. I expect we will see a shift back to the best-of-breed point solutions in an effort to maintain effective cloud security programs. — Rani Osnat, SVP strategy, Aqua Security

Cloud Environments Will Face Escalating Security Risks Amidst Visibility and Cost Challenges

2025 will see rising security risks driven by limited visibility across multi-cloud environments and underinvestment in protection. With cloud attacks surging 75% in 2023, attackers will continue to exploit unsecured containers, default settings, and inadequate monitoring, particularly in platforms like Azure and Google. — Jim Broome, CTO and president, DirectDefense

SASE Gets Personal

In 2025 companies looking for faster, simpler, more secure remote connectivity for their work from anywhere (WFA) employees will look beyond 1st generation Secure Access Service Edge (SASE) to personal SASE. SASE puts security and networking in the cloud for more worker flexibility. But most SASE architectures are still hardware based, focused on centralized locations, creating hairpins in the cloud, and don't account for users that might be connected to unreliable Wi-Fi or consumer broadband. Personal SASE shifts networking and security stack all the way to the user edge, lowering latency and increasing performance while still maintaining security. — Prakash Mana, CEO, Cloudbrink

The Role of the CISO in 2025

The Evolving Role of CISOs

CISOs feel more personally responsible, accountable, and possibly liable than ever in light of the data breaches disclosed in recent years. The negative attention placed on those organizations' security leaders found themselves has made many CISOs more cautious and even anxious. On the positive side, the resulting discussions have clarified the need for CISOs not merely to point out the risks accepted by other executives but to actively contribute toward resolving them. This expectation will continue to shape the evolution of the CISO's role. — Lenny Zeltser, SANS Institute Fellow and CISO, Axonius

Corporate Boards Will See the Value of Security More Clearly

It can be difficult for CISOs/CIO to effectively convey their needs to more business-minded corporate boards — especially when many only get five or six minutes with the board each quarter. Security leaders need visibility into the financial value added by GRC solutions — including added resource efficiencies, revenue enablement, and proactive risk reduction. GRC isn't just a cost center — it adds significant value to the organization, and the ability to correlate risks with value can help illustrate its impact on the business's bottom line. Prioritizing value realization can help CISOs, CIOs, and other security and technology leaders speak the language of business and communicate more effectively with corporate board members. — Nick Kathmann, CISO and CIO, LogicGate

CISOs Opt for Demotions to Avoid the Rising Legal Risk of the Job

Over the past few years, we've seen security leaders at major companies like Uber and SolarWinds face repercussions for cyber incidents at their organizations. The SEC's reporting rules also place immense pressure on CISOs to disclose "material" cyber incidents in a timely manner … without a ton of clarity around what "material" means or how incidents should be disclosed. These legislative factors in combination with CISOs' roles quickly becoming more litigious have scared many CISOs to their core. Some are looking into personal liability insurance, and others are bluntly saying "no thanks," and taking less senior roles to avoid being the person whose head gets chopped off for incidents often out of their control. The pressures will absolutely continue to mount on CISOs, and I expect we'll see a major awareness shift in 2025 around the mental health toll it's taking on the leaders of our industry. Burnout was the main concern 3-5 years ago … now add the danger of lawsuits to that equation and the role of the CISO can quickly become less appealing. — Andy Smeaton, CISO, Jamf

Upcoming Challenges for CISOs

The SEC cybersecurity disclosure rulings went into full effect in early 2024, meaning many organizations are still navigating how the rulings impact their approaches to cybersecurity. The EU is introducing an AI Act Checker to test AI models for GDPR compliance. As cyberthreats and AI technologies advance, we'll likely see more regulatory bodies implement guardrails like these and potentially even more significant personal liability for CISOs. In the short term, complying with existing regulations and reducing risk — both for CISOs and their organizations — will continue to be a major challenge. Documentation and asset management are more important than ever for mitigating risk. Organizations must ensure full visibility across all assets. CISOs should also partner with leaders of other business units in order to understand what assets are mission- and business-critical to the organization. — Kayla Williams, CISO, Devo

The Future of the CISO Role

The CISO role has evolved to keep pace with the changing regulatory landscape in recent years, and I expect that to continue. In the upcoming year, I think we'll see the next evolution of the CISO: the Chief Information Security and Risk Officer (CISRO). CISOs are already held to the highest standards of documentation and compliance and face near-constant audits. Outside of financial services and other industries that already have Chief Risk Officers, I think we'll see CISOs becoming the enterprise risk management leaders within their organizations because they already have the tools and skills to evaluate risk that can be applied to businesses more broadly. — Kayla Williams, CISO, Devo

Expect More CISOs to Be on Boards

In 2025, I think that CISOs will become even more visible in board roles. CISOs help bridge the gap for boards that traditionally lack an understanding of cybersecurity, but as the financial implications of successful attacks become more understood, CISOs will bring a level of insight and technical acumen that helps boards better prioritize remediation and mitigation of these risks with strategic decision making. As a result, companies with more emboldened and empowered CISOs will fare better when it comes to preventing and mitigating the effects of attacks. — Justin Shattuck, CISO, Resilience

Say 'Goodbye' to the CISO and 'Hello' to the CSO 

The nuanced and specialized role of the CISO will be phased out to make way for Chief Security Officers (CSOs) in 2025, driven by increased interconnectivity and the convergence of IT and OT systems. Organizations recognize that threats are no longer siloed in separate areas of the business; and require a leader to unify all risks and provide comprehensive oversight of security. The CSO will also sit on the executive team and board, ensuring that the top of the organization is not only aware of cybersecurity issues but is also accountable for security-related decisions and strategies. — Raghu Nandakumara, head of Industry Solutions, Illumio

With 'Q Day' Approaching, It's Time for Organizations to Start Prepping

With the August release of NIST standards for Post-Quantum Cryptography, it's "go time" for organizations that haven't yet started working on implementing the new standard. Full deployment will take time, and with some estimates of "Q-Day" (quantum computers' ability to break current encryption standards) arriving within the next decade, organizations will need to lean in to avoid getting caught off-guard. Furthermore, enterprises and individuals will need to anticipate the data compromises looming from Q-Day based on the "harvest now, decrypt later" strategies of some adversaries and hostile nation states. We do not yet know the full impact of this scenario, but it could lead to a spike in ransomware, extortion, spear phishing and other attacks. Just because sensitive information from a previous incident was not publicly released, does not mean it could not happen in the future.
Preparing for Q-Day in 2025 should be a top priority for CISOs for this very reason. — Maurice Uenuma, VP & GM, Americas and security strategist, Blancco

We'll See the Successful Prosecution of a CISO

Just about everyone in cyber, especially the CISOs, know about the conviction of Joe Sullivan, former CSO of Uber, and the SEC lawsuit against Tim Brown, the CISO of SolarWinds. While the repercussions for Joe weren't solely because of his role at Uber, the charges against Tim Brown really were because he was the CISO and he was being held accountable for 'doing CISO things' so to speak. This demonstrates two main things: there's an appetite for authorities to prosecute security leaders (specifically CSOs and CISOs) and the usual corporate protections such as D&O insurance may not cover security leadership and aren't as sophisticated or established as they are for say a CFO. The SEC guidelines in the U.S. stopped short of requiring cybersecurity expertise at the board level, but the general consensus is that cyber is an important part of business and business leadership … and prosecutors aren't afraid to go after those who are tasked with keeping their organizations secure.

However, whether a CISO is actually successfully prosecuted or not, the immense pressures they'll continue to face in 2025 will cause a renewed push for cybersecurity 'smarts' or expertise to be required at the board level. The more buy-in at the executive level that CISOs can secure, the more shared responsibility cybersecurity becomes. And we all know shared responsibility makes it significantly less likely to be overlooked and harder to label one person as being at fault for specific incidents. — Jon France, CISO, ISC2

CISOs Embrace AI for Cybersecurity but Beware of 'AI-Enabled' Hype

Over 50% of CISOs will start using AI and Machine Learning (ML) in security software solutions in 2025 as they believe generative AI will fill security skills gaps and are also excited about the possibility that it can be used to strengthen cyber defense. Certain AI tools and technologies are viable to meet these requirements, but the term "AI-enabled" is in most cases marketing hype. This may lead to negative connotations that could hurt security products that are truly AI-enabled. — Cynthia Overby, director of security, Rocket Software

There Will Be a Rise of the vCISO and CISO Consultants

It's no secret that there has been increased pressure on the CISO role over the past several years. From the rise of ransomware attacks, AI sparking new tactics and more sophisticated social engineering attacks, companies now have to play good offense and defense to stay ahead of bad actors. With these pressures — plus often stretched security teams — CISOs will move out of in-house positions and into more consulting roles or vCISO roles in the coming year to better manage their workloads. If this trend comes to fruition, the impact on the industry could be immense. Having security leaders who are not in-house could create vulnerabilities or gaps in security, which can stifle organizations' strategies and leave them open to attacks. — Jeffrey Wheatman, SVP, cyber risk strategist, Black Kite

CISO Role and Bridging the Gap Between Developers and Security

As we enter 2025, security teams will recognize that striking a balance between developing software securely and focusing on protecting the technologies, while necessary, is no longer sufficient; they must also prioritize business metrics such as brand reputation, productivity, and security resilience as success factors. The modern day CISO will need to be a strategist, a businessperson, a marketer, a technologist, a data scientist, and a translator/change agent. CISOs have to convince other teams and groups in our organizations that our default response is not "NO." The security leader needs to present their team's work as an enabler that works with the businesses, developers, and IT. The need to work together is still critical as security bridges the gap and delivers services to determine how "we" can remove or reduce the issue while managing the need to keep risk at an acceptable level. Discussions around building brand reputation and security resilience in tandem will become more prevalent as teams seek to address overarching security issues rather than individual symptoms, such as fixing a singular vulnerability. — Paul Davis, field CISO, JFrog

2025 Call to Action: Empower CISOs with Executive Support

CISOs are facing unprecedented challenges, from sophisticated AI-powered attacks to nation-state cyberthreats. They need a full seat at the executive table to effectively advocate for security investments and ensure their organizations are prepared to face these evolving threats. It's time to recognize the critical role CISOs play in protecting our businesses and give them the support they need to succeed. — Harlin Lipman, head of information security, Chronosphere

CISO and CTO Partnership Will Grow in Closeness and Importance

Increased CISO involvement in AI safety and security — CISOs will own AI safety and security strategies in 2025. With the widespread adoption of AI systems, CISOs will be expected to defend and secure this new attack surface. CISOs must ensure that AI models are mapped out and mitigated properly. — Dave Gerry, CEO, Bugcrowd

The CISO Will Become the Architect of Business Resilience

In 2025, the role of the CISO will undergo its most dramatic transformation yet, evolving from cyber defense leader to architect of business resilience. This shift is fueled by escalating threats, complex regulations like DORA, and an urgent need to address cyber risk's financial implications. With resilience now a business imperative, CISOs will be indispensable in the executive suite, translating cybersecurity investments into measurable impacts on continuity and revenue. This year, CISOs will take on the dual responsibility of safeguarding against increasingly sophisticated adversaries while steering the organization's resilience strategy. As proactive change agents, they'll embed security into every facet of the business, champion resilience-based strategies, and foster a security-first culture that strengthens defenses without sacrificing growth. Balancing these demands will require CISOs to continually fortify security programs while anticipating emerging threats in real time. — Randy Barr, CISO, Cequence Security

Cybersecurity Workforce

The Skills Gap Will Drive MSSP Growth

A continued and increased demand for managed security services from small and mid-sized businesses will continue in 2025. A significant factor driving this growth is the shortage of skilled cybersecurity professionals. This makes these organizations more vulnerable to cyber attacks, including ransomware. As cyberthreats evolve and become increasingly sophisticated, the need for managed security solutions will remain strong. — Chris Scheels, VP of product marketing, Gurucul

IT Retirement Crisis Drives Surge in ITDR Investments

The IT "retirement crisis" will impact every organization in 2025, as people with crucial Microsoft platform skills, such as Active Directory, become increasingly scarce. Given this, more and more organizations will prioritize a strategic approach to better protecting their systems and mitigating the risks of identity compromise. We are already seeing growing interest in strategies such as Identity Threat Detection and Response (ITDR) and expect that investment in this area will only increase in the coming years. — John Hernandez, president and general manager, Quest Software

Alleviating Burnout in Cybersecurity Industry

Burnout continues to plague the cybersecurity industry, with 93% citing overwhelming stress as the key driver. In 2025, alleviating this issue will be dependent on automation, consolidation, and enhanced visibility. Automation is not just about streamlining processes — it's about managing the increasing volume and complexity of information more effectively. As systems grow more intricate, security teams need smarter, automated tools to quickly analyze data, identify threats, and respond in real time. Consolidating security tools and integrating them into cohesive systems will reduce complexity, making it easier for teams to manage and act on insights. Overall, focusing on automation and improving visibility will help teams stay ahead of threats without being overwhelmed by the sheer volume of data and tasks. This approach will not only alleviate burnout but also improve efficiency, response times, and overall security posture. — Raffael Marty, EVP & general manager, Cybersecurity, ConnectWise

The Skills Gap Will Leave Businesses Exposed — AI-Driven Security Could Make It Worse

With security talent both scarce and costly, companies will keep leaning on automated defenses. But many will learn the hard way that even the best tools are only as good as the people setting them up. As attacks get more complex, the demand for skilled, affordable experts will far exceed supply, leaving a critical gap in oversight and exposing businesses to serious risks if they can't bridge the divide. — Erik Nordquist, global managed security product director, GTT

Every SecOps Organization Will Have a Hyperautomation Lead

GenAI-based hyperautomation has emerged as table stakes for SecOps. It's acknowledged across the board as a critical imperative across all organization sizes and verticals. With expanding deployments from every major cybersecurity vendor and partner, SecOps teams will have a critical Subject Matter Expert on hand to deploy, integrate, educate, and interact with vendors. — Leonid Belkind, co-founder and CTO, Torq

Security Spending

Security Is More Than a Cost Center

We need to shift from viewing security as purely a cost center to seeing it as business enablement. It's about enabling the business to do things that weren't considered before. GRC and identity management are becoming critically important to business success, and organizations need to understand how these investments directly impact their ability to operate effectively. We're in a "wait and see" period right now with budgets, but the focus needs to be on how security enables business operations rather than just protecting assets. — Jason Hood, COO, Stratascale

Cyber Budgets Will Remain Flat & GenAI Assistants Will Form Cliques

Cybersecurity budgets will hold steady in 2025, but GenAI will prove more effective than ever. Cybersecurity programs are poised to grow with GenAI by boosting operational efficiency, reducing time-intensive tasks, and empowering businesses to do more with less. This will be particularly evident for industries with narrow margins, such as smaller manufacturing and healthcare companies that will continue operating under tight regulations. For these organizations, improving operational efficiency could make all the difference in reducing risk, given its ability to sift through massive volumes of data, identifying anomalies and risks faster than traditional methods. Additionally, GenAI models will become more specialized—tuned to the unique needs of specific industries—allowing ease of adoption and deployment. Ultimately, GenAI's role will go beyond driving efficiency, to transforming how security teams operate by shifting resources from reactive to proactive approaches. In 2025, we'll see GenAI not only reduce workloads but also drive strategic decision-making, making cybersecurity a true enabler of growth and resilience. — Gaurav Banga, CEO and founder, Balbix

Demonstrating the ROI of Cybersecurity

Traditionally, the rationale for investing in cybersecurity has boiled down to warnings by some of the most capable story-telling CISOs that bad things — like compliance fines and reputational harm — will result if breaches or other impactful security incidents occur. Increasingly, however, business leaders want to know exactly how much value cybersecurity solutions offer, and how much they stand to lose if they underinvest in security. They'll also want to know which solutions they're paying for that aren't delivering a reasonable ROI. To that end, expect to see a greater focus on quantifying the ROI of cybersecurity, privacy and GRC investments. For example, if you don't manage data privacy risks for a certain type of application, what will the fallout be — measured in specifically quantifiable terms, like Annualized Loss Expectancy (ALE)? Those are the types of questions I think businesses will want to answer in 2025 and beyond to ensure that investments at the tactical level match the strategy and risk appetite of the organization. — Matt Hillary, CISO, Drata

Decreasing SOC Costs (Thanks to AI)

Staffing a Security Operations Center (SOC) function and provisioning it with capable tools has long been expensive. But AI aims to make the scaling of these teams more cost-effective by allowing security analysts to do more in less time. Well-trained AI-backed tooling can further accelerate and automate many of the time-consuming processes that would otherwise require large and experienced SOC teams. In addition to capabilities like summarizing and managing alerts, AI can automate responses to security threats by, for example, automatically quarantining endpoints that security analytics tools deem likely to have been compromised until a human can confirm it is legitimate.

Similarly, many new and emerging technologies require additional knowledge and understanding. Well-trained LLMs are becoming increasingly more capable of summarizing knowledge to the point of teaching SOC team members on the fly — making knowledge and skills more accessible than ever before. Although it remains important for humans to double-check the outputs of LLMs, these continue to improve to the point of providing more reliable guidance.

On balance, I should note that AI tools (or cybersecurity tools infused with AI features) will become another type of solution that SOCs need to purchase, increasing their software budgets. But when security teams use these tools effectively, they'll save money overall. — Matt Hillary, CISO, Drata

Network Security Budgets Will Pivot from Prevention to Incident Response

In 2025, network security investments will shift distinctly toward incident response and detection. Once primarily used by large enterprises, incident response plans and third-party retainers will become priorities for businesses of all sizes. As threats grow more sophisticated, companies will invest heavily in solutions that quickly identify breaches and contain them. While endpoint and firewall protection will remain critical, security budgets will increasingly focus on rapid detection and agile response, reflecting a shift away from pure prevention. — Erik Nordquist, global managed security product director, GTT

AI Arms Race in Cybersecurity Fuels Surge in IT Security Budgets

By 2025, organizations will face a dramatic surge in IT security budgets driven by an AI arms race in cybersecurity. As sophisticated bad actors increasingly deploy AI-powered attacks, companies will be forced to respond with equally advanced AI defense systems. The stakes will be particularly high given the looming threat of "Q-Day" — the moment quantum computers render current encryption methods obsolete. Most organizations remain dangerously unprepared for this dual threat of AI-powered attacks and quantum decryption capabilities. Companies that fail to invest in AI-powered security measures and quantum-resistant encryption will be vulnerable to AI-driven attacks and decryption of sensitive data. — Bob Graw, senior director, IT, CallTrackingMetrics

Enterprises Will Go After Deepfake Attacks More Aggressively

Deepfake attacks will increasingly make headlines in 2025 and enterprises will begin allocating budget to thwart the threat vector. — Dave Zilberman, general partner, Norwest Venture Partners

Investment Budgets Will Decrease in 'Security Mature' Organizations for Generic Cyber Asks

New security investment uplift budgets will start tapering off from previous years for pure-play control or capability tasks. Accountability spotlights will shine higher on CISOs for ROI expectations to do more with what you have and consolidate security product sets. For any new investment requests, justification needs now be strongly tied to compliance, business revenue, or customer enablement objectives. — Nick McKenzie, chief information and security officer, Bugcrowd

Cyber Insurance

Cyber Insurance Premiums Will Spike

Current security concerns from the use of AI and other ongoing transformative efforts will spike cyber insurance premiums in 2025. — Brian Chappell, vice president of product management, One Identity

Cyber Insurance Tightens, Requiring Higher Security Standards

In 2025, cybersecurity insurance will come with stricter regulatory oversight, compelling organizations to bolster their security practices to qualify for coverage. Insurers will increasingly require proof of compliance with standards like ISO 27001, ensuring that businesses have robust defenses in place. Companies without incident response plans and regular risk assessments may face challenges in obtaining or renewing policies, as insurers prioritize clients with proactive security measures. This shift will elevate cybersecurity standards across industries, making compliance a key factor in securing affordable insurance coverage. — Luke Dash, CEO, ISMS.online

Insurance Industry Will Incentivize Companies to Invest in Better Security Controls

The insurance industry will continue to hold the cybersecurity industry accountable for outcomes by putting real money (via insurance policies) on the line and incentivizing companies to invest in better controls. — Ann Irvine, chief data & analytics officer, Resilience

Identity-Based Attacks Will Redefine Cyber Insurance in 2025

With the sheer volume of identity-based attacks in 2024 — such as Change Healthcare, the Midnight Blizzard breach of Microsoft, Snowflake, and Ticketmaster — we're already seeing insurance providers crackdown. The questions insurers will ask prospective policyholders in 2025 will no longer be simple hygienic questions such as whether your organization has implemented multi-factor authentication (MFA), but rather what those MFA tools are truly protecting, are you successfully achieving least privilege, and can you stop lateral movement. We'll see insurers evolve their approach, shifting from checkbox-style assessments to probing the effectiveness and implementation of security measures. Deeper scrutiny will push businesses to prioritize identity solutions that go beyond management to real-time protection. As cyber insurance premiums continue to climb, organizations will likely factor these costs into their security budgets, treating insurance as both a financial safeguard and a driver for improved security postures. This dynamic will create a future where organizations that implement better security practices earlier on, have lower risks, and therefore, lower insurance policies and pricing. — John Paul Cunningham, CISO, Silverfort

Governance, Risk, and Compliance

OSS Will Balance Innovation with Governance Amid Rising Security Threats

We will continue to see widespread open source software (OSS) adoption coupled with increasingly sophisticated attacks on OSS by malicious actors. Organizations will continue trying to get foundational OSS governance in place, and leverage open source and commercial tools to help them start to understand their OSS consumption as well as make more risk-informed consumption of OSS. Enterprises will continue pushing for transparency from vendors regarding what OSS they use in their products, but the tug of war will go on, with no widespread mandates driving change, leaving organizations to fend for themselves when it comes to OSS governance and security. — Chris Hughes, chief security advisor, Endor Labs

SMBs Will Embrace Modern Cloud Solutions to Simplify CMMC Compliance

As CMMC requirements enter contracts in mid-2025, small and medium-sized businesses will transition from legacy systems to cloud-based solutions for a simpler, more cost-effective path to CMMC compliance. These modern solutions, combining built-in security controls with detailed compliance documentation, will help SMBs in the Defense Industrial Base dramatically reduce both the complexity and cost of achieving and maintaining CMMC certification. — Sanjeev Verma, co-founder, PreVeil

NIST 800-171 Controls Expand Beyond the Department of Defense

Following the DoD's lead with CMMC, other federal agencies like the Department of Education will begin requiring NIST 800-171 compliance to protect sensitive data. This expansion will create a more standardized federal cybersecurity landscape. — Sanjeev Verma, co-founder, PreVeil

GRC Will Take Center Stage at Several Levels

Third-party risk management, supply chain risk management, and increased oversight and regulatory requirements will drive the need for companies to focus on and mature their GRC programs. Also, CMMC 2.0 will radically change how defense contractors and their suppliers manage and process government data, imposing significant cybersecurity requirements that were a best effort previously. — Max Shier, CISO, Optiv

Global Compliance Push for OSS Responsibility

As the Cyber Resilience Act (CRA) in the EU takes effect, vendors worldwide will need to reassess their use of open source software and contribute more to the upstream community. For example, creating Software Bills of Materials (SBOMs) for the open source projects they use will help organizations in their compliance efforts. Corporations using open source software will face increased regulatory pressure to act responsibly, conducting due diligence on packages, libraries, and frameworks within their products, and supporting the developers of the open source tools they consume in commercial products. — Christopher Robinson, chief security architect, OpenSSF

Increased Scrutiny of Software by Governments

The world runs on software. Its repeated exploitation — and sometimes subversion — has made governments increasingly interested in doing something to change that. I expect the U.S. to continue to gradually develop tighter requirements, especially for critical infrastructure and government use, through continuous dialogue with developers. The EU has passed the Cyber Resilience Act (CRA), but while it's lengthy, important questions remain. I hope that the EU will clarify the meaning of the CRA by working with experts to create practical and fair requirements. — David A. Wheeler, director of open source supply chain security, OpenSSF

Expect Increasing Penalties for Egregiously Bad Software Development Practices

Meta recently paid a non-trivial penalty for failing to encrypt passwords. Delta is suing Crowdstrike for failing to test an update fully before releasing it. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have posted a document listing bad practices. It's impossible to develop large-scale software without making mistakes, but some practices will be considered so unacceptable that we'll start to see more penalties for some egregiously bad practices. — David A. Wheeler, director of open source supply chain security, OpenSSF

Regulated Industries Face Reckoning with Technical Debt

2025 will mark the breaking point for technical debt in regulated industries, particularly healthcare and manufacturing, as aging infrastructure collides with modern AI security requirements. Organizations will be forced to revolutionize their approach to technology implementation, shifting from cost-based decision making to business enablement strategies. This transformation will drive a new era of GRC-compliant AI solutions that bridge the gap between legacy systems and modern security requirements, fundamentally changing how regulated industries approach digital transformation. — Jason Hood, COO, Stratascale

Expanding Current Compliance Automation Capabilities to Accelerate Ongoing Continuous Compliance Operations

In general, many compliance automation solutions continue to focus on automating generally accepted best practices (like not configuring cloud storage resources to be accessible to anyone on the Internet), as well as on meeting the increasingly complex and rigorous standards and controls defined by regulations, control frameworks, and GRC standards. However, regulations are growing in complexity and the necessary controls can vary from one context to the next. Commensurately, the compliance operational burden continues to increase on GRC teams. For that reason, I expect that businesses will continue to invest in GRC automation solutions that target, automate, and support ongoing compliance with these regulations, standards and framework requirements. — Matt Hillary, CISO, Drata

Increased Audit Frequency

Traditionally, audits occur once every year or two, a schedule that reflects the choices of standard-making bodies. This level of frequency made collecting and analyzing audit data prior to and during audits more manageable because audits didn't take place all that often. However, organizations increasingly want more regular compliance assurance from their vendors. Some assurance reports are over a year old when used to verify compliance, which is less than ideal. I therefore foresee standards bodies considering increasing the frequency of assurance activities in some way to help provide more regular assurance on compliance. All of this will happen with the purpose of keeping the "freshness" of assurance alive for companies to make more informed risk-based decisions during third-party risk management activities.

As compliance automation technologies have advanced, conducting audits has become much more efficient — so much so that I believe we'll start seeing a trend toward more frequent assurance activities for even the leanest of GRC teams, allowing them to support more regular check-ins with their auditors. Some audits will still occur on an annual or less frequent basis, but don't be surprised if some audit cycles involve much more frequent reviews. — Matt Hillary, CISO, Drata

Growing Patchwork of U.S. Data Privacy Laws Will Create New Compliance Burdens

The growing patchwork of data privacy regulations across the U.S., many of which are similar and overlap, will continue to increase compliance burdens on organizations that create, process, store, and transmit sensitive data in 2025. Since California's passage of California Consumer Protection Act, later superseded by the California Privacy Rights Act, over 20 states have passed comprehensive privacy laws. Many of these have already been passed into law but will be taking effect on a rolling basis through 2026 and beyond. To overcome compliance paralysis, organizations will need to be highly organized and efficient. Mature governance (from the board on down), repeatable processes, and tools — including Governance, Risk & Compliance platforms — will be critical to minimize compliance-related risks. — Maurice Uenuma, VP & GM, Americas and security strategist, Blancco

The Rise of Data Compliance as a Service

Generative AI models require massive amounts of data, which is mostly unstructured and ungoverned. Many enterprise architectures lack a modern data strategy and are not ready for the complexity and operational demands of AI workloads. As a result, the quality and integrity of the underlying data generates outcomes that are often unreliable, unpredictable, and outdated — creating significant concerns with data privacy and security. The increased scrutiny on generative AI is bound to drive increased regulations and compliance in 2025, and ultimately drive the need for cloud service offerings that can effectively audit and govern the underlying data. Expect to hear more from AWS, Azure, and GCP about solutions that offer "data compliance as a service" to ease customer concerns that could stall the adoption of generative AI. — Drew Firment, chief cloud strategist, Pluralsight

Top-Tier Cyber and Data Security Will Only Become More Important

Maintaining top-tier cyber and data security processes and certifications is table stakes for today's high-risk environment. For example, at Genius Avenue, we actively maintain HIPAA, SOC, SOCII, PCI, NACHA, and are pursuing ISO 27001, as well as conducting frequent penetration testing and creating a multi-layer security infrastructure. What would have been seen as excessive — and expensive — just a few years ago, is now simply the price to play the game as we leverage secure API endpoints to bring best-of-breed solutions into our platform ecosystem. — Megan Wood, president, Genius Avenue

Balancing Regulation and Innovation for Enhanced Security

Regulation will continue to shape Identity Governance and Administration (IGA), with frameworks like the Network and Information Systems 2 (NIS2), Digital Operational Resilience Act (DORA) in the EU reinforcing compliance-driven initiatives. At the same time, a push toward corporate effectiveness will highlight the efficiency benefits of automated and AI-supported IGA solutions. In both instances, security will remain a priority, with principles like "least privilege" becoming crucial to limit hacker access, aiming to ensure that if an attacker gains entry, their ability to move across systems and platforms is restricted, mitigating potential damage. — Theis Nilsson, vice president global advisory practice, Omada

Data Security's Metamorphosis

In 2025, we'll see a significant shift from standalone Data Security Posture Management (DSPM) solutions to comprehensive Data Security Platforms (DSP). These platforms will integrate DSPM, Data Access Governance (DAG), Data Detection and Response (DDR), and Data Loss Prevention (DLP) capabilities. This evolution is driven by the increasingly complex data environments and the need for a more holistic approach to data security across multi-cloud and on-premises environments. Additionally, the critical role of data in AI and LLM training requires holistic data security platforms that can manage data sensitivity, ensure security and compliance, and maintain data integrity. This consolidation will improve security effectiveness and help organizations manage the growing complexity of their IT environments. DSPs will become a critical component of business operations, directly influencing strategic decisions and enabling faster, more secure innovation. — Ron Reiter, CTO/co-founder, Sentra

Compliance and Regulation in Data Protection Increases

The interdependence of data for AI development will only intensify the ongoing rollout of data regulation frameworks, especially amidst the growing debate around AI regulation. This will drive enterprise compliance efforts, making data security platforms essential for organizations to keep up with the rapidly changing regulatory landscape. As expected, there will be more lawsuits and fines related to data breaches and non-compliance, making it imperative for organizations to navigate the complex regulatory environment. While staying compliant will continue to be a significant challenge for businesses, it could also lead to the rise of AI-powered tools that automatically adapt to new regulations. Organizations that effectively leverage technology like AI-powered data security to maintain compliance will gain a competitive advantage in the projected heavily regulated future. — Ron Reiter, CTO/co-founder, Sentra

Regulatory Pressures Will Intensify, with Potential Software Bans

Governments worldwide will create strict security regulations in 2025, requiring both organizations and their suppliers to follow enhanced safety standards. Some software, including open-source programs with known security flaws, may face outright bans. These regulations will make organizations responsible for thoroughly evaluating their software selections and supplier partnerships as governments take steps to protect critical infrastructure and reduce system vulnerabilities. — Dr. Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard

Governments Will Steer Toward a New Era of Global Regulatory Harmonization

The year 2025 will mark a turning point in global governance as nations grapple with the complexities of regulating cyberspace. The sheer volume of disparate cybersecurity and data privacy laws has created a compliance nightmare for businesses operating across borders. The urgency for harmonization has reached a tipping point. In response to these mounting challenges, there will be a growing push for greater regulatory harmonization in 2025. Governments, international organizations, and industry bodies will unite to create consistent standards and frameworks that can be adopted globally, particularly among the United States, Canada, Australia, the United Kingdom, and throughout many Asian nations. It remains to be seen whether there can be closer coordination and regulatory reconciliation with the European Union. While progress may be slow due to political and economic factors, streamlining regulatory requirements will be essential for businesses to operate effectively and mitigate risks. — Jeff Le, VP of Global Government Affairs and Public Policy, SecurityScorecard

We'll See Increased Regulation Around Emerging Technologies and Supply Chain

I predict that the hot regulatory landscape we've seen in cybersecurity in 2024, specifically around emerging technologies like AI, will stay hot well into 2025. The usage of GenAI (and not always for innocent purposes) has sparked an outcry for placing meaningful regulations on the technology and how it's used. We've seen household name brands like X/Twitter and LinkedIn face backlash for training AI models on user content, and that trend of heightened scrutiny around how AI models are trained will absolutely continue into the new year. That backlash and increased focus will likely spark additional legislation worldwide. — Jon France, CISO, ISC2

U.S. Privacy Regulations Will Expand

Given that the U.S. has generally been behind in the privacy and compliance discussions in comparison to other countries with the state-level approach, we have already seen frameworks such as HIPAA take an approach to provide more national control over PHI in healthcare. Over the next year, we will see more and more compliance conversations enter industries such as retail that have historically been further behind in this discussion. I suspect that this will then result in more legislation considered at a national level, and much of this will most likely be driven by the breaches that have occurred in the past six months. — Bill Bruno, CEO, Celebrus

EU's DORA Framework Will Start a Trend Toward Regulations Focusing on Business Resilience

The financial industry is a prime target for cyber attacks because of the substantial capital and sensitive data it holds. DORA, a compliance framework out of the European Union (EU), going into effect on January 7, 2025, addresses risk by building on existing laws, such as the Network and Information Security (NIS) Directive and GDPR, to close gaps in digital and third-party risk management. It's a great first step in the financial sector that will start a trend across industries. It will be the first in a series of globally focused regulations that move upstream from cyber and focus more on business and organizational resilience as the primary objective. — Jeffrey Wheatman, SVP, cyber risk strategist, Black Kite

Government Entities Will Double Down on Compliance

As AI adoption and privacy concerns rise, 2025 will bring with it more stringent data protection and compliance requirements from around the world. In the EU, NIS2 is now law, meaning that there's a whole new set of cybersecurity and privacy requirements that all entities that do business in healthcare, financial services, manufacturing, and others must comply with. And as AI regulation becomes a bigger part of the conversation, the more that organizations can secure, track, and report on where and how they're storing data now, the better positioned they'll be to comply with all the above, especially as new regulation and more stringent enforcement ensues. — Mike Arrowsmith, chief trust officer, NinjaOne

As Cybersecurity Regulations Tighten, Businesses Will Turn to Clear, Provable Practices for Compliance

Businesses under the purview of increasingly stringent cybersecurity regulatory compliance frameworks such as HIPAA, NIST, CIS, CMMC 2.0, the FTC Safeguards Rule and others will necessarily gravitate toward practices that remove ambiguity and make compliance more easily provable. Several are pointing to specific frameworks (e.g. NIST 800-171) for specific guidance and creating uniform requirements. With regulators trending toward more active enforcement and higher penalties in 2025, IT teams will seek to remove all doubt from the often frustrating and burdensome process of matching their security safeguards to complex regulatory requirements. Look for teams to position themselves such that if and when a reportable incident occurs, they can immediately supply auditors with clear and inarguable proof of their full compliance with each specific regulatory mandate. — Cam Roberson, vice president, Beachhead Solutions

Striving for Regulatory Balance Amid Growing AI and Innovation Challenges

In the new year, the United States will progress toward establishing stronger and more robust regulatory frameworks for software security. The current regulatory landscape in the United States is fragmented with many legislators trying to strike the delicate balance between prioritizing security and encouraging innovation. In contrast, the European Union has already established cohesive and effective regulations with initiatives like the Digital Operational Resilience Act (DORA), CRA, the AI Act, and General Data Protection Regulation (GDPR), which carry significant enforcement measures. Increasing regulations — especially around AI — are inevitable in the new year, and will likely build upon existing frameworks. The challenge in doing so will be safeguarding national interests without stifling innovation. To bypass these hurdles, we can expect to see the government enhance its advisory capabilities, empowering security specialists to inform business strategies effectively. This balanced approach will be crucial as leaders navigate and position themselves for success in the 2025 regulatory landscape. — Paul Davis, field CISO, JFrog

For Better or Worse, Federal Regulations Will Codify Security Standards

The volume of ransomware attacks and data breaches have continually shifted blame back and forth from companies to CISOs as we try to mitigate breaches and assign accountability. However, what's truly needed are consistent security standards to agree as an industry on what constitutes appropriate security standards. The president-elect has several Silicon Valley advisors that will finally help institute the appropriate security measures, and we'll see GAAP-like security standards emerge in the coming years. That should be viewed as a positive step forward for security, but the real work and debate will comprise what enters into the to-be-created standard. — Yogesh Badwe, chief security officer, Druva

Stricter Cybersecurity Standards for Critical Sectors

January 2025 marks the launch of the EU DORA regulations within the financial sector, adding to the burden of stricter cybersecurity regulations worldwide, especially targeting critical infrastructure and industries such as healthcare and financial services. Protecting these vital services continues to increase in complexity as we saw everything from energy grids to hospitals facing high-profile data breaches and ransomware attacks last year, which will prompt policymakers to enforce further compliance standards like breach notification timelines, cyber hygiene practices, and penalties for non-compliance. At the same time, we will continue to see the post-pandemic working patterns continue to stabilize with increased in-office work once again prevalent in many sectors. This will necessitate a focus from cybersecurity vendors on hybrid solutions, combining on-premise protection with full remote cloud protection. — Steve Tait, chief technology officer, Skyhigh Security

Compliance Requirements Will Drive Non-Human Identity Management in Highly Regulated Industries

While every organization requires a solution to manage and secure its non-human identities (NHIs), in highly regulated industries, the need for a dedicated NHI management solution is paramount. Financial institutions, for example, have access to vast amounts of sensitive data, and as such are highly regulated and frequently audited.

Payment Card Industry Data Security Standard (PCI DSS) 4.0 is rapidly approaching, and the revised guidelines place significant emphasis on managing NHIs, particularly system and application accounts with elevated privileges. With this, financial institutions will face increased scrutiny from auditors regarding the robustness of their NHI management practices. PCI DSS 4.0 requirements such as Requirement 7 (restricting access based on business needs and least privilege) and Requirement 8.6 (managing accounts with interactive login capabilities) highlight the need for comprehensive strategies to manage NHIs effectively. As NHIs proliferate, financial institutions risk security breaches and regulatory penalties if they fail to adopt a robust strategy for NHI management. Organizations must begin addressing these challenges now, especially with mandatory PCI DSS 4.0 compliance coming in 2025, to ensure they meet evolving compliance standards and enhance their security posture. — Danny Brickman, CEO and co-founder, Oasis Security

SBOMs Will Evolve from Compliance to Key Security Tool

In 2025, Software Bills of Materials (SBOMs) will become a pivotal tool in securing the software supply chain. Government mandates will drive organizations to adopt SBOMs at scale, requiring them not only to generate these documents but also to make them actionable. While producing SBOMs in standard formats is now routine, the real challenge lies in translating raw data into meaningful, risk-based insights. To address this, DevSecOps practices will mature, leveraging tools like VEX (Vulnerability Exploitability Exchange) to add critical context to SBOMs, reducing inefficiencies in vendor-consumer communications. Simultaneously, procurement teams will revamp their processes to quickly interpret contextualized SBOMs, enabling informed decisions about software risks. As these capabilities evolve, SBOMs will transcend their role as compliance artifacts, becoming a vital mechanism for collaboration and a cornerstone of proactive supply chain security. — Dylan Thomas, senior director of product engineering, OpenText Cybersecurity

2025 Will Be the Year of Increased IGA Adoption

2025 will mark a record-breaking year for identity governance and administration (IGA) deployments, driven by a perfect storm of resource constraints, regulatory demands, and hybrid IT complexity. Many organizations face operational fatigue from managing fragmented identity processes across legacy on-premises and modern cloud systems. This breaking point will prompt a shift from the long acceptance of manual identity governance process to identifying automation to reduce the growing burden on identity security and governance teams. To capitalize on this moment, CISOs must prioritize tools that offer fast-time-value, unified visibility across highly distributed environments, pre-integrated workflows to accelerate deployment, and modular designs that scale with future needs. Expect IGA to evolve from a niche IT tool to a foundational element of enterprise-wide risk and compliance management, addressing not just IT needs but broader operational resilience. — Mark Jaffe, VP strategy and marketing, Zilla Security

Regulatory Complexity Will Expand Across Industries

In 2025, we'll see a surge in identity-related regulatory requirements across both new and traditionally regulated industries. Sectors like retail, aviation, and logistics will adopt identity compliance mandates, while existing industries like finance and healthcare will face increasing scrutiny at regional and state levels. For example, state-level regulations akin to NYDFS are already creating a patchwork of obligations that extend beyond federal standards. For CISOs, this means compliance will no longer be a contained IT issue — it will require enterprise-wide coordination and automation to scale. Identity governance solutions must evolve to deliver real-time compliance status, centralized audit readiness, and flexible frameworks to adapt to overlapping mandates. To stay ahead, CISOs should form cross-functional compliance teams and implement proactive monitoring tools to detect non-compliance before regulators do. — Ryan Burke, VP sales, Zilla Security

Cybersecurity Techniques and Strategies

Another Major Data Breach Will Highlight the Critical Need for End-to-End Encryption

Following the devastating Salt Typhoon telecom breach, another major breach will expose the limitations of legacy security systems in protecting controlled unclassified information (CUI). This incident will establish end-to-end encryption as a critical selection criterion for security solutions across government and private industry, accelerating the shift away from traditional perimeter-based security approaches. — Sanjeev Verma, co-founder, PreVeil

2025 Will See Spikes in Certificate-Related Outages

2025 will bring a surge in outages due to rising certificate expirations, driven by new manatees on shorter certificate lifespans, with the wave beginning as certificates start going to 200 days. Google's 90-day certificate policy for Chrome, announced in 2023, set the stage, and Apple is now proposing a 45-day lifespan by 2027. Both tech giants have the power to enforce these changes, leaving certificate authorities and organizations scrambling to adapt. Shorter lifespans improve security by limiting misuse of TLS identities, but the transition from 398-day certificates to 90 or 45 days will significantly increase the burden on organizations, requiring up to nine times more renewals. Without automated lifecycle management, each certificate becomes a potential failure point.

To prepare, security teams need: a) observability over certificates, b) intelligence to assess risks, and c) automation to eliminate errors. Past incidents, like Azure outages from improperly installed certificates, highlight the critical need for 24/7 oversight. The stakes are high — 83% of organizations experienced certificate-related outages in the past year, and most security leaders anticipate increased disruptions. However, this shift will drive automation adoption, strengthen machine identity security programs, and ultimately enhance internet security, paving the way for a more resilient future. — Kevin Bocek, chief innovation officer, Venafi, a CyberArk company

Increasing Consolidation in Healthcare Will Have Positive Impact on Security

As consolidation in the healthcare industry increases, smaller, regional hospitals will be consolidated into larger healthcare systems. While the effect on patient care remains to be seen, healthcare providers should be able to deploy more effective cybersecurity measures. As hospital systems grow larger, their liability increases — leading them to prioritize (and fund) comprehensive security and risk management. By providing hospitals with more resources like better training, consistent security guidance, and stronger security solutions, these larger healthcare networks can improve security across the industry. In turn, attackers will have an increasingly difficult time finding smaller, under-resourced hospitals and healthcare practices to target. — Nick Kathmann, CISO and CIO of LogicGate

The Practice of 'Threat Modeling' Will Become Increasingly Mainstream

Organizations are beginning to recognize that they can limit their risk exposure by adopting a segmented and securely structured infrastructure and engage in threat modeling as early as possible. By examining a solution or application and how it will interact with systems, applications, users, and other network assets, security teams can create trust boundaries that limit the ability of an attacker to gain a foothold and reduce the "blast radius" of a potential attack. Throwing money into "zero trust" solutions without adopting architectures and solutions just isn't working. What is working is educating the various stacks with network architects to prioritize threat modeling from an early stage. This will help organizations realize that a refined approach to risk and trust can save them money and enhance security. — Nick Kathmann, CISO and CIO of LogicGate

Graph-Based Thinking Will Be Used to Counter Cyberthreats

Cyber attackers increasingly use graph-based approaches to map out and execute their attacks. In 2025, we will see cybersecurity defenders adopt similar strategies for effective threat detection and response. Defenders will use AI graph insights to map out not only their network's architecture but also the intricate relationships and patterns that indicate potential vulnerabilities. By adopting graph-based defense systems, security teams will be able to visualize and track how cyberthreats spread across a network, identify hidden connections between compromised assets, and rapidly detect anomalies in user or system behavior. — Dr. Jans Aasman, CEO, Franz

Innovation and Security Must Co-exist in 2025

Balancing innovation and safety is an age-old challenge. As the demand for cutting edge continues to rise, companies must navigate the security risks that new capabilities and tools pose. In 2025, organizations will need to go back to basics to protect their most sensitive information amid the rise of emerging technologies to safeguard their data. Depending on the organizations, this might mean introducing creative risk reduction tactics or offering additional security education to create a culture of cyber resilience that protects employees and customers from cyber attacks. At the end of the day, to stay competitive businesses must be quick on their feet and create an environment where innovation and security co-exist. — Jordan Avnaim, CISO, Entrust

Runtime Security Will Redefine Application Protection

As microservices and cloud-native apps become the standard, protecting applications during runtime will be crucial. Next-gen security solutions will monitor and defend live environments in real time, detecting and blocking threats attempting to exploit vulnerabilities as they arise. This will include advanced protection against zero-day attacks, privilege escalation, and container escapes, all integrated into DevSecOps workflows to ensure proactive and seamless defense. — Jimmy Mesta, CTO and founder, RAD Security

Businesses Will Combat RMM Tool Abuse

In 2024, we saw an increase in the abuse of Remote Monitoring and Management (RMM) tools, which allow threat actors to hide under the cover of legitimate IT traffic. Shadow IT and uncontrolled asset inventory often make it difficult to detect these threats. As legitimate business apps, they also don't have malware signatures and have usually been signed by trusted code signers. In 2025, organizations will address this problem through automated workflows and AI-enabled detection of deviations from baseline installations. Because this is best done at scale, organizations will start to scale their visibility into application control as well. This will allow them to make informed policy decisions and better detect threats. — Melissa Bischoping, head of Security Research, Tanium

The Growing Demand for 'Security-as-Code'

The ongoing headcount gap for cyber roles — which is largely a result of budget issues — will drive organizations to embed security practices more deeply into their software development and operational processes. The concept of "Security-as-Code" will gain traction, where security configurations, policies, and controls are automatically integrated into infrastructure and application development workflows. By leveraging DevSecOps and Infrastructure-as-Code (IaC) principles, organizations will automate the deployment of secure environments without requiring deep security expertise for every project. The demand for "Security-as-Code" frameworks will increase, enabling teams to build security into software and infrastructure from the ground up. This shift will mitigate the impact of the headcount gap and enable faster, more secure deployments, especially in industries with high compliance requirements, such as finance and healthcare, and for vendors that provide products to those industries. — Kayla Williams, CISO, Devo

Bankers Will Cozy Up to the EFTA to Avoid a Patchwork of Scam Liability Laws

The one thing bankers hate more than new federal laws and regulations are those passed by individual states. It is that sentiment that will motivate a shift in how liability is handled for scams as bankers go from detractors to supporters of a change in how authorized transactions — typical of scam payments — are reimbursed. The one-two financial punch of scam losses and compliance costs will shift the bank lobbying effort from that of resistance to vehement supporters of a superseding federal law.  With one already on the books only in need of amending — the Electronic Funds Transfer Act — authorized transactions will be reclassified as reimbursable in the event of a scam involving financial institution payments. — Al Pascual, CEO, Scamnetic

Anti-Scam Data Sharing Efforts Will Force Scammers to Evolve

In countries around the world, legislators and regulators are pushing organizations with a newly vested interest in scam prevention to share data with their peers. It is this effort that will enable a new level of detection by banks, social media companies, and telecoms, but at the same time, it will mark the beginning of a new arms race between scammers and those tasked with stopping them. Scams will decline, and the bar will rise for aspiring scammers, but this will not be the end for scams.  This is just the beginning of a new phase of the scam epidemic. — Al Pascual, CEO, Scamnetic

Security Tool Integrations Will Be a Priority

CISOs are revisiting their security stack to see if they can find solutions that have better integrations with their existing toolset and provide better capabilities. We will continue to see a focus on native integrations to fully utilize the capabilities of tools and capabilities across the cybersecurity tech stack and provide a holistic view of the cybersecurity posture and risk. — Max Shier, CISO, Optiv

Tech Rationalization Is Not a Passing Fad

CISOs and cybersecurity professionals are finding it a necessity to ensure their tech stack makes sense, is efficient, is fully integrated, and can fulfill the use cases and requirements they need. The cyber industry will continue to see an increase in tools that can help with tech rationalization and services that support it. This is also driving the need and desire for native integrations across cybersecurity tools and services, which is also a focus for 2025. — Max Shier, CISO, Optiv

Cyber Resilience Takes Center Stage as Businesses Prioritize Continuity Over Defense

In 2025, cyber resilience will emerge as a core business strategy, as companies shift from merely defending against threats to ensuring continuity and swift recovery. With frameworks like ISO 27001 expanding to address resilience, and regulations like NIS 2 introducing stricter incident reporting, organizations will be required to proactively prepare for and respond to cyber disruptions. This trend will lead to a stronger focus on disaster recovery and operational continuity, with companies investing heavily in systems that allow them to quickly bounce back from cyber incidents, especially in critical infrastructure sectors. — Luke Dash, CEO, ISMS.online

Rising Cyberthreats Spur Global Action to Secure Critical Infrastructure

In 2025, critical infrastructure will face mounting cyberthreats, prompting governments and operators to adopt stronger defenses and risk management frameworks. Regulations like NIS 2 will push EU operators to implement comprehensive security measures, enforce prompt incident reporting, and face steeper penalties for non-compliance. Governments globally will invest in safeguarding essential services, making sectors like energy, healthcare, and finance more resilient to attacks. Heightened collaboration among nations will also emerge, with increased intelligence sharing and coordinated responses to counteract sophisticated threats targeting critical infrastructure. — Luke Dash, CEO, ISMS.online

Manufacturing industry Faces Increasing Risk

The manufacturing sector is particularly vulnerable to cyber attacks due to the convergence of operational technology (OT) and information technology (IT) systems. Having worked with manufacturing clients, I've observed that the challenge isn't just protecting individual systems — it's about securing an entire ecosystem of vendors and partners. Incidents in recent years, like SolarWinds in 2020 and CrowdStrike in 2024, are wake-up calls that prove how supply chain vulnerabilities can create cascading effects across industries. I recommend manufacturers to focus on three critical areas: First, implement continuous monitoring of security controls rather than relying on point-in-time assessments. Second, automate vendor risk assessments — with 54% of organizations experiencing vendor-related breaches, this can't be managed through spreadsheets anymore. Finally, establish role-based access controls (RBAC) for both IT and OT systems, ensuring employees only have access to what they need to perform their jobs. — Shrav Mehta, CEO and founder, Secureframe

Cyberstorage for Proactive Defense

In 2025, the growing threat landscape will make cyberstorage a critical feature of enterprise storage solutions. Cyberstorage integrates advanced security measures such as AI-driven threat detection, automated responses, and air-gapped immutable backups directly into storage systems. These capabilities will transform storage from a passive asset into an active defender against cyber attacks, providing organizations with real-time protection against data breaches, ransomware, and other malicious activities. — Aron Brand, CTO, CTERA

Data Exfiltration Protection

As cyber attacks become more sophisticated, protecting against data exfiltration will be a top priority for enterprises in 2025. Solutions that defend against exfiltration are essential, as ransomware actors increasingly aim to extract sensitive information for extortion or espionage purposes rather than simply encrypt it. Effective data exfiltration protection requires continuous monitoring of file shares, intelligent anomaly detection, proactive response mechanisms, and the forensic ability to identify the set of leaked data to ensure sensitive information stays within the organization's control, thereby reducing the risk of data breaches and ensuring compliance with regulatory requirements. — Aron Brand, CTO, CTERA

The Need for Global Collaboration

Looking forward, we must foster partnerships that span borders and sectors. This isn't just about sharing threat intelligence, although that's crucial. It's about creating a unified front against cyberthreats, where we can learn from each other's experiences, share best practices, and coordinate our responses to large-scale incidents. When a major incident occurs, organizations need to know who to call and have confidence in their ability to help. — Chris Gibson, CEO, FIRST

Automation Becomes a Must in SecOps

The increasing volume and complexity of data necessitate automation in security operations. By optimizing data ingestion and leveraging advanced machine learning models, organizations can efficiently analyze critical data, detect emerging threats and automate routine tasks. This allows our security teams to focus on high-priority incidents, reducing response times and minimizing potential damage. — Chris Scheels, VP of product marketing, Gurucul

Insider Threats Will Prompt the Need for a New Approach

Insider threats pose a significant and growing risk to organizations. As the threat landscape evolves, enterprises need to rethink traditional security approaches and consider a more holistic approach that encompasses both external and internal threats. By understanding the nuances of insider threats and their potential impact, enterprises can develop effective strategies to mitigate risk and protect sensitive information. To effectively address insider threats in 2025, organizations will need to adopt advanced technologies and strategies. A key focus will be on strengthening identity-centric defenses and implementing sophisticated detection methodologies. By investing in these areas, organizations can better protect their sensitive information and minimize the risk of insider-related breaches. — Chris Scheels, VP of product marketing, Gurucul

Companies Turn Focus to Risk Management

The Microsoft/CrowdStrike outage will make all companies realize outages are inevitable and that seeking an elusive strategy to protect against outages is not a practical solution. Instead, companies will increasingly focus on risk management. This is likely to become a strategic priority in 2025, as it will ensure business continuity and resilience in the face of unforeseen disruptions, ultimately improving overall security. — John Hernandez, president and general manager, Quest Software

Security Tools Will Become More Adaptive and Contextual

Expect increased adoption of passwordless solutions, like passkeys and biometrics, coupled with AI-driven threat detection to further streamline user experiences and elevate security. This will allow for more granular policy controls across devices, helping organizations enforce security without adding friction to the user experience. — Gary Orenstein, chief customer officer, Bitwarden

Dark AI and Advanced Threats Redefine Cybersecurity Priorities

Cybersecurity is sometimes misunderstood; many people continue to equate it with protective perimeter security such as firewalls at the network's front door. Others focus on managed endpoints as the key to both protect and detect security problems. However, true cybersecurity — across all of Identify, Detect, Protect, Respond, Recover — means recognizing threat actors are already residing within the network, and this is worsened amid the rise of dark AI. This isn't to say that traditional firewall security, multi-factor authentication (MFA), and Endpoint Detection & Response (EDR) tools aren't essential, but threat actors have proven their ability to bypass each of these measures, altering the landscape and increasing pressure on lateral traffic — data moving within the network. Nearly 100% of today's ransomware threat actors hide in lateral encrypted virtual traffic, which continues to be a blind spot for most security teams. Consequently, this is where organizations need to increase their investments. As a result, I expect the market will shift with an increased focus and investment from vendors in this area, which will also increase M&A activity that closes this security gap. We'll also see Chief Information Security Officers (CISOs) ramp up their emphasis on lateral East-West visibility and API security deeming it mission-critical to the business. — Shane Buckley, CEO and president, Gigamon

Consolidation and Platformization Gain Momentum

In 2025, the platformization trend will continue to gain momentum as cybersecurity executives remain focused on the effectiveness of their technology stack and service providers. This will drive a greater shift towards fewer, more comprehensive solutions that reduce management complexity and enhance team productivity. With cyberthreats growing more complex and frequent, CISOs are under immense pressure to ensure that their teams can respond rapidly and decisively. To address this, in the coming year, they will focus on quality over quantity, favoring vendors that deliver integrated, streamlined platforms over a multitude of point solutions that are expensive and resource-intensive to manage. Consolidation will enable cybersecurity teams to work within a unified ecosystem, simplifying data management, minimizing redundancies, and reducing vendor fatigue — which can lead to critical information being overlooked. As security teams seek to reduce noise and increase efficiency, platforms offering broader functionality without the bloat of fragmented solutions will stand out, ultimately empowering teams to concentrate on the highest-priority risks. — Aaron Shilts, CEO, NetSPI

Incident Response and Recovery Will Top Business Priorities

In the past year, we have witnessed ransomware attacks increase in sophistication, persistence, and frequency across industries, without an end in sight.  Looking ahead, we should expect bad actors to continue ransomware campaigns and cyber attacks that often stifle a company's ability to continue operating effectively. Today's organizations are faced with two options: regularly evaluate the ability to defend against cyber attacks or risk losing business-sensitive information. Moving forward, one of the highest business imperatives across organizations will be strengthening incident response and recovery. IT budgets have been traditionally calculated on economic efficiency when things are normal. To ensure business continuity, it's important to budget for resiliency when something goes wrong. Strengthening cybersecurity principles and continuing to test them throughout the year allows leaders to trust that their practices are solid, robust, and capable of defending against emerging threats and bad actors looking to prey on vulnerabilities. In 2025, we should expect business leaders to recognize that though it is not always possible to prevent a cyber attack, having a fully tested plan in place can be one of their most important assets. Organizations will work to better protect and recover their information and systems in the face of cyber events — in turn, minimizing the impact of an attack and facilitating a swift recovery. — Dale "Dr. Z" Zabriskie, field CISO, Cohesity

Digital Defense's 2025 Revolution

AI-powered cybersecurity will revolutionize digital defense in 2025. By leveraging AI, organizations can proactively identify, mitigate, and respond to threats in real-time. AI-driven solutions will enhance Continuous Threat and Exposure Management (CTEM) capabilities, providing insights that surpass traditional methods. However, AI is a double-edged sword, enabling increasingly sophisticated cyber attacks. To counter this, Cyber Fusion Centers (CFCs) will combine various security disciplines with AI to centralize operations, accelerate response times, and implement zero-trust security models to minimize the impact of breaches. As AI-powered cybersecurity evolves, federal, state, EU, and APAC policies will shape its development and deployment, promoting ethical and responsible use. — Sreedhar Kajeepeta, CTO, Innova Solutions

More Companies Will Invest in Tech Consolidation

With cybersecurity budgets expected to grow, companies will increasingly invest in tool consolidation to maximize returns on investment. This strategic approach supports operational efficiency, augments talent, and strengthens the overall security posture. By reducing tool sprawl, organizations will improve their ability to detect and respond to insider threats more efficiently. CISOs will increasingly advocate for this consolidated approach to centralize capabilities, reduce costs, and enhance data integration across departments, positioning insider risk management as a high-value, business-enabling investment. — Mohan (Mo) Koo, president and co-founder, DTEX Systems

Insider Risk Management Will Cement Itself as a Business Imperative

The perception of insider risk management as merely an operational issue is fading. As high-profile breaches continue to demonstrate the devastating impact on businesses — including reputational damage, financial losses, and even bankruptcy — insider risk management is now recognized as an issue with the potential to make or break a company. As companies edge closer to proactive security, there will be greater emphasis of insider risk management as critical to business resilience. C-level leaders will increasingly champion insider risk programs as a business and security imperative that adds competitive advantage. — Mohan (Mo) Koo, president and co-founder, DTEX Systems

Data Loss Prevention Will Empower Employees (Not Restrict Them)

Data Loss Prevention (DLP) solutions are evolving to be more than blunt tools that indiscriminately block activities. Traditional DLP methods often encourage employees to find workarounds, obscuring security's view of critical behaviors. Instead, organizations are moving toward understanding and contextualizing actions, allowing employees to perform their duties effectively while reducing risk. In 2025, the focus will shift from blocking exfiltration to detecting and influencing behaviors that could lead to exfiltration before they become a problem. This proactive DLP approach enables security to work with employees rather than against them, fostering both security and productivity. — Mohan (Mo) Koo, president and co-founder, DTEX Systems

Pragmatic Vulnerability Management and Proactive Security

Security teams will continue to adopt a more efficient, realistic approach to managing vulnerabilities, which will only grow. This means not only more rigorous prioritization but also the understanding that more proactive shift-left measures are required and that simply accepting that some vulnerabilities cannot be fixed can only be achieved without taking on unacceptable risk if they augment their preventive measures with other controls that mitigate that risk — for example using runtime controls, better detection and response mechanisms, etc. — all of which require a much more holistic view of risk from early stages of development all the way to production. — Rani Osnat, SVP strategy, Aqua Security

Cloud-Native Solutions to Shape the Future of Data Security

With data spread across diverse cloud-native architectures, adaptive, data-centric security is essential. Cloud-native solutions now provide dynamic protection across data lifecycles, securing data at rest, in motion, and in use. This will be critical in 2025 as stricter compliance standards and more data-centric attacks demand robust, consistent security for data everywhere. In 2025, cloud-native solutions will be crucial for staying resilient, adapting to new regulations, and navigating an ever-evolving threat landscape. — Moshe Weis, CISO, Aqua Security

Shift from 'Should' to 'Shall' in Security Requirements

Over the past several years, I've seen industry experts and government agencies alike increasingly push for contract language between companies and their third-party vendors to transition from nebulous phrases like "should" into specific, binding phrases like "shall" — ie, "multi-factor authentication shall be implemented." In 2025, I anticipate that this push will become more mainstream. — Justin Shattuck, CISO, Resilience

Achieving Balance Between Innovation and Security in 2025

Executives and leaders responsible for building systems sometimes confuse process control with security. Adding more checks, inspections, and audits can provide greater visibility, but often doesn't correlate with increased security and can increase costs as well as reduce capacity for innovation and creativity. "Secure by design," an emerging initiative in the IT industry, provides an alternative that calls for security to be integrated deeply into the design of products. In 2025, we can expect the increased use of modern tools with better designs that are not only more secure than legacy alternatives, but are more efficient, allowing teams to be more productive. — Michael Allen, CTO, Laserfiche

Cybersecurity Tool Consolidation

The types and categories of risks that cybersecurity teams need to manage today has become truly dizzying. As a result, many companies maintain a long list of point solutions designed to address the various risks. For example, to secure cloud environments, organizations now deploy a number of cloud security tools (which has become a bit of an alphabet soup of acronyms) including CSPM, CIEM, CNAPP and CASB solutions (to name only some of the "C" acronyms at the heart of modern cloud security). I have a hard time envisioning the typical organization remaining willing to acquire and deploy each of these types of tools separately. That's why I expect that we'll see greater consolidation of cybersecurity point solutions into integrated platforms. — Matt Hillary, CISO, Drata

Prioritizing Post-Breach Strategies and Internal Defenses

Agencies will prioritize internal defenses and post-breach strategies over traditional perimeter security, recognizing that the fight against cyber attacks is shifting inward. Advanced attacks will increasingly target sectors like education and healthcare, making data encryption and network segmentation essential components of resilient cybersecurity frameworks. As AI-fueled attacks grow more sophisticated, agencies will focus on limiting attackers' movements within networks, accepting that the perimeter can no longer be the sole line of defense. — Gary Barlet, public sector CTO, Illumio

Infrastructure Static Code Analysis Detects Risks

As development teams move faster, they also need to keep security risks in check. This is where practices like infrastructure static code analysis come into play. Static code analysis provides an automated, scalable way of detecting security risks early in the development process. — Derek Ashmore, application transformation principal, Asperitas

Risk Management Strategies Will Embrace the Cloud

The constant specter of cyberthreats and the need for data protection will compel more IT pros to situate data and applications in the cloud not solely for availability as in the past, but for improved security, compliance, and disaster recovery capabilities. The Change Healthcare data breach disrupted the medical industry in 2023, and the CrowdStrike incident disrupted almost everything. Cloud-based risk management solutions will be more valued for business continuity and maintaining productivity. — Karen Gondoly, CEO, Leostream

Identity Security Challenges in Healthcare Will Make Way for a Passwordless Future

A new GAO report revealed that the Department of Health and Human Services has faced challenges mitigating cybersecurity risks in the healthcare sector. One of the biggest struggles has been identity security, largely attributed to hospitals balancing large workforces, contractors, billing systems, strict compliance and privacy regulations, and the need for quick, always-on access to patient data across multiple shared devices. While healthcare remains a top target for breaches, in 2025 I anticipate an acceleration in the shift toward passwordless, whether it is adopting passwordless technology or preparing to adopt it, authentication across the healthcare industry. Passwordless authentication is an important step along the path to enhanced security and workflow efficiency, moving organizations from password-based access to fully passwordless workflows over time. For example, masking passwords from users significantly reduces cyber risks and improves clinical workflows today, getting rid of the password entirely only improves that benefit. By adopting passwordless authentication tailored to diverse healthcare workflows, organizations can protect sensitive data, boost operational efficiency, and enhance patient care. — Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata

Healthcare Systems and Critical infrastructure Will Treat Cybersecurity as Non-negotiable Imperative

The vulnerability of healthcare systems to cyber attacks has been highlighted by recent incidents where hospital operations were disrupted, leading to delays in medical treatments which incur risks to patient safety and jeopardize the financial stability of the organizations providing care. Although these attacks, often originating from a third-party compromise, are aimed at systems and data, particularly critical systems and sensitive data, they are ultimately a threat to public health in the near-term, undermining our ability to provide care, as well as the long-term by undermining our trust and confidence in these institutions. Simultaneously, attacks on power grids, water systems, and communication networks can also lead to near-term and long-term disruption through economic damage, creating public safety hazards, and destabilizing essential services, affecting millions of people. The threat to critical infrastructure underscores the need for robust cybersecurity measures across both first and third parties paired with the means to enact them, increased public awareness, and cooperation between government and private sectors to enhance resilience against these threats. This balanced approach is crucial in mitigating the risks posed by cyber attacks and ensuring the safety and well-being of the public now and into the future. — Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata

Evolution of Cybersecurity Tools to Address Modern Challenges

By 2025, many current cybersecurity tools will become outdated, as they still reflect a perimeter-based mindset. In today's world, effective defense is necessary for every device and at every location where people live, work and play. Organizations will need proactive tools that don't wait for an attack to happen. Instead, these tools will run tests and simulations on themselves to ensure they can maintain operational continuity in both good times and bad. Automation will be crucial, as it must continuously test and model threats with every network change before attackers can exploit vulnerabilities. A key shift in cybersecurity strategies will be "tempo." As the pace of change and attacks increases, defenders must also quicken their responses. Those who don't keep up will be vulnerable. — TK Keanini, chief technology officer, DNSFilter

A Shift Toward Stronger, Smarter Passwordless Authentication

We may finally see a shift from the longstanding practice of forced periodic password changes as IT departments worldwide adopt guidance from major cybersecurity authorities. The National Cyber Security Centre (NCSC), the European Union Agency for Cybersecurity (ENISA), and the National Institute of Standards and Technology (NIST) all recommend against mandatory password resets, citing evidence that frequent changes often lead to weaker passwords and reduced security. This shift could be a significant step forward in balancing security with user experience. Easy-to-use enterprise-level alternatives to using passwords for operating systems such as Windows 10/11 include innovative authentication methods such as the Fast Identity Online (FIDO) standards. Windows Hello and Microsoft Edge have been supported by FIDO since 2018, yet widespread adoption of physical (FIDO2) keys in enterprise settings is still lagging due to cost barriers. We've seen the adoption of mobile passkeys (FIDO2) that are claimed to be phishing-resistant and are easy to use. Passkey usage means users no longer need to enter usernames and passwords for authentication. The passkey uses device biometrics to unlock their devices to sign into apps and websites. Expect the usage of passkeys to continue to accelerate in 2025. — Paul Walker, field strategist, Omada

Enhanced Vendor Support Shared Signal Framework

In 2025, we'll see accelerated adoption of the OpenID Shared Signals Framework (SSF) from vendors as organizations prioritize real-time communication between security tools to enhance adaptive security postures. With the identity perimeter now central to modern security strategies, more enterprises will integrate SSF to achieve seamless data sharing across disparate systems, enabling a more resilient defense against evolving threats. With its flexibility and scalability, the SSF will lead to more collaborative security ecosystems, breaking down silos across cloud providers, SaaS applications and security systems, thereby enhancing security in an increasingly hybrid and complex environment. — Paul Walker, field strategist, Omada

B2C Companies Will Put Customer Security Front and Center to Improve Trust and Reputation

As each year passes, consumers are increasingly concerned about the security of their personal information, with many reporting a need for more trust in the brands they work with. A recent Vercara survey found that only 5% of consumers believe that the companies they purchase from are well-suited to protect their information. Instead, respondents cited that they trust security vendors most to protect their information from cyber attacks, referencing solutions such as antivirus software, identity theft protection, and password management tools. In 2025, businesses can't afford to damage their reputation, and those that implement basic security hygiene will ultimately build greater consumer confidence. These businesses will enable more protections by default for consumers, including multi-factor authentication, forced password rotations, and requiring more complex passwords in general, even if it causes their users mild inconveniences. They will maintain a handle on their security processes and technologies by working with vendors (who consumers trust most) to improve network visibility while following security frameworks and conducting routine risk assessments. — Carlos Morales, SVP of Solutions, Vercara

To Improve Defenses, Organizations Will Turn to the Human Element of Cybersecurity

The demand for skilled cybersecurity professionals will continue to impact the industry more significantly in 2025. The core problem is not about unfilled positions that we often hear about — it's the fact that there aren't enough entry-level positions, and many companies lack a plan for cultivating the entry-level talent they have. Fostering talent in 2025 means companies will invest more in internal skills development programs and education across all employees — not just security teams — to ensure alignment on potential risks and protocols while offering more opportunities for upskilling. Large enterprises will partner with STEM-focused universities to cultivate the next generation of professionals. Leading companies will also play an integral role in attracting more professionals through mentorship, internships, and apprenticeships, focusing on retention and improving compensation packages and benefits. These leaders will also prioritize promoting diversity and cybersecurity awareness through various mediums, such as taking part in industry panels, contributing op-eds, and social media. — Carlos Morales, SVP of Solutions, Vercara

Stay Ahead of Data Leakage & API Abuse with API Observability

As organizations adopt modern application development as a means of digital transformation, the volume of application programming interfaces (APIs) will continue to multiply. Last year, API traffic constituted over 71% of web traffic, according to the State of API Security in 2024 Report from Imperva Threat Research. In 2025, API traffic will undoubtedly increase, becoming a greater threat to an organization's sensitive data, and thus, pushing for a greater need for API observability. Determined threat actors will look to target APIs as the pathway to access the underlying infrastructure and database. Organizations will only have a chance to stay agile by providing continuous visibility, categorization, and monitoring of data that flows through APIs. Protecting APIs will become a direct extension of a business's strategy to mitigate the risk of data breaches and data leakage. By uncovering hidden APIs, software developers and security administrators can gain more accurate insight into how to address potential security issues. Plus, as 2025 will likely bring more national cybersecurity guidelines, enabling API governance will ensure that business leaders in highly regulated industries have a sustainable model that stops potential data breaches. — Lebin Cheng, VP of API security, Imperva, a Thales company

Personalization and Data Security Accelerates

In the coming year, we'll continue to see an increase in the personalization of services across industries like healthcare, retail and financial services. This trend will continue to generate enormous amounts of data, creating more significant security challenges. Organizations must balance the demand for highly personalized experiences with robust data protection measures. This will give rise to innovation in secure data handling and privacy-preserving technologies. New technologies, such as federated learning and homomorphic encryption, will emerge, enabling advanced personalization without compromising individual privacy. These advancements could reshape how businesses approach customer data, allowing them to provide highly personalized services while maintaining strong data protection standards. — Ron Reiter, CTO/co-founder, Sentra

Open Source Security Takes Center Stage

As open source adoption continues to grow, organizations like the FreeBSD Foundation, Alpha-Omega Project, and Sovereign Tech Agency will double down on securing the open source ecosystem. This includes addressing vulnerabilities, improving transparency, and fortifying the software supply chain. Developers and users alike will benefit from stronger security measures and resilient infrastructure, ensuring open source remains a reliable foundation for innovation. — Pierre Pronchery, security developer, FreeBSD Foundation

Preparing for a Complex Cyber Landscape

The cyber world of 2025 will reflect rapid technological advancements and strategic shifts tied to global agendas. Staying ahead requires businesses to anticipate smarter, faster, and more geopolitically motivated threats. Proactive defenses and robust cybersecurity frameworks will be essential. — Avani Desai, CEO, Schellman

In 2025, Let's Get Rid of Passwords

2025 is the year I want to see passwords gone for good, and I'm not just talking about B2B. No one should be using passwords anymore. And when I say passwords I mean all forms of credentials based on static secrets, like private keys, API keys or even browser cookies. Passwords are already on their way out in B2B organizations that manage highly complex digital infrastructures, but arguably not fast enough. I expect this process will accelerate in 2025, and we'll see more B2C organizations follow suit as their consumers get fed up with having to manage numerous complex passwords.

Security teams are waking up to the fact that passwords embed human risk into infrastructure. They will aim to eliminate this risk altogether by implementing passwordless authentication. When identity is rooted in biometric authentication for humans or secure enclaves for machines, identity cannot be stolen and the attack surface significantly decreases. We also expect security teams will go a step beyond and adopt measures such as per-session multi-factor authentication (MFA) and attribute-based authentication, safeguarding systems and data even in the event of an identity breach. This will see the use of cryptographic methods of authentication become more widespread. Cryptographic identity provides an effective human-proof authentication method that enables organizations to eliminate passwords and the threat they pose. — Ev Kontsevoy, CEO and co-founder, Teleport

Increasing Platformization Drives Network and Security Modernization

Legacy networking and security architectures optimized for point-to-point connectivity are not able to cope with the highly dynamic and distributed nature of users and applications. With hybrid work firmly established as the new norm, networks are only getting more and more highly distributed. Furthermore, organizations are aggressively leveraging AI to drive new business efficiencies. These trends are making networks far more complex, meaning they're much more difficult to manage and secure. Enterprises are finding that in this changing environment, traditional point solutions aren't sufficient for running and protecting their networks. They're also suffering from an increasing resource and skills gap in both areas that's exacerbating the issue. To address this challenge in 2025, more enterprises will modernize their network and security architecture by converging the two. Converged networks and security are far easier to operate, optimize, observe, and secure than when they're siloed. — Renuka Nadkarni, CTO, Aryaka

2025 Will Usher in a New Era of Intelligent Network Security  

The accelerating gap between attacker and defender resources will mean we will see a growing dependence on AI, outsourcing to managed services, and consolidation and convergence of solutions to drive simplicity, efficiency and effectiveness of network security and networking. — Ken Rutsky, CMO, Aryaka

Passkeys Poised for Mainstream Breakthrough in 2025

Passkeys have started quickly moving from early adoption to wider use over the last year, as major organizations like X and Microsoft introduced or expanded passkey support. As a result of this recent momentum, Dashlane has seen passkey-based logins grow to nearly 500,000 per month, a sixfold increase since 2023. This growth trajectory is expected to continue in 2025, and I expect that two major events will push us over the tipping point for wider passkey adoption across enterprises and consumers alike. First, we expect all passkey providers to adopt new FIDO standards for secure credential exchange, boosting industry support for passkeys and eliminating concerns over vendor or platform lock-in. Second is syncable passkeys coming to Microsoft Windows in 2025, greatly improving the passkey experience for a huge swath of businesses and users. Amid these changes, we'll see broad adoption of passkeys in 2025, followed by mainstream use in 2026. — John Bennett, CEO, Dashlane

The Zero-Knowledge Revolution: Confidential Computing Goes Mainstream

In 2025, organizations will focus on securing data while it's in use via confidential computing and cloud-secure enclaves, closing a critical gap in data protection. This will represent a major shift in how organizations protect sensitive data, turning privacy from a reactive safeguard into a core pillar of digital operations. Driven by growing privacy regulations and the alarming frequency of costly breaches, highly regulated industries with an abundance of sensitive data (like healthcare and finance) will lead this shift towards confidential computing and secure enclave architectures. This will set a new standard for "zero-knowledge operations," fostering the rise of privacy-preserving AI and analytics platforms that keep raw data encrypted, even during computation. As confidential computing technology matures and adoption grows in 2025, it will pave the way to a future where privacy by design becomes the standard for both businesses and end users, better protecting customer data while reducing enterprise risk. — Fred Rivain, CTO, Dashlane

Pitfalls of Tool Overload and the Need for Cohesive Vulnerability Management

In 2025, cybersecurity will remain a key investment. We can expect to see investments in security continue, focusing on point solutions that focus on applications and distributed networks, rather than focusing on robust risk management processes and reporting. By adding more security tools that require individuals to implement sophisticated reporting structures that are often obsolete as soon as they are functioning will not translate into meaningful, cohesive vulnerability management. The cause? These tools require trained alert management resources for each technology and or system, nor do they share data to make for consistent reporting.  Security metrics and risk reporting are still an art form, and each organization continues to determine their own formula for risk adversity.  The addition of more tools that don't interoperate exacerbates reporting, leads to lack of visibility of critical issues for security teams. This means more vulnerabilities, numerous attack vectors, and excessive access for threat actors to exploit, while also contributing to ineffectiveness. — Cynthia Overby, director of security, Rocket Software

Increased Focus on End-to-End SaaS Security Controls

In 2024, business was disrupted by costly SaaS "bypass" breaches that circumvented their identity & access management (IAM) and zero trust (ZT) controls. 2025 will bring awareness to end-to-end controls needed for SaaS with tight interdependencies between ZT, identity, SaaS posture, and detection and response capabilities. — Brian Soby, CTO and co-founder, AppOmni

Secure Communications Will Define the Future of Supply Chain Security in Critical Industries

In 2025, secure communications will take center stage as a critical component of supply chain security, especially in high-risk sectors like healthcare, finance, and critical infrastructure. The interconnected nature of today's supply chains means security risks now extend beyond primary suppliers to third, fourth, and even eighth-party vendors. When compliance with communications and data privacy is lacking at any point along this chain, it can trigger far-reaching consequences, exposing companies to malicious attacks and operational disruptions. In sectors where data privacy and secure communications are paramount — like finance, healthcare, and critical infrastructure — lapses in these areas compromise the entire supply chain, with potentially devastating results. Regional supply chain security legislation passed in 2024 will need to be complied with in 2025 with punitive fines likely for non-compliance. — David Wiseman, VP of secure communications, BlackBerry

Building Cybersecurity Resilience Among Rising Threats

As ransomware and supply chain attacks surge, the compliance industry is raising the bar on cybersecurity standards, pushing companies to adapt and fortify their defenses. While there may be overlap globally, regional nuances require tailored approaches to compliance. Cybersecurity resilience is critical — not only to stay ahead of changing regulations, but also to ensure organizations can respond and recover swiftly if the inevitable happens. In the coming year, we'll see companies across sectors embrace a unified approach, making cybersecurity a collective responsibility and improving overall cyber resilience against ever-evolving threats. — Siroui Mushegian, CIO, Barracuda

XDR Transforms from Reactive to Proactive Security Backbone

In 2025, XDR will evolve beyond reactive monitoring to become the backbone of predictive and automated security operations. Expect XDR platforms to integrate with broader ecosystems like SOAR and AI-driven threat intelligence, enabling dynamic risk scoring and prioritized responses across cloud, endpoint, network, and more. AI will play a central role, enabling XDR to analyze vast volumes of data in real time, detect subtle attack patterns, and predict potential threats before they materialize. This AI-driven evolution will transform XDR from a responsive tool into a proactive security strategy, capable of adapting to an ever-changing threat landscape. SMBs, often seen as low-hanging fruit for attackers, will increasingly adopt XDR as a cost-effective solution to consolidate their defenses, mirroring enterprise-grade security at an accessible scale. AI's automation capabilities will make advanced security attainable even for resource constrained organizations, significantly reducing their reliance on large SOC teams. Think of XDR not just as a 911 system for your business, but as a full service command center, driven by AI, preemptively defusing threats and continuously learning to enhance resilience. — Adam Khan, VP, Global Security Operations, Barracuda

Addressing Global Cybersecurity Challenges and Data Sovereignty

As we navigate an increasingly fractious global landscape, there's an acute need for strategic consolidation across an organization's many deployed database technologies. Consolidation can bring the same benefits of resilience, scalability, and control of data domiciling — to the entire estate of application use cases. The rise of AI brings both challenge and opportunity. AI is leverage for cyberthreats, including newly hostile state actors. AI will usher in a new era of "operational big data," as agentic capabilities put orders of magnitude more demand against database-backed services. AI is an opportunity for automated response to threats and infrastructure management. Distributed, cloud-native infrastructure will be pivotal in maintaining the integrity of digital infrastructures, safeguarding data sovereignty, and fortifying technology and business data across geopolitical domains. — Spencer Kimball, CEO and co-founder, Cockroach Labs

Integration of Observability and Security Drives Proactive, Real-Time Threat Detection

We will see increased integration between observability and security functions in 2025, as organizations work to proactively identify and address digital threats in real time. By combining observability data with strong incident management, companies can better shift from reactive to continuous security approaches, enhancing resilience and operational stability in increasingly complex digital environments. — Gab Menachem, VP ITOM, ServiceNow

There Will Be More Shareholder Action Against Companies That Drop the Cybersecurity Ball

It is not uncommon for shareholders to file lawsuits against companies for not doing "the right thing," and in 2025, we can expect to see more of this action being taken. When cyber incidents occur, they lead to substantial financial losses, regulatory fines and damage to brand reputation — all of which directly impact shareholder value. Investors argue that neglecting cybersecurity reflects inadequate governance and risk management, especially when companies don't prioritize safeguarding data and operational systems. In today's threat landscape, a proactive approach to cybersecurity is essential for corporate responsibility. Shareholders will increasingly take legal action against companies that fail to implement effective cybersecurity measures, viewing it as a breach of fiduciary duty to protect assets. — Jeffrey Wheatman, SVP, cyber risk strategist, Black Kite

Guardians of the Grid Will Take Center Stage

If 2024 showed us anything, it's that bad actors are actively seeking out critical national infrastructure (CNI). What makes CNI so appealing? The ability to cause mass disruption, compromise sensitive data, threaten public safety, and exploit a sector that typically doesn't have the most robust security measures in place. The result? Catastrophic. In 2025, governments need to push for stricter security measures and dedicated cybersecurity programs focused on protecting critical infrastructure. Partnerships with national cybersecurity agencies regularly audited systems, and the implementation of redundancy in critical systems to maintain operational continuity will be critical in safeguarding CNI. — Sabeen of Global Government Affairs & Public Policy, Rapid7

Banks Prioritize Proactive Cybersecurity Strategies

In 2024, the rise of AI-driven cyber attacks and increasing reliance on third-party integrations highlighted the need for proactive cybersecurity measures in banking. Moving forward, banks will focus on leveraging advanced technologies, strengthening vendor oversight, and ensuring robust data protection. — Vincent Maglione, chief information security officer, Grasshopper

IoT Security Shifts Focus to Proactive Configuration Control and Automated Change Detection

In 2025, configuration drift — the gradual, sometimes unauthorized changes in IoT device settings that create security vulnerabilities — will accelerate as a critical battleground for IoT security. Organizations will increasingly adopt proactive IoT device configuration control strategies that provide real-time snapshots of device states, enabling instant detection of unauthorized changes. Healthcare, manufacturing, and critical infrastructure sectors will lead this IoT security shift, prioritizing automated change detection and rapid restoration capabilities to prevent potential breaches. The focus will move from reactive vulnerability management to maintaining continuously secure, predictable device ecosystems through intelligent configuration tracking and rapid and efficient remediation strategies. — Shankar Somasundaram, CEO, Asimily

Expect a Client-Side Web Security Revolution

A disastrous, headline-inducing 2024 for client-side web security will lead to necessary change in 2025. I expect we'll see a rather radical shift in strategy as organizations confront the rising sophistication and aftermath of client-side attacks, particularly through compromised third-party web scripts. Businesses will pivot beyond traditional security mechanisms to implement more dynamic defense strategies like real-time script monitoring, polyglot attack detection, and automated vetting of the third-party code that runs through their websites — essentially, treating every external script as a potential supply chain vulnerability. This 2025 transformation will also be driven by the increasing realization that even trusted, long-standing domains (I'm looking at you, polyfill[.]io) can become vectors for massive, widespread breaches. — Simon Wijckmans, CEO and founder, c/side

IT Teams Will Embrace Automated, Real-Time Risk Responses for Stronger Data Protection

I expect this coming year will see IT and security teams significantly sharpening their capabilities around automatic real-time responses to data security risks as they arise. There are just too many possible risks at this point to take a reactive approach. A comprehensive layered cybersecurity approach with device encryption, role-based access controls, and protections such as multi-factor authentication offers a strong start. However, I think we'll see more IT and security teams defaulting more toward customized, automated protections that kick into action the moment security systems perceive risk. That can mean making data inaccessible the moment a device shows signs of compromise, or leaves an approved geo-fenced area. As a result, organizations will demonstrate an expanded security playbook and more confident protections in 2025. — Cam Roberson, vice president, Beachhead Solutions

Heightened Security Challenges

Safeguarding customer data when it moves through third parties in an integrated ecosystem is a real challenge. So in 2025, as martech becomes more interconnected, security standards will need to evolve. Customers expect their data to be handled securely across every service, and data breaches at any point in this chain affects the whole ecosystem. Therefore, companies will have to share responsibility for the safety of shared data. To do this, they encrypt data, enforce strict access controls, conduct vendor audits, minimize data sharing, and implement real-time monitoring. These practices establish a shared responsibility model, raising security standards toward mutual accountability. — Karl Bagci, head of information security, Exclaimer

Reputation at Risk — The Growing Impact of Security Failures

The reputational risk associated with data leaks has never been higher. The public tends to hold both the primary organization and its partners accountable. This means that if a vendor's security fails, it directly affects the brand, damaging customer trust and, ultimately, financial health and profits. In this context, technology and product leaders face a moral and operational responsibility to act in the best interests of customers. Implementing security cannot just be a checkbox, but a proactive, integrated component of their operations. So, tech leaders in 2025 must ask themselves: Are we truly in control of this data, and are we respecting our customers' expectations? This will be crucial for safeguarding brand integrity in an interconnected, data-driven landscape. — Karl Bagci, head of information security, Exclaimer

Integrated Security as a Competitive Advantage

A shift in security strategy in 2025 is essential. Security should not be treated as an isolated initiative, but as a core aspect of the tech stack, embedded from the start of development rather than an afterthought. This "baked-in" approach to security, where protections are integrated at foundational stages, offers a strategic advantage, serving as a potential marketing point further down the line. For example, companies with built-in security measures can reassure customers of their commitment to data protection and regulatory compliance. This can distinguish themselves from others in a crowded market. As the BYO models and integrated systems become more common, we can expect to see new or enhanced standards that will require upskilling tech teams. These standards will demand a more comprehensive understanding of data protection and shared responsibility, requiring leaders to upskill their teams accordingly. Instead of pushing security to the periphery, successful organizations will treat it as an intrinsic part of their operations. This will enable them to stay ahead at a time when reputational and data risks are constantly evolving. — Karl Bagci, head of information security, Exclaimer

Identity Verification Will Become Essential

As email and productivity solutions evolve, the importance of security and identity verification will reach new heights in 2025. With increasing concerns around data breaches and fraud caused by sophisticated cyber attacks, the absence of built-in identity verification in emails is a major vulnerability. To keep innovating and improving productivity while safeguarding sensitive information, companies must prioritize seamless integration of identity verification processes into email systems. This will be critical for protecting both personal and business data, creating a more secure and trustworthy communication ecosystem. — Karl Bagci, head of information security, Exclaimer

The End of Fake It 'Til You Make It Hyperautomation

Hyperautomation was a novel term for much of 2023, but as 2024 unfolded, it went mainstream and was acknowledged by all key analyst firms, and enterprise cybersecurity goliaths. What that meant was countless vendors rebranded legacy SOAR solutions, replete with manual processes and disjointed workflows, as hyperautomation, in an attempt to stay relevant. Going forward, all cybersecurity companies have to build their hyperautomation solutions and practices from the ground up, with native Gen-AI at the forefront. That means ensuring it's at the heart of all SecOps processes, as opposed to bolting on old tech to existing SIEM, EDR, or XDR architectures. Further, it's critical that native Gen-AI is leveraged, as opposed to offerings from companies specializing in "Fake AI" — in other words, a GPT wrapper that delivers pre-trained output, instead of actual context-specific generative responses. — Leonid Belkind, co-founder and CTO, Torq

Smart Enterprises Will Move Beyond Vulnerability Scanning

As enterprises embrace AI tools to help them code faster, threat actors have worked in lockstep to write faster malware, analyze code, and get better at wreaking havoc. In 2025, smarter enterprises will harden their apps against reverse engineering through advanced obfuscation, anti-tamper, and threat monitoring. — Dan Shugrue, Application Security Product Marketing, Digital.ai

Security and Change Risk Prediction Will Outperform Productivity Gains

As AI continues to impact the entire business process of planning, coding, building, testing, and delivering software, the importance of security and risk prediction will take another leap up the list of priorities. 2024 was marked by scale security breaches and huge change risk failures (let's not forget walking through airport terminals looking at the blue screen of death) with AI driving more changes more quickly, enterprise businesses will continue to increase investment in security and risk prediction solutions. — Derek Holt, CEO, Digital.ai

The Next Frontier in Cybersecurity

In 2025, cybersecurity will shift from reactive defenses to anticipatory strategies. Traditional security measures like periodic password updates, multi-factor authentication, and avoiding public Wi-Fi will no longer suffice. Organizations across sectors — especially those handling sensitive data, such as healthcare and logistics — will focus on robust, forward-thinking solutions to mitigate the risks associated with a continually evolving threat environment. — Shash Anand, SVP of product strategy, SOTI

Enhanced Mobile Security Measures

With the increasing reliance on mobile devices for sensitive transactions, advancements in mobile security are anticipated. This includes the implementation of more robust biometric authentication methods and the integration of AI to detect and prevent security threats in real time. — Shash Anand, SVP of product strategy, SOTI

All-Flash Cyber Resilience Takes Center Stage as Attacks Rage On

In 2025, cyber resilience will take center stage as cyber attacks like ransomware grow more frequent and sophisticated. Organizations will shift from focusing solely on attack prevention to ensuring quick, effective recovery. This pivot will make end-to-end cyber resilience a mainstream priority, emphasizing rapid response and recovery over traditional, prevention-centered approaches. Supporting this shift, more organizations will leverage all-flash storage as an effective solution for backup and recovery. While previously costly for backups, new deduplication-optimized, all-flash appliances enable ultra-fast recovery of secondary data copies, making comprehensive cyber resilience accessible without breaking the bank, enabling better preparedness and faster recovery from attacks. — Tim Sherbak, Enterprise Products and Solutions manager, Quantum

An Increased Global Focus on Supply Chain Cybersecurity

Due to escalating attacks on critical sectors like healthcare and telecoms, there will be increased global attention on cyber supply chain risks. Europe will require more businesses to secure digital operations and evaluate vendor-related cybersecurity and associated risks. In the U.S., there will be increased federal attention to risks associated with insecure edge devices, as well as stricter controls on global access to sensitive technologies and the use of untrustworthy vendors linked to adversarial governments. Readiness will remain a worldwide priority. Critical organizations must ensure they can perform essential tasks during digital outages by reverting to analog operations. There will also be increased attention to businesses' ability to recover financially from widespread digital disruptions. — Sezaneh Seymour, VP and head of Regulatory Risk and Policy, Coalition

Rise of Platformization Unlocks Unified, AI-Driven Security Solutions

We are likely to see a rise in the breadth of organizations adopting platformization in cybersecurity. This term describes the tight-knit integration of security tools, threat intelligence and other contextual data to deliver a unified capability, accessed through a single, usually AI enabled, set of workflows. The goal of platformization is a security stack where multiple best-of-breed capabilities work together to be greater than the sum of their parts. However, the challenge has been making this work for all types of enterprise i.e. those with DevOps resources and those without. Given what I am seeing right now, platform vendors are working with third parties to pre-build integrations that best fit their target markets, and thus, a wider range of enterprises are likely to adopt "platforms" to reduce overall security cost and maximize operational efficiency and effectiveness. — Darren Anstee, CTO for Security, NETSCOUT

CIOs Need to Prioritize Security and Compliance

Security is an ever-shifting landscape, and compliance changes constantly, so CIOs need to keep abreast of relevant developments and set up infrastructures and processes for rapid response. Explore growing solution areas such as data masking, static application security testing, and continuous compliance (compliance-as-code). And all this applies even if IT infrastructure is moved to the cloud. — Jim Cassens, CEO, Perforce

Shifting Focus from DR to Layered Backup Solutions and Specialized MSP Services

A lot of people have over-positioned disaster recovery (DR), while undervaluing backup. This has created a middle category of companies that have either overpaid or gone without sufficient data protection. This was never a problem before because no one knew of a solution. But in recent years, we've learned layers make for a strong data protection and business continuity plans. Buyer awareness is also growing. Salespeople will need to become knowledge experts and educational resources in 2025. And, you'll see managed service providers (MSPs) taking a boutique, white-glove approach, one focused on expertise and abilities to guide specific types of businesses. — Jason Moran, chief strategy officer, Cloud IBR

Secure by Design, Secure by Default

Ground-up cyber resilience initiatives like Secure by Design and Secure by Default will gain traction by product vendors, especially as the increase in malicious activity causes pressure from vendors to deliver clear evidence of good cyber-hygiene to their customers. — Casey Ellis, founder and advisor, Bugcrowd

The Wisdom of the Crowd

The intelligence of the global hacker community will continue to bridge the gap between defenders, their attack surface, and the creativity and persistence of the adversary. This will manifest in increased adoption of vulnerability disclosure programs, a return to the practical return-focused value of public and private bug bounty programs, and the expansion of community-driven threat intelligence and disruption. — Casey Ellis, founder and advisor, Bugcrowd

The Importance of Supply Chain Security

Supply chain security will rise in prioritization and prominence in the upcoming year. The security ecosystem is only as strong as its weakest link, and vulnerabilities within the supply chain can create huge ripple effects across the business. — Dave Gerry, CEO, Bugcrowd

Rise of Continuous Red Team as a Service Offerings

As organizations look to continuous exposure management, ongoing or continual simulated attacks become increasingly important to provide real time feedback to organizations on evolving threat actor TTPs that they are vulnerable to. — Julian Brownlow Davies, VP, Advanced Services, Bugcrowd

Rise of Deepfake Technologies Will Require Development of Physical CAPTCHA  

The increasing sophistication of deepfake technologies in 2025 will force a paradigm shift in authentication methods. As nation-state threat actors plan their attacks years in advance, the risk of bad actors infiltrating cybersecurity companies through social engineering attacks is increasing. To combat this, organizations will seek to implement more stringent security measures, including the development of physical CAPTCHAs for online meetings. Just as we undergo security checks at airports, virtual meetings may require similar verification processes, such as biometric authentication and identity verification. — Paul Reid, VP of Adversary Research, AttackIQ

ProSINT as a Response to Threat Actors' Data Exploitation

What Flashpoint calls "ProSINT" — Professional Open-Source Intelligence — has emerged as a critical response to these evolving tactics. By combining PAI and CAI with rigorous standards of validation, contextualization, and ethical compliance, ProSINT enables organizations to address specific intelligence needs while countering adversaries' increasingly strategic use of open data. ProSINT equips organizations with the intelligence they need to act decisively in a landscape where publicly available information is increasingly weaponized. By combining advanced tools with expert analysis, ProSINT empowers leaders to counter complex threats while making informed, ethical decisions that safeguard their operations. By adopting a ProSINT approach, organizations can transform their intelligence efforts into proactive defenses, addressing today's sophisticated tactics while preparing for tomorrow's threats. — Josh Lefkowitz, CEO, Flashpoint

Scaling Security Operations with Smarter Tools

As defenders face increasing pressure to achieve more with limited resources, intelligent automation will become indispensable. Security tools with seamless workflows and intuitive user experiences will be in high demand, enabling teams to scale operations efficiently while reducing the burden of extensive training and long learning curves. — Will Glazier, director of Threat Research, Cequence Security

The 'Cat and Mouse Game' of Identity Security Will Escalate

In 2025, identity security will reach an inflection point as attackers focus on exploiting overlooked dependencies in identity ecosystems, such as interlinked machine identities that create excessive entitlements. While organizations have made strides in managing secrets like credentials and certificates, the rapid growth of interconnected systems will present new vulnerabilities. Attackers are now targeting overlooked configurations and shared resources to bypass traditional defenses. CISOs must shift their strategies from simply managing secrets to actively identifying dependencies that create excessive entitlements, leveraging AI to ease the management and monitoring of identity entitlements to preempt attacks, and developing playbooks for quickly remediating stolen secrets. The future of identity security will depend on not just controlling credentials and managing entitlements, but anticipating where attackers will strike next. — Deepak Taneja, CEO & co-founder, Zilla Security

Cybersecurity Education Becomes Essential

In 2025, cybersecurity fundamentals will become a core focus in both K-12 and higher education curricula. This shift reflects the acknowledgment that cyber hygiene must be taught as early as possible and reinforced through a student's academic journey. Higher education institutions will expand their investment in cybersecurity training, not only to protect their systems but also to develop the next generation of cybersecurity professionals. To support this transformation, collaborations between cybersecurity experts, public sector organizations and educational institutions will intensify. Initiatives like Flex Your Cyber and resources from government agencies will provide actionable tools and guidance tailored to students, parents, educators and administrators. By prioritizing cybersecurity awareness and readiness for all of these groups, education systems at all levels can better defend against modern cyberthreats while empowering the broader community to build a more secure and resilient digital future. — Darren Guccione, CEO and co-founder, Keeper Security

Agencies Will Acknowledge Their Data Identity Crisis

The government is currently facing an identity crisis. Agencies are struggling with understanding what sensitive data they have, where it resides, who has access to it and what security controls are protecting it. 2025 will see guidance released from defense and federal CIOs directing agencies on best practices based on the new information and security controls they have. Continued education about the security risks associated with mobile identity will also lead to a more comprehensive understanding within government overall. Unfortunately, there are still pockets in government that believe if mobile workloads are sandboxed, nothing will be affected if breached. In reality, traditional commercial surveillance won't stop things such as screenshots, data exfiltration or an employee's mobile device from being compromised. — Jim Coyle, US Public Sector CTO, Lookout

M&A and Regulatory Shifts Will Rapidly Reshape Cybersecurity Market

Recent months have seen a surge in M&A activity within the cybersecurity space, signaling significant consolidation in 2025, with a surge of activity in the rapidly growing Identity Security market. Much like how Wiz dominated the cloud security market, major players are positioning themselves to lead in identity security. The digital transformation and remote work acted as accelerants for identity security as organizations realized that protecting identity was a critical component of enterprise defense. Yet, no solutions provide complete end-to-end identity protection, leaving security gaps.

Potential shifts in regulatory dynamics tied to changes in the White House could accelerate M&A activity even further in 2025. This wave of acquisitions is paving the way for a new frontier of dominant platforms offering integrated cybersecurity and identity solutions. However, no one has been able to take over the market and provide complete end-to-end protection across all on-prem, cloud, and hybrid environments. That will change in 2025. With all eyes on identity security, as it becomes mission critical to cybersecurity, the next few years will determine which players emerge as the architects of the leaders of this market. — Hed Kovetz, CEO, Silverfort