2025 Cybersecurity Predictions: Not Getting Easier, but there Is Hope

Death, taxes, and cybersecurity. While the latter is more of a good thing, all of these are realities and none of the three will go away in 2025. While cybersecurity has its bad side (breaches, hacks, AI), it also has a good side (good practitioners and vendors fighting the good fight, AI). 

We curated some predictions for the cybersecurity industry in 2025--some specific; some broad; some from practitioners; some from vendors--to get a pulse on what the cybersecurity community believes is coming in the New Year. There's plenty of bad, but also plenty of good--and hope.

AI dominates a lot of the predictions; as does the continued shortage of folks to fill cybersecurity roles. Zero trust is not going anywhere. Critical infrastructure is at risk, moreso thanks to AI. The "seat-at-the-table" conversation--as tired as it gets--is still a thing. There is hope that federal funding for cybersecurity will increase. Criminals should be on high alert...they don't have all the advantages.

Other buzz words and topics that are top of mind: Quantum computing; NIST standards; a patchwork of data privacy legislation and standards with hope for more consistency; foreign adversaries ramp up their efforts and the U.S. and its allies must keep up; GenAI; mobile threats; RaaS makes it easier for the bad actors; non-human identity management; OT, IoT, and IIoT security and threats; cyber resiliency; SOC models; and improving cybersecurity education and programming.

What the Practitioners Predict

Jake Bernstein, Esq., Partner, Data Protection, Privacy & Security Group, K&L Gates LLP

The rise of agentic AI technology

“In 2025, we will see far more instances of generative AI used to create particularly convincing social engineering attacks, but even more frightening, I suspect we will also witness some of the first fully-automated attacks using 'agentic AI' technology. It will likely become necessary for defenders to deploy their own agentic AI bots, culminating in constant AI vs. AI warfare across the internet.”

Mo Wehbi, VP, Information Security & PMO, Penske Automotive Group:

The good and the bad

"The good:

1. Widespread Adoption of AI and Machine Learning for Threat Detection: AI will become more sophisticated and integral in identifying threats in real-time, reducing response times and mitigating risks faster than ever before. 'AI's ability to evolve and adapt will redefine the cybersecurity landscape, making threat detection smarter and more proactive.'
2. Zero Trust Architecture Becomes the Norm: Organizations will fully embrace Zero Trust principles, leading to better segmentation and control over data, even in hybrid and remote work environments. 'Zero Trust isn't just a framework anymore—it's becoming a baseline expectation for securing modern enterprises.'
3. Greater Collaboration Between Governments and the Private Sector: Initiatives to share threat intelligence will strengthen, fostering a collective defense strategy against increasingly sophisticated cyber adversaries. 'Collaboration across sectors will be the cornerstone of cybersecurity resilience in 2025.'"

"The bad:

1. Increase in AI-Driven Cyberattacks: As defenders adopt AI, so do attackers. Expect to see AI-enabled phishing campaigns, deepfake scams, and automated attacks grow in complexity. 'Attackers leveraging AI will force organizations to stay one step ahead, pushing boundaries on what cybersecurity tools can achieve.'
2. Shortage of Cybersecurity Professionals Worsens: Despite growing awareness, the skills gap in the cybersecurity industry will continue to be a major challenge, putting strain on existing teams. 'The demand for skilled professionals will outpace supply, making talent retention and training critical priorities.'
3. Ransomware Targets Critical Infrastructure: Ransomware attacks will increasingly focus on critical infrastructure, including healthcare, utilities, and transportation, leading to potentially catastrophic consequences. 'The stakes are higher than ever—protecting critical infrastructure will require not just technology, but also robust incident response plans and partnerships.'"

Kip Boyle, vCISO, Cyber Risk Opportunities LLC:

The challenge of cultivating buy-in from leadership and employees

"Cybersecurity professionals will continue to face a critical challenge: cultivating genuine buy-in from both senior leaders and employees. Let me unpack what I mean.

"While compliance enforces behavior through rules and consequences—like being forced to exercise—true buy-in reflects authentic understanding and commitment. It's like choosing to exercise because part of your identity is a person who makes healthy choices.

"When people genuinely buy into cybersecurity, they go beyond mere procedure-following to become security advocates. They think critically about risks, proactively report concerns, and guide colleagues toward secure choices. This intrinsic motivation proves far more effective than external enforcement because people drive continuous improvement through genuine commitment rather than obligation.

"True security buy-in creates a culture where people willingly protect digital assets, adapting to new threats because they understand what's at stake—not because policy demands it."

Lisa Plaggemier, Executive Director, National Cybersecurity Alliance:

Fear and hope for the New Year

"What I fear will happen:

1. Ransomware will escalate: Expect more attacks targeting critical suppliers relied on by entire industries—think CDK or Change Healthcare-style incidents.
2. Identity theft will evolve: Stolen identities will fuel new fraud schemes, like creating crypto accounts in victims’ names.
3. Critical infrastructure in the crosshairs: Rising geopolitical tensions could lead to threat actors demonstrating their capabilities in response to economic or political pressures.
4. AI-powered scams will soar: As attackers leverage commoditized AI tools, scams—especially romance, investment, and fraud—will grow more convincing and costly.

"What I hope to see:

1. Empowered users through smarter defaults: Security becomes the path of least resistance—making secure behaviors easy, seamless, and automatic for everyone.
2. Defensive AI breakthroughs: Tools that flag phishing attempts and scams more effectively, offering users clearer warnings and peace of mind.
3. Criminal network disruptions: Coordinated takedowns, financial chokepoints, and international cooperation targeting cybercriminal operations.
4. Secure digital identities: Broader adoption of services like Clear and ID.me could reduce identity theft and build trust online.
5. Phishing-resistant authentication: Widespread use of passkeys, biometrics, and passwordless solutions to bolster security.
6. Federal investment in cybersecurity: Increased funding to strengthen domestic cyber defenses, foster innovation, and support diplomatic efforts to curb foreign cyberattacks."

KJ Haywood, Adjunct Professor, Cybersecurity, Collin College; Principal CEO, Nomad Cyber Concepts:

Some positives and negatives for 2025

"The positives I see for next year...

1. Increased Adoption of Generative AI (GenAI): Growing acceptance of GenAI across industries may drive enhanced productivity, creativity, and innovation.
2. Enhanced Security, Privacy, and Data Practices: Organizations that plan to develop or acquire AI tools will strengthen their data & privacy protection processes, this includes data inventory and cleansing.
3. AI Governance Across Supply Chains: U.S.-based global organizations may enforce AI governance policies, fostering standardized ethical and secure practices among vendors.
   • U.S.-based organizations may identify AI Governance and security as an operational risk.  
4. Broader Implementation of AI Acceptable Use Policies: Industries may begin focusing on formalizing guidelines to promote the ethical, secure, and responsible use of AI technologies.
5. Market Consolidation of GenAI Tools: The GenAI market may scale down to a few robust and reliable GenAI tools, creating global standards and improving tool quality.
6. Advancements in Predictive Analytics for Healthcare: AI will be instrumental in improving patient outcomes, which may lead to reduced healthcare costs and the advancement of disease prediction and prevention strategies.
7. Decreased Algorithmic Bias in AI Models: Focused efforts will be made to minimize inherent biases, promoting fairness and inclusivity in AI systems.

"The negatives I see for next year...

1. Workforce Misuse of GenAI: Unintended or malicious misuse of GenAI by employees could lead to significant legal, financial, and reputational risks for organizations.
2. AI-Driven Malicious Cyberattacks: AI is enabling more sophisticated and targeted cyberattacks, such as phishing, vishing, and spoofing, increasing the burden on cybersecurity defenses.
3. Deregulation Leading to Corporate Oversight: The Whitehouse's pending Deregulation adoption will shift AI governance and security responsibilities onto large corporations, requiring them to independently ensure AI security, risk, and compliance measures.
4. Tightened State and Local Government Regulations: Local & State Governments may introduce stricter compliance requirements for AI vendors, particularly those enhancing existing applications or offering new AI-based solutions.
5. AI Innovators’ Limited Oversight:
   With the anticipated minimal federal regulation of AI technologies, developments not monitored properly- could increase risks of misuse, ethical breaches, or security vulnerabilities.
6. Supply Chain Strain from AI Governance Enforcement: Enforcement of AI governance and security by larger corporations and state and local governments could create logistical challenges, delays, and higher operational costs for vendors.
7. Major AI-Driven Cyberattack in the U.S.: The clock of 20+ years could reverse; if the strict security and governance regulations are not enforced, it could pose a catastrophic AI cyberattack that could shift the public and many industries' perspectives, leading to heightened scrutiny, regulatory overhauls, and shifts in AI development priorities."

Jordan Fischer, Founder and Partner, Fischer Law, LLC

More state regulations; the EU's focus on GDPR and AI

"The EU will continue to look beyond the GDPR to provide guidance and requirements around data more generally, and expectations when individual users are using technology in new and unique ways. Look to the EU to see how regulators are grappling with the interplay of AI into our daily lives, and increased use of connected wearables."

Fischer also added this prediction via a LinkedIn post on Dec. 26:

"As we close out 2024, January 2025 will bring FIVE new data privacy laws in the following states, bringing the total number of US state privacy laws in effect to 13:
⭐️ Delaware
⭐️ Iowa
⭐️ Nebraska
⭐️ New Hampshire
⭐️ New Jersey

"While most of these laws align with the approaches already taken in states like California, Virginia, and Colorado, it will be important for businesses to expand their internal processes to accommodate these new privacy laws, and update/revise external facing notices and disclosures."

What the Vendors Predict

Nicole Carignan, Vice President of Strategic Cyber AI, Darktrace: 

The year of AI agents and multi-agent systems: a challenge for cyber professionals, and an opportunity for threat actors

"Following significant advances in generative AI in 2022 and 2023, throughout 2024 we saw significant focus on innovation and development of AI agents, which are autonomous AI systems that are designed to complete specific tasks. We predict 2025 is set to be the year of multi-agent systems (or “agent swarms”). That means we’ll see increasing use cases across businesses where teams of autonomous AI agents are working together to tackle more complex tasks than a single AI agent could alone. However, the rise of multi-agent systems, particularly in cybersecurity, is a double-edged sword.

"The rising use of multi-agent systems will introduce new attack vectors and vulnerabilities that could be exploited if they aren’t secured properly from the start. Attacks that we see today impacting single agent systems, such as data poisoning, prompt injection, or social engineering to influence agent behavior, could all be vulnerabilities within a multi-agent system. But the impacts and harms of those vulnerabilities could be even bigger because of the increasing volume of connection points and interfaces that multi-agent systems have.

"One benefit of AI agents is that they can discover other agents and communicate, collaborate and interact. Without clear and distinct communication boundaries and explicit permissions, this can be a huge risk to data privacy. These are not issues that traditional application testing alone can address.

"Moreover, the stakes for these systems will be extremely high. Multi-agent systems are poised to make AI tools even more useful and productive for consumers, and as they increase adoption for critical daily tasks such as managing household finances, these systems will contain increasingly sensitive and valuable data.

That’s why robust security measures and data guardrails are required at the start to prevent these systems from being exploited and running amok."

Maurice Uenuma, VP & GM, Americas, Blancco:

Start prepping for post-quantum 'Q Day'; overcoming compliance paralysis

"Bad actors will leverage personal data and AI to launch more effective attacks: The NPD and MC2 breaches that took place in 2024 will enable cyber criminals to leverage far more personal data, combined with AI-generated 'deep fakes,' to launch more realistic and effective phishing and spear phishing campaigns in 2025. Since the human element remains the most 'hackable' security control, these attacks will likely lead to even more data breaches and/or compromise of control systems. When successful, spear phishing attacks can have devastating consequences, given the privileged access employees often have to sensitive data, financial transactions, and physical control systems.

"With 'Q Day' approaching, it’s time for organizations to start prepping: With the August release of NIST standards for Post-Quantum Cryptography, it’s 'go time' for organizations that haven’t yet started working on implementing the new standard. Full deployment will take time, and with some estimates of 'Q Day' (quantum computers’ ability to break current encryption standards) arriving within the next decade, organizations will need to lean in to avoid getting caught off-guard.

"Furthermore, enterprises and individuals will need to anticipate the data compromises looming from Q-Day based on the “harvest now, decrypt later” strategies of some adversaries and hostile nation states. We do not yet know the full impact of this scenario, but it could lead to a spike in ransomware, extortion, spear phishing and other attacks. Just because sensitive information from a previous incident was not publicly released, does not mean it could not happen in the future. Preparing for Q-Day in 2025 should be a top priority for CISOs for this very reason.

"Growing patchwork of U.S. data privacy laws will create new compliance burdens: The growing patchwork of data privacy regulations across the U.S., many of which are similar and overlap, will continue to increase compliance burdens on organizations that create, process, store, and transmit sensitive data in 2025. Since California’s passage of California Consumer Protection Act, later superseded by the California Privacy Rights Act, over 20 states have passed comprehensive privacy laws. Many of these have already been passed into law but will be taking effect on a rolling basis through 2026 and beyond.

"To overcome compliance paralysis, organizations will need to be highly organized and efficient. Mature governance (from the board on down), repeatable processes, and tools – including Governance, Risk & Compliance platforms – will be critical to minimize compliance-related risks."

Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet:

Anti-adversary frameworks will expand 

 "As attackers continually evolve their strategies, the cybersecurity community at large can do the same in response. Pursuing global collaborations, creating public-private partnerships, and developing frameworks to combat threats are all vital to enhancing our collective resilience. Many related efforts, like the World Economic Forum Cybercrime Atlas initiative, of which Fortinet is a founding member, are already underway, and we anticipate that more collaborative initiatives will emerge to meaningfully disrupt cybercrime."

Ken Dunham, Cyber Threat Director, Qualys Threat Research Unit:

Domestic and foreign adversaries will escalate cyberattacks on U.S. critical infrastructure

"Nation-state cyber actors from China, Russia and Iran are expected to remain primary threats, enhancing techniques for espionage and disruption. Ideologically driven cyberattacks from conflicts like in Ukraine and Gaza will also spur further threats. 

"As we move into 2025, critical sectors underpinning modern society, such as water, electricity and satellites, will face escalating cyber threats. Water utilities will be especially susceptible to ransomware and nation-state attacks, with security lapses posing serious risks to public health and safety. By adopting simple yet effective cyber hygiene practices and fostering tighter coordination between public and private sectors, these defenses are expected to evolve, mitigating risks and safeguarding critical services."

Andrew Harding, Vice President of Security Strategy, Menlo Security:

Automation will make some workflows in Security Operations, like costly SOAR platforms, obsolete

"Automation will make some workflows in security operations obsolete. AI-Driven automation tools will streamline processes, reduce response times, and improve overall efficiency. IT and security operations teams will finally get some relief from alert fatigue, because such tools will reduce alerts by 50% or more and they will compress response times from hours to minutes. Though early in the adoption cycle, these tools begin to eliminate the need for complex and costly SOAR rebuilds and will optimize SIEM implementations. This shift will empower organizations to respond to threats more effectively, reduce operational overhead, and allocate resources to higher-value strategic initiatives."

Ratan Tipirneni, President and CEO, Tigera:

Organizations will increasingly create GenAI applications with Kubernetes, creating the need for more robust Kubernetes security 

"To derive the most value from GenAI applications, enterprises will utilize proprietary data to create these models. Using a Retrieval-Augmented Generation (RAG) architecture, organizations can customize models based on company data, so that GenAI applications are personalized to an enterprise and their specific use cases.

"Most GenAI applications will contain confidential company data as a result of this approach, leading to security considerations. To address concerns around data security, privacy, and integrity, some organizations will opt to deploy GenAI applications in their data center, an existing hub for sensitive enterprise data. Most organizations, however, want the flexibility to deploy GenAI applications across both cloud environments and on-premises in their data center.

"With flexibility at the forefront, Kubernetes is quickly becoming the de facto platform in which GenAI applications are being deployed. Organizations can run Kubernetes for GenAI across various workloads including virtual machines (VMs), containers, or bare metal servers - or a mixture of all three. Against this backdrop, in 2025, there will be a heightened focus on Kubernetes security.

"To achieve comprehensive security for GenAI applications being deployed on Kubernetes, organizations should prioritize:

1. Implementing Network Security Access Controls
2. Proactively Managing Vulnerabilities
3. Protecting Against Known and Unknown Threats
4. Preventing & Addressing Misconfigurations
5. Maintaining Observability

"2025 will be the year that many organizations officially deploy GenAI applications across their infrastructure. With Kubernetes set to serve as the core platform for deploying and running these applications, there is a critical need for organizations to step up their security in this domain.

Krishna Vishnubhotla, Vice President, Threat Intelligence, Zimperium:

Surge in mobile-specific ransomware

"Mobile-specific ransomware is a rapidly evolving threat that should be top of mind for every CISO. Zimperium's Mobile Banking Heist Report provides early evidence of this shift: in 2023, 29 malware families targeted 1,800 mobile banking apps, with several showing early-stage ransomware capabilities. These tactics are tailored for mobile, signaling a move beyond data theft toward extortion and ransomware schemes designed specifically for mobile platforms.

"This trend is part of a larger increase in ransomware and extortion attacks across digital channels. According to the 2023 Verizon Data Breach Investigations Report (DBIR), ransomware or extortion was involved in nearly one-third of breaches, indicating a shift among traditional ransomware actors toward new methods, including mobile-focused extortion. This shift is further confirmed by the Thales 2024 Data Threat Report, which notes that ransomware and malware remain some of the fastest-growing threats, with 41% of enterprises facing malware-related breaches this year alone.

"With ransomware attacks growing by 21% in 2024, attackers are increasingly exploiting mobile platforms due to their unique vulnerabilities and often weaker security postures. For CISOs, this signals an urgent need to prioritize advanced app-level security, phishing defenses, and proactive monitoring in mobile environments, as the connectivity and sensitive data handled by mobile devices make them prime targets for the next wave of ransomware."

Balazs Greksza, Threat Response Lead, Ontinue:

Ransomware-as-a-Service (RaaS) and specialized subservices will further commoditize the criminal marketplaces

"The importance of Initial Access Brokers will continue to rise due to the success of Information stealers and Loaders. Additionally, in 2025, we’ll likely see larger and more successful ransomware groups enjoy heightened international attention from law enforcement organizations. With the increasing number of successful takedowns, extraditions, and arrests, some groups are expected to further fragment and rebrand themselves, but only a small percent might be deterred from continuing their cybercrime activities."

Rom Carmel, Co-Founder and CEO, Apono:

Cybercriminals will develop more successful Zero Trust evasion techniques

"As organizations increasingly adopt zero-trust models for identity security, cybercriminals will develop more sophisticated techniques to evade these defenses. Attackers may exploit gaps in network segmentation, misconfigurations in identity policies, or use AI to mimic behavior patterns and avoid detection. This evolution in tactics will lead to more sophisticated and harder-to-detect attacks, potentially compromising sensitive systems even within a zero-trust framework.

"To counter these threats, organizations must adopt more mature zero-trust architectures that effectively limit both vertical and lateral movement after a breach. Strengthening zero-trust access controls is essential to adapt to evolving threats and ensure comprehensive protection across all network layers."

Darren Guccione, CEO and Co-Founder, Keeper Security:

Cybersecurity fundamentals become a core focus in both K-12 and higher education curricula

"Education systems will remain a prime target for cybercriminals in 2025 due to the vast troves of sensitive personal and financial data they collect. K-12 schools alone average more than one cyber incident per school day, according to CISA, underscoring the sector’s vulnerability. This trend extends to higher education institutions, which face additional risks from the integration of complex research data, intellectual property and open network environments. As cyber-attacks grow in frequency and sophistication, the need to strengthen cybersecurity across all levels of education is critical.

"In 2025, cybersecurity fundamentals will become a core focus in both K-12 and higher education curricula. This shift reflects the acknowledgment that cyber hygiene must be taught as early as possible and reinforced through a student’s academic journey. Higher education institutions will expand their investment in cybersecurity training, not only to protect their systems but also to develop the next generation of cybersecurity professionals.

"To support this transformation, collaborations between cybersecurity experts, public sector organizations and educational institutions will intensify. Initiatives like Flex Your Cyber and resources from government agencies will provide actionable tools and guidance tailored to students, parents, educators and administrators. By prioritizing cybersecurity awareness and readiness for all of these groups, education systems at all levels can better defend against modern cyber threats while empowering the broader community to build a more secure and resilient digital future. 

Eric Schwake, Director of Cybersecurity Strategy, Salt Security: 

APIs will continue to be prime targets for attackers  

"In 2025, the cybersecurity landscape will continue to evolve rapidly, with a growing focus on API security. As APIs become essential to business operations and digital transformation efforts, they will likely become prime targets for attackers. We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures. One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security.

"To stay competitive, businesses must prioritize API security, recognizing that APIs have become crucial IT assets requiring the same scrutiny and protection as any other valuable resource. This involves implementing robust API posture governance to ensure consistent security configurations and reduce vulnerabilities to lower risk. By proactively addressing API security challenges, businesses can safeguard their critical assets and ensure the ongoing success of their digital initiatives in the face of evolving threats."

Brandon Williams, Chief Technology Officer, Conversant Group:

Recovery is key for robust cyber resiliency

"As ransomware and supply chain attacks are expected to increase, organizations will need a plan for fast recovery and business continuity. While there are many components to a comprehensive cyber strategy, Conversant believes that maintaining immutable backups of all data is paramount to this strategy and thus recovery.  While resistance is important, recovery is paramount.  Immutability is often defined differently from vendor to vendor.  We believe the organization should own defining what immutability means, and ensure selected vendors align with that definition.  As an example, Two Person Rule does not equal true immutability."

Stephen Kowski, Field CTO at Pleasanton, SlashNext Email Security+:

Cybersecurity training takes a far more personalized turn

"On the user training side, over time we will see more user training based on a user’s actual online habits, personal messaging threads, and email archives. Such customized training will raise awareness about how targeted these attacks can become, based on attackers doing detailed research into user behaviors."=

George Jones, Chief Information Security Officer, Critical Start:

Personal liability will reshape the CISO talent market

"With liability risks on the rise, organizations will make bold moves to attract top security talent. In response, organizations will implement stronger protections, including indemnification clauses and enhanced Director & Officer (D&O) insurance, to shield CISOs from undue personal risk. To further distribute accountability, companies will expand leadership structures by introducing roles like Chief Risk Officers (CROs) and Data Protection Officers (DPOs), ensuring clear role delineation. These measures will not only attract top cybersecurity talent but also create a more secure professional environment, enabling CISOs to prioritize risk resilience and regulatory compliance without fear of excessive personal exposure."

Danny Brickman, CEO and Co-Founder, Oasis Security:

Compliance requirements will drive non-human identity management in highly-regulated industries

"While every organization requires a solution to manage and secure its non-human identities (NHIs), in highly-regulated industries, the need for a dedicated NHI management solution is paramount. Financial institutions, for example, have access to vast amounts of sensitive data, and as such are highly regulated and frequently audited. 

"Payment Card Industry Data Security Standard (PCI DSS) 4.0 is rapidly approaching, and the revised guidelines place significant emphasis on managing NHIs, particularly system and application accounts with elevated privileges. With this, financial institutions will face increased scrutiny from auditors regarding the robustness of their NHI management practices. PCI DSS 4.0 requirements such as Requirement 7 (restricting access based on business needs and least privilege) and Requirement 8.6 (managing accounts with interactive login capabilities) highlight the need for comprehensive strategies to manage NHIs effectively.

"As NHIs proliferate, financial institutions risk security breaches and regulatory penalties if they fail to adopt a robust strategy for NHI management. Organizations must begin addressing these challenges now, especially with mandatory PCI DSS 4.0 compliance coming in 2025, to ensure they meet evolving compliance standards and enhance their security posture."

Seth Spergel, Managing Partner, Merlin Ventures:

The AI revolution is bringing about better versions of existing solutions

"In many instances, the AI-fueled technology we’re seeing is not coming up with entirely novel ideas, but instead addressing the limitations of previous solutions that were on the right path but were limited by the available technology. The software industry is plagued by solutions that sound good on paper, but have turned out to be too difficult to get configured in a complex environment or deploy at the scale large enterprises need.

That usability gap is so often the difference between a wildly successful technology and a failure. Just as the iPhone moved smart phones into the mainstream, we are seeing companies leverage AI to make products that 'just work.' These products are not tackling completely new problems, but are instead building solutions that work with minimal human intervention and can self-configure based on the environment they are operating in. Leveraging AI around usability will help enterprises reduce the amount of 'shelfware,' allowing for far faster growth for the startups that get this right than their harder-to-deploy predecessors were ever capable of."

Doug Murray, CEO, Auvik:

The IT talent gap will persist

"We keep hearing from our customers and partners that the ongoing talent shortage is creating significant challenges for IT staffing. To offset a lack of skilled professionals, more organizations are pursuing strategies for automation. In this way, if one person on a five-person IT team leaves a company, the remaining four-person team can continue by plugging the gap with automation. Similarly, the team has more time to spend upskilling and earning new and highly relevant certifications and training than they did before, because automation is helping to offset the monotonous, time-intensive tasks.

"Specifically, we see more small and midsize businesses moving from on-prem data centers into the cloud with Azure and Amazon Web Services. That type of migration requires IT admins with credentials for Microsoft and AWS certifications. We are definitely seeing that trend across our product channels. We also, of course, expect AI to play an important role in trying to alleviate the IT talent gap.

"Just five years ago, many IT teams were very reactive. The majority of their days consisted of monitoring alerts from the security operations center to adjust their network configurations and troubleshoot problems. Meanwhile, their more adaptive peer group (those who were embracing automation to expedite these reactive tasks) made themselves more relevant by earning AWS and Azure certifications, or learning Kubernetes, the open-source system to automate software deployment and management. In effect, increasing automation frees up people’s time to enable them to have a greater impact on their own careers, and on the business itself."

Marcus Fowler, CEO, Darktrace Federal:

Understanding Zero Trust models

"Insider threat risks will force organizations to evolve zero trust strategies. In 2025, an increasingly volatile geopolitical situation and the intensity of the AI race will make insider threats an even bigger risk for businesses in 2025, forcing organizations to expand zero trust strategies.

"The traditional zero-trust model ensures protection from external threats to an organization’s network by requiring continuous verification of the devices and users attempting to access critical business systems, services, and information from multiple sources. However, as we have seen in the likes of Snowden, or the more recent Jack Teixeira case, malicious actors can still do significant damage to an organization within their approved and authenticated boundary.

"To circumvent the remaining security gaps in a zero-trust architecture and mitigate increasing risk of insider threats, organizations will need to integrate a behavioral understanding dimension to their zero trust approaches. The zero trust best practice of ‘Never Trust, Always Verify’ will evolve to become ‘Never Trust, Always Verify, Continuously Monitor.’"

Jose Seara, CEO, DeNexus:

Securing modernized ICS/OT/IIoT systems: balancing innovation with cyber resilience in today's landscape

"The inevitable modernization of ICS/OT/IIoT systems for efficiency, easier operations, maintenance, or even automation, means that connectivity between such systems and corporate/IT networks will only multiply, bringing additional threats and exposures. If adequate cybersecurity monitoring is also deployed, this threat increase can be compensated by the opportunity to upgrade antiquated systems that can no longer be patched.

"Also, ICS/OT/IIoT are at the crossroads of several governmental initiatives to improve the cyber resilience of critical infrastructures that operate with such systems: the critical infrastructure designation for many sectors operating with ICS/OT/IIoT; the “Secure by Design” mandate from CISA; the SEC cybersecurity regulation (S/K) that demands better governance of cyber risk; and, most recently, November 2024 being designated as Critical Infrastructure Security and Resilience Month, to name a few."

Dana Simberkoff, Chief Risk, Privacy and Information Security Officer, AvePoint:

Cybersecurity at an inflection point

"The regulatory landscape for cybersecurity is at an interesting inflection point. While we're seeing potential shifts toward deregulation in the US, Europe continues to take a stronger stance on American companies through mechanisms like GDPR. The interplay between these approaches will be fascinating to watch.

"We're also witnessing the rise of 'data sovereignty first' mentality in cybersecurity and privacy laws. While this trend toward regional and national-specific regulations may seem at odds with our globally interconnected world, I expect we'll see more countries implementing their own protectionist data sovereignty frameworks.

"AI represents both our biggest opportunity and challenge from a security perspective. As organizations mainstream AI models into everyday operations, its accessibility increases for both legitimate and malicious uses. Security teams must stay several steps ahead - not just of bad actors, but also of well-meaning insiders who might inadvertently create vulnerabilities. Understanding data flows and information governance becomes more critical than ever.

"For companies like AvePoint, this creates a perfect storm of opportunity and responsibility. We're seeing organizations rush to deploy AI technology before establishing proper security frameworks. This haste could lead to significant data breaches and security missteps. The message is clear: companies need to build their security foundation now if they want to effectively harness AI's potential."

Matt Carter, CEO, Intrado Life & Safety:

911 networks' cybersecurity defenses will be bolstered by NG911 uniformity

"Today, there is a need for nationwide standardization of 911 networks to prevent cybersecurity breaches that negatively impact public safety outcomes and responses.

"Attacks from various geopolitical actors, who are trying to gain access to 911 infrastructure, are becoming more frequent. As states across the U.S. deploy IP-based, Next Generation 911 technology (NG911) – which is essential to the efficient protection of citizens and businesses – there will need to be established and enforced cybersecurity standards to prevent attackers from accessing critical information and disrupting public safety operations. In 2025, public safety authorities and policymakers will need to address this issue.

"We cannot be dependent on outdated, legacy infrastructure to execute public safety operations in the information age. However, to protect the security of IP-based NG911 technology, a unified standard for NG911 infrastructure will need to be established. Standardization across states’ 911 infrastructure will help to protect investments in NG911 deployment and significantly reduce the potential for geopolitical rivals to negatively impact the safety of U.S. citizens and businesses."

Tony Aurigemma, Chief Revenue Officer, Anomali:

A shift in approach to cyber resilience and a breaking point for the SOC model

"In 2025, we'll see a fundamental shift in how organizations approach cyber resilience. The traditional CISO role will evolve beyond security operations into a true risk executive position, as companies finally realize that their recovery capabilities are more critical than their prevention strategies. The hard truth is that most enterprises can't actually execute their theoretical 24-48 hour recovery time objectives, especially across hundreds of interconnected systems. Technical debt and untested recovery processes will force more organizations to rebuild their resilience programs from the ground up, with CISOs leading this transformation. Those who don't adapt will face months-long recovery periods that no modern business can survive.

"Additionally, 2025 will mark the breaking point for the traditional SOC model. Most security operations today are running on decade-old foundations - a maze of complex tools, overwhelmed analysts, and manual processes that just can't scale. What's coming is the first real transformation of the SOC we've seen in years. AI won't just be another tool in the stack; it's going to fundamentally change how teams operate, enabling analysts to work in their native languages and finally breaking free from the specialized systems that are bogging everyone down. Organizations that cling to their legacy SOC architecture will quickly find themselves unable to compete for talent or keep pace with threats. The market is ready for this shift; it has to be AI-driven, and it's happening now."

Richard Staynings, Chief Security Strategist, Cylera; Professor of Healthcare Cybersecurity, University of Denver:

A tough row to hoe ahead for CISOs; more nation-state boldness; ransomware attacks will increase

"2025 is going to be a tough year for CISOs and their security teams. The steady escalation in cybercrime, particularly cyber-extortion will continue to expand in both number and impact of attacks. What is less predictable, is the likely growth in nation-state cyber-attacks which could seriously change the already uneven balance between cyber defender and cyber attacker.

“2025 will likely see even more ransomware attacks than 2024. This growth will no doubt continue until such times that ransom payments and other forms of cyber extortion demand are finally and fully made illegal. Ransomware is a very lucrative industry, whose growth is being fueled by larger and larger payments from victims. Lack of resiliency across critical infrastructure industries (CIIs) combined with the indispensable need for operational availability, makes CIIs a prime target for such attacks. As such, expect many more.

“We will likely see more cyber-attacks against healthcare payers, providers, and life sciences organizations in particular. The industry is both an easy and soft target despite years of attacks and lessons that should by now have been learned. The industry, however still lacks adequate cybersecurity or systems resiliency. It also makes an ideal target for both extortionists and for adversarial state actors wishing to cause damage and disruption across the population of an enemy. Healthcare’s sprawling array of third party vendors and suppliers, and a rapidly expanding attack surface as new technologies like AI and IoT are implemented, makes it especially vulnerable.

“2025 will also see the rise of nation-state attacks. The recent Salt Typhoon attack against telecommunications providers by the Peoples Republic of China, and a dozen other Chinese Typhoon attacks, are an indication of growing geopolitical tensions as China, Russia, Iran, and the DPRK face off against the western world in what is being termed the ‘Axis of Resistance’. With Russia and Iran already engaged in hybrid and proxy wars, cyber is being viewed increasingly as a convenient weapon of choice that inflicts damage and retribution without crossing a line that will result in a kinetic response from the attacked nation. All critical national infrastructure industries could be the target for increased attention by Axis powers and will need to prepare accordingly. Nation-state and proxy cyber-attacks will be 2025’s biggest single threat I believe.

"On the brighter side, national governments are already taking a much bigger role in defending business and industries through partnerships and threat intelligence sharing. The UK, EU and Australia are already doing this, and the U.S. federal government is expected to expand its cyber defensive role for U.S. organizations in 2025 (if the government is funded). Expect a growing role for government in cyber defense moving forward to combat transnational organized crime and pariah nation-state attacks."