As 2025 unfolds, the cybersecurity landscape continues to evolve at a breakneck pace, shaped by groundbreaking technologies, shifting regulations, and increasingly sophisticated threats. Key areas such as cryptographic advancements, third-party risk management, and AI-driven threats demand immediate attention from organizations across industries. Emerging trends signal a heightened focus on operational technology (OT) security, while legislative developments aim to streamline oversight and enhance protections against mounting cyber risks.
One of the defining challenges of 2025 will be navigating the complex interplay between innovation and vulnerability. AI emerges as both a powerful tool and a potent weapon, enabling more adaptive defenses and fueling sophisticated phishing and malware attacks. Meanwhile, the rapid expansion of non-human identities underscores the critical need for advanced identity management and secure machine-to-machine communications.
On the regulatory front, new frameworks and heightened scrutiny of third-party relationships promise to reshape cybersecurity governance. The adoption of AI-driven tools in education and critical infrastructure highlights the dual-edged nature of these technologies, which enhance capabilities and expose systems to targeted attacks.
At the core of these predictions lies an urgent call to action: organizations must adopt agile, integrated, and proactive strategies to defend against the rising tide of cybercrime. Whether through cryptographic agility, AI-driven threat detection, or more substantial regulatory compliance, 2025 demands unprecedented vigilance and adaptability from security leaders and teams alike.
Cryptographic Advancements and Post-Quantum Security
Key Predictions:
- Cryptographic agility will become essential to adapt to evolving standards, especially in the financial services sector.
- Cryptographic systems will be central to identifying and mitigating emerging threats.
Experts’ Insights:
- Mike Silverman, Chief Strategy & Innovation Officer, FS-ISAC:
"The financial services sector is bracing for a post-quantum world as cryptographic algorithms are no longer expected to endure for another 30-plus years. In 2025, firms must prioritize cryptographic agility, redesigning their environments to allow for increased frequency of one-off and complex cryptographic transactions. Applying this strategy prioritizes flexibility and enables systems to adapt as cryptographic standards evolve.
Cryptography will likely play a stronger role across industries in the year ahead. Cybersecurity functions will also level up the relevancy of cryptographic management within their remits. These cryptographic systems will become vital cyber assets in identifying emerging threats and require regular inventory, monitoring, and assessment."
Third-Party Risk and Vendor Management
Key Predictions:
- Evolving regulations like the Digital Operational Resilience Act will intensify scrutiny on vendor risk management.
- Automation and analytics will mitigate visibility gaps and enhance third-party security.
Experts’ Insights:
- Cameron Dicker, Director of Global Business Resilience, FS-ISAC:
"Increasing regulatory and compliance pressures on the financial services industry, furthered by the Digital Operational Resilience Act, National Security Memorandum 22, and UK Critical Third-Party regulation, combined with recent high-profile disruptions like CrowdStrike, require firms to prioritize resilience now more than ever.
Vendor risk management plays a vital role in these efforts. Firms should better comprehend their third-party relationships, including what kind of incident information they will report to client firms when it is made available and how firms can reconnect or disconnect with compromised third parties.
- Fran Rosch, CEO, Imprivata:
"The risks associated with third-party access have evolved into a pressing, existential concern for businesses as their reliance on external vendors, partners, and contractors grows. The vulnerabilities introduced by these relationships can no longer be underestimated, as they hold the potential to disrupt operations, compromise security, and erode trust.
Year after year, we’ve seen the impact of third-party attacks — for example, the MOVEit breach in 2023 and Change Healthcare in 2024. These attacks have highlighted the critical need for mature security systems to manage these risks, as vulnerabilities in external software continue to expose sensitive data at an alarming speed.
As organizations across all industries try to respond to the looming third-party threat, they are struggling. Due to limited visibility into how vendors access their networks, organizations are increasingly unsure how the cyberattacks they suffered were perpetrated. These massive blind spots showcase a critical risk for all organizations in the year ahead. Organizations must embrace automation and analytics to mitigate these risks, enhance visibility, and eliminate the guesswork surrounding third-party access.
AI-Driven Threats and Defenses
Key Predictions:
- Generative AI will enable sophisticated phishing, automated malware, and MFA bypass attacks.
- AI will be integral to managing and securing non-human identities, including machine identities.
Experts’ Insights:
- Subbu Sthanu, CCO at IPVanish:
"The AI boom of the last few years has added an extra layer of apprehension, with 37% of consumers saying they’re concerned about AI learning about them through online data. As we enter 2025, cybercriminals will continue leveraging generative AI to create more targeted and sophisticated attacks that can adapt to avoid detection, including personalized phishing campaigns that mimic voices, writing styles, and social media activity to deceive individuals.
A particularly alarming use of AI will be its ability to bypass multi-factor authentication (MFA), a security measure traditionally regarded as a robust safeguard. While MFA is a powerful defense, AI-driven techniques could undermine its effectiveness, making it essential for security systems to evolve with these new threats. To combat the threat of bad actors and keep up with the changing attacks, advanced detection tools and an emphasis on digital literacy to help users identify threats will be essential in the new year."
- Itzik Alvas, CEO, Entro Security:
"The number of non-human or machine identities has drastically increased in recent years. These machines comprise nearly an enterprise’s IT infrastructure, encompassing physical devices, such as desktops or IoT devices, and workloads, such as applications or containers. Given the importance of these machines to IT operations, it is clear why securing their identities has become a top priority for security teams.
AI tools will be used to predict and prevent unauthorized access to these sensitive machine identities by monitoring usage patterns and flagging any anomalous behavior. For example, AI will continuously monitor the access patterns of an API key used by a microservice and immediately alert security teams if it begins making requests from unusual locations or in unexpected sequences, which indicates a compromise."
- Mo Rosen, CEO, Skybox Security:
"2025 will be a watershed moment where the rise of AI-powered attacks forces organizations to finally dismantle the barriers between network and security teams. With more than half (55%) of security experts reporting they are concerned about the risk of a security incident due to a lack of collaboration between these critical functions, the need for integration has never been more urgent.
While the disconnect between these critical functions has long been a vulnerability, the escalating sophistication of AI-powered threats will make it impossible to ignore. Cybercriminals increasingly leverage AI and automation to launch highly adaptive attacks that traditional, siloed defenses can't handle. This new breed of threat will expose the critical weakness of disjointed security approaches, pushing organizations to the edge.
The consequences of inaction, including breaches inflicting crippling damage to infrastructure, data, and reputation, will become too dire to ignore. As a result of prioritizing this convergence, organizations will achieve a more integrated, collaborative approach that improves threat visibility, detection, and response times."
Operational Technology (OT) and Infrastructure Security
Key Predictions:
- OT cybersecurity will be centralized, emphasizing collaboration between IT and OT teams.
- Governments will modernize critical infrastructure protections with AI-driven solutions.
Experts’ Insights:
- John Cusimano, VP, OT Security, Armexa:
"This year, OT cybersecurity saw significant challenges and advancements, from addressing high-profile incidents to maturing risk management. These learnings from 2024 will shape how industries tackle cybersecurity threats in 2025 and beyond.
We will see more visibility and control over update deployment as a result of high-profile incidents like the CrowdStrike faulty update, which caused organizations to reevaluate their security update and patch management strategies. While this incident is unlikely to hinder cloud adoption, it has raised flags about cloud connectivity and dependence in OT and highlighted some of the vulnerabilities in many security update processes.
One of the most notable shifts in 2024 has been the centralization of OT cybersecurity as an organization's core function. Defined ownership and IT-OT collaboration are critical. There will also be a shift to risk-based OT cybersecurity assessments, with consequence-based risk assessment methodologies such as CyberPHA and CyberHAZOP having gained traction. These methodologies enable organizations to model realistic risks that could have operational, environmental, or safety impacts.
- Anand Oswal, SVP and GM of Network Security, Palo Alto Networks:
"As nation-state attacks on critical infrastructure escalate, we expect governments to invest heavily in modernized, secure systems. This approach goes beyond updating outdated technology and focuses on deploying smart solutions that safeguard both legacy and new infrastructure to meet the demands of a digitally connected world.
These investments will prioritize integrated security solutions and AI-driven tools to protect Internet of Things (IoT) and operational technology (OT) devices in real-time. This will help secure critical systems, ensure essential services remain resilient, and give citizens confidence in a connected society."
Emerging Threats and Cybercrime Trends
Key Predictions:
- Ransomware will proliferate with tools becoming accessible to low-skilled threat actors.
- IoT devices and poorly monitored technologies will be prime targets for exploitation.
Experts’ Insights:
- Jim Walter, Senior Threat Researcher, SentinelLabs:
"There are now more organized ransomware operations than ever before. Tools are improving, and the minimal entry barriers are continuing to erode. Additionally, powerful ransomware platforms and tools such as LockBit and ALPHV builders have been shared and leaked widely. Lower-skilled threat actors are adopting these tools as part of their standard operations, even when monetary gain is not the final goal, and well-known ransomware tools have been given extended life through growing reuse in Hacktivist communities.
Ransomware is now a commodity tool available to threat actors across the spectrum of capability and sentiment, and this will continue into 2025.
Additionally, actors like Dispossessor and RansomHub have monetized data even after the victim complied with demands. Paying a ransomware actor for their promise to delete data is a ruse. Compromised data lives on through rogue affiliates and communities dedicated to amplifying breach data to malicious communities. Breached data has no end-of-life, and these threat actors do not honor 'contracts'. Protecting data and preventing these attacks in the early states is more critical than ever going into 2025."
- Tom Hegel, Principal Threat Researcher, SentinelLabs:
"In 2025, threat actors will increasingly focus on exploiting ubiquitous and poorly secured technologies, allowing them to evade detection and operate with relative impunity. This trend will include edge network devices such as firewalls, routers, and switches—critical components of modern infrastructure that often lack robust monitoring or up-to-date protections. Similarly, the prevalence of mobile devices like iPhones and smartwatches, which are rarely locked down or comprehensively monitored for suspicious activity, will make them prime targets.
These focus areas will be leveraged by a range of adversaries, including private-sector spyware vendors, nation-state APTs, terrorist organizations, and financially motivated cybercriminals. Exploiting such under-monitored technologies will enable attackers to breach networks, track high-value individuals, and outmaneuver defenders constrained by the inherent limitations of these systems. As a result, defenders must rethink strategies to address these emerging risks, closing the gap in visibility and protection before adversaries further capitalize on these weaknesses."
Cybersecurity Leadership and Governance
Key Predictions:
- CISOs will face increased litigation risks, leading some to seek less senior roles.
- Growing regulatory and policy demands will heighten pressures on cybersecurity leaders.
Experts’ Insights:
- Andy Smeaton, CISO, Jamf:
"Over the past few years, security leaders at major companies like Uber and SolarWinds face repercussions for cyber incidents at their organizations. The SEC’s reporting rules also place immense pressure on CISOs to disclose 'material' cyber incidents promptly…without much clarity around what 'material' means or how incidents should be disclosed. These legislative factors, in combination with CISOs’ roles quickly becoming more litigious, have scared many CISOs to their core.
Some are looking into personal liability insurance, and others are bluntly saying 'no thanks' and taking less senior roles to avoid being the person whose head gets chopped off for incidents often out of their control.
The pressures will absolutely continue to mount on CISOs, and I expect we’ll see a significant awareness shift in 2025 around the mental health toll it’s taking on our industry's leaders. Burnout was the primary concern 3–5 years ago. Now, add the danger of lawsuits to that equation, and the role of the CISO can quickly become less appealing."
AI’s Role in Business Strategy and Risk
Key Predictions:
- Foundational rubrics will guide AI governance, focusing on confidentiality and risk.
- DevSecOps will integrate AI for more secure and efficient software delivery.
Experts’ Insights:
- Michael Covington, VP of Portfolio Strategy, Jamf:
"With generative AI quickly becoming a pervasive fixture in the technology landscape, businesses are reacting with catch-all policies to restrict usage and control how sensitive information and intellectual property flows outside the organization’s data protection boundary. For many, this means blanket policies forbidding the use of AI until reviewed by an oversight board.
While oversight is good, it can significantly delay the adoption of valuable tools if the process is not streamlined to allow for timely decision-making. The recent release of Apple Intelligence serves as a good case study on how 'AI' keywords can trigger restrictive business policies despite an implementation that keeps private data on-device and includes controls to govern the use of third-party AI models.
The industry will need to develop a set of foundational rubrics to guide more timely assessments of AI technologies. This will enable business leaders to cope more effectively with the onslaught of 'AI-enabled' tools and minimize an oversight bottleneck. As a result, we will see a renewed focus on data classification labels, a better understanding of AI processing locations, and a demand for confidentiality assertions from vendors as private data traverses their infrastructure.
As the industry transitions to an application-driven phase of AI, organizations must be equipped to make thoughtful and timely decisions about how the technology can be used responsibly to drive business objectives."
- Tal Levi-Joseph, VP, Software Engineering, OpenText:
"By 2025, AI and DevSecOps are set to transform how we approach software delivery, making it much faster, smarter, and more secure. Generative AI and large language models will become the backbone of automation, helping teams test more efficiently, deliver higher-quality products, and zero in on potential risks. These are the steppingstones for a broader future shift into autonomous delivery.
DevSecOps will take center stage, embedding security seamlessly into every development step, from initial design to delivery. At the same time, companies will prioritize working closely with their customers, using real-time feedback to create solutions that truly deliver value. Open, integrable platforms will be key to this transformation, giving organizations the flexibility to grow and adapt as the tech landscape evolves. It's an exciting time when innovation and practicality are coming together to push boundaries."
Education and Workforce Development
Key Predictions:
- K-12 institutions will leverage AI for adaptive learning and cybersecurity.
- There will be a push for advanced safety mechanisms to protect student devices and data.
Experts’ Insights:
- Suraj Mohandas, VP, Strategy, Jamf:
"We’re seeing a fundamental shift in how technology and mobile devices are utilized in the classroom. Administrators and teachers have moved beyond teaching technology skills (and having to be taught technology skills themselves) to using technology to enhance learning across all subjects. Now that students have access to these tools at their fingertips, we’ll see educational institutions push to maximize impact for individual students, which also involves prioritizing their safety.
One primary focus for maximizing impact will be utilizing AI in the classroom to learn and defend against cyber threats. When it comes to learning, adaptive learning platforms will see a major adoption uptick in K-12 institutions. Real-time feedback and assessment tools will be crucial for measuring the impact of devices and personalized learning programs on students.
However, educational institutions will also be forced to use AI-powered threat detection tools to fight off threats from adversaries. A significant downside of AI is that attackers leverage technology to increase their attacks' speed and specificity. The attacks are getting more and more targeted, and the more student-specific data attackers can access to fuel their specificity, the more attacks they’ll launch…and the more successful they will be.
This is a core reason I predict we’ll see a strong push for more safety mechanisms to be installed on student devices, specifically regarding data protection, threat prevention, and privacy controls. Educational institutions will be encouraged (or perhaps required) to improve encryption protocols and access controls, use AI-powered threat detection to fight AI-powered attacks, use systems that provide real-time alerts, and step up their game regarding student data privacy."
Legislative and Policy Shifts
Key Predictions:
- Consolidation of cybersecurity frameworks under federal agencies will emerge.
- Streamlined oversight will redefine cybersecurity governance structures.
Experts' Insights:
- Dan Lohrmann, Field CISO, Presidio:
"Using AI in defense will no longer be an option. AI will dominate the center stage in new ways as more cyberattacks than ever before will come from AI-enhanced and even AI-created enterprise attacks. AI will have an evolving role in security operations to address cyber threats.
Partnering and full-scale outsourcing of cybersecurity functions will be a growing trend, with numerous companies deciding they can no longer provide adequate in-house cybersecurity. A significant reorganization of DHS/CISA is likely. CISA will likely lose a large section of its mission, with cybersecurity authority and oversight being streamlined in the federal government. There has been consolidation in the number of federal government organizations working on cybersecurity. There has also been a trend toward fewer regulations and achieving framework harmonization.
The Trump administration will begin implementing cybersecurity standards and compliance functions under fewer teams. This will be a multi-year process, but the intention and roadmap will be released in 2025.
Advanced Identity Management
Key Predictions:
- AI will introduce context-aware Identity and Access Management (IAM) models.
- Securing machine-to-machine communications and non-human identities will become critical.
Experts’ Insights:
- Itzik Alvas, CEO, Entro Security:
"The number of non-human or machine identities has drastically increased in recent years. These machines comprise nearly an enterprise’s IT infrastructure, encompassing physical devices, such as desktops or IoT devices, and workloads, such as applications or containers. Given the importance of these machines to IT operations, it is clear why securing their identities has become a top priority for security teams.
AI tools will be used to predict and prevent unauthorized access to these sensitive machine identities by monitoring usage patterns and flagging any anomalous behavior. For example, AI will continuously monitor the access patterns of an API key used by a microservice and immediately alert security teams if it begins making requests from unusual locations or in unexpected sequences, which indicates a compromise."
- Phil Calvin, Chief Product Officer, Delinea:
"By 2025, organizations will be forced to confront a growing blind spot in their security strategies: machine-to-machine communications across AI systems, bots, and IoT devices. These non-human identities have become essential to operations but were largely overlooked in 2024, exposing businesses. In the past year alone, AI-powered bots were behind 40% of all cyberattacks, on top of the growing connectivity of IoT devices, compounding the risk of identity compromise even further. We're handing attackers the keys to our digital world if we can’t protect or defend against these systems. From data theft to automated cyberattacks and misinformation campaigns, bots and AI systems have become both tools for efficiency and targets for exploitation. The challenge ahead isn’t just about locking down these identities; it’s about staying ahead of attackers who use AI to weaponize them."
