Cybersecurity priorities: With the new year in full swing, let us look at the trends breaking through in the cybersecurity sector. In 2024, we saw a huge focus on the implementation of AI into solutions, alongside other focal points such as the cyberskills gap and government regulation. These trends are expected to be accentuated with the ever-evolving landscape of cybersecurity. Alongside this, new and different challenges and priorities for CISOs are expected to gain prominence in the new year.
Condensing research, surveys and expert opinions on the primary themes and challenges those in the cybersecurity sector are expecting to handle throughout the next year, we have concluded five cybersecurity priorities for 2025; Managing the AI evolution, user data protection, basic cyberhygiene, collaboration and training and upskilling employees.
Managing the Artificial Intelligence evolution
AI solutions have been prominent in the cybersecurity sector for many years now. It is the ways in which AI is being leveraged which is a focal point for those in positions of authority within cybersecurity. In 2025, we should be seeing a continued focus on AI embedded innovations, along with an increasing scope for cybercrime from attackers who are utilising AI in their attacks.
The ability to remediate threats in real time is a critical focus. Speaking on the importance of AI engrained solutions in 2025, Haider Pasha, Chief Security Officer, EMEA and Latin America at Palo Alto Networks, said: “With the frequency and sophistication of cyberattacks increasing, organisations are seeking ways to leverage technologies like AI to respond instantly, rather than retrospectively. This real-time response capability is becoming essential in mitigating damage and maintaining security.”
The traditional reaction time that organisations had – where decisions could be made over the course of a few days – has drastically shortened. “The window for responding to threats has shrunk from days to minutes and soon it will be a matter of seconds,” said Pasha. This acceleration in required response time is a critical issue that CISOs must address in 2025 to stay ahead of evolving threats.
The evolution of AI within the cybersecurity sphere is not only growing for the solutions, but also for the problems. The attack surface for organisations is not shrinking; in fact, it is continually expanding. As CISOs and IT teams implement various projects to meet business demands, this growth in the attack surface inevitably draws more attention from attackers, providing them with multiple entry points into the environment. This is an ongoing concern moving into 2025 that will persist as the attack surface continues to widen.
Referencing the UK Government’s Cyber Security Breaches Survey 2024, Chris Roeckl, Chief Product Officer at Appdome, said: “The report indicates a clear surge in social engineering attacks, a consequence of Generative AI’s expanding accessibility, highlighting a pressing security concern. Social engineering, employing deceitful strategies such as phishing, vishing, baiting and smishing, lies at the heart of nearly 98% of cyberattacks.”
This alarming statistic underscores the urgent need for heightened vigilance from those in cybersecurity in the next year. As AI-powered attacks become more sophisticated, the urgency to act intensifies.
User data protection and Zero Trust solutions
Data protection is and always will be a top priority for those in cybersecurity, as it is an integral part of the sector. However, with the evolution of cyberattacks, criminals are increasingly focused on identities and user data.
Johan Fantenberg, Director at Ping Identity said: “Hackers’ methods for stealing data, disrupting your service, and eventually costing you money, time and possibly your reputation, are evolving along with technology. The total amount of data accessible in cyberspace is predicted to reach 175 zettabytes by 2025, which hackers find most appealing.”
Zero Trust has emerged as a leading cybersecurity strategy for 2025, fundamentally shifting how organisations approach data protection. Unlike traditional perimeter-based defences, zero-trust operates on the principle of ‘never trust, always verify’. Zero Trust provides guidance around how to think about data and user behavior in a modern, digital environment. However, its implementation is complex. Many companies are still figuring out its nuances and the lack of data to prove Zero Trust success further complicates the picture.
Despite this, the rise in Zero Trust adoption is encouraging, as more organisations realise that data security must be a continuous, uncompromising effort. Expect to see increasing innovation and implementation of Zero Trust solutions in 2025.
Basic cyberhygiene
To those well versed in the cybersecurity world, this may come as a surprise, however it seems as though basic cyberhygiene is going to be a priority in 2025 for smaller to middle sized businesses.
With the evolution and expansion of cyberattacker methods and aims, it is essential that smaller organisations are well protected. Richard Staynings, Chief Security Strategist for Cylera, said: “The latest Government’s Cyber Breaches Survey 2024 shows that an alarming 18% more businesses have experienced some form of cybersecurity breach or attack in the last 12 months compared to last year’s findings.”
These statistics have correlated with an increase in the number of businesses undertaking basic cyberhygiene processes in the last 12 months; including using up-to-date malware protection, up from 76% to 83%, restricting admin rights, up from 67% to 73%, implementing network firewalls, up from 66% to 75%, and having agreed processes for phishing emails, up from 48% to 54%.
Tom Henson, Managing Director at Emerge Digital, said: “On the flip side of these findings, it is deeply concerning that nearly two fifths of businesses don’t have up-to-date malware protection, which in today’s world should really be 100%. There simply isn’t an excuse for businesses not to have these types of protections, so although these figures highlight steps in the right direction, it isn’t enough.”
Expect to see smaller organisations continuing the trends seen in 2024 and making basic cyberhygiene a priority in 2025. The good news for those that do not have this basic form of protection is that in the cybersecurity community, there are many who have secure foundations already who advice and expertise can be taken from.
Collaboration with the c-suite
Collaboration and communication with other c-suite executives used to be few and far between as the job of the CISO was very individualistic and specific. Organisations were only out for themselves and often did not collaborate with others in the same sector. However, that has all changed. Over the last decade we have seen the importance of communication and collaboration between those in cybersecurity.
In the modern cybersecurity world, communication with one another in the same position has unlimited value. Due to ever-evolving cybercrime methods and the commonality of being online, sharing knowledge, skills, solutions and issues helps not only yourself, not only other CISOs, but all of society.
In 2025 we can expect to see an emphasis on cybersecurity communities, with many prioritising sharing knowledge and building relationships to help advance solutions and practices within their organisation.
“In essence, successful initiatives are those where collaboration is at the core, where CIOs do not work in silos but rather in tandem, leveraging each other’s strengths to drive innovation and efficiency across the business,” said Haider Pasha, Chief Security Officer, EMEA and Latin America at Palo Alto Networks.
Training and upskilling employees
A consistent issue for those at the c-suite level in cybersecurity, the skills gap will again be a priority to reverse for CISOs and professionals alike. Expect to see a focus on the training of employees in all facets of an organisation in correct cybersecurity behaviours, while also upskilling those already in the company to positions within the cybersecurity sector.
The role of the CISO has changed. To adapt to their new role, CISOs need to understand the risks they face, and communicate these to all professionals in the language of business. The need for regular cybersecurity training for everyone has become an essential part of the CISOs job in order to stop infiltrations from less traditional sectors within a company. Therefore, more emphasis will be placed upon training and communicating with those in an organisation on cybersecurity practices in the next year.
AI is proving indispensable in addressing the skills gap that many organisations face. By automating routine tasks and providing advanced threat detection capabilities, AI enhances the efficiency of security teams, however it cannot do it all.
The cybersecurity workforce gap coming into 2025 is enormous. With nearly 470,000 job openings between May 2023 and April 2024, the demand for cybersecurity professionals is outpacing supply. The challenge is not just about numbers but also the depth of expertise needed for cybersecurity in 2025. A total of 59% of organisations say their defences need to be strengthened, especially with remote work becoming the norm, with another 58% acknowledging substantial gaps in data and application security.
The lack of cyberskills is a growing concern going into 2025. However, we are seeing some methods in reducing this gap succeeding. Many CISOs are now looking internally to find individuals who often do not have the expertise required…yet. Upskilling employees is becoming a trend for organisations as it is time and financially efficient. Upskilling employees to become skilled cybersecurity individuals will be a priority for CISOs in 2025, addressing the large shortage of expertise in the complex environment of cybersecurity.
Share this article