Industry predictions for 2025 part 1: How will the industry itself change in the next 12 months

As the threat landscape evolves, the role of those traversing that landscape to keep the rest of us safe must evolve as well.

Here are some of the challenges and opportunities coming down in the pike in 2025, according to those in the business.

Jason Plumridge
Chief information security officer at Tesserent

Maintaining the trend of the past couple of years, Tesserent expects that Australian businesses and governments will continue to find it difficult to retain cyber security talent in an increasingly competitive environment. More government departments and private sector enterprises will continue/look to outsource as a result.

Nadir Izrael
CTO at Armis

As cyber warfare tactics become more sophisticated and geopolitical stakes rise, we may see a breakdown in international cooperation on cyber security. Distrust between nations and diverging national interests could lead to fragmented defence efforts, making it harder to mount a unified response to global cyber threats. In 2025, the challenge will be technical as well as political, as nations navigate the complex terrain of cyber diplomacy.

To strengthen the response to cyber attacks, organisations, vendors, and governments should prioritise collaboration, information sharing, and trust-building through public-private partnerships and international coalitions. Standardising global cyber security frameworks and promoting shared certification programs can improve defence alignment, while regular cyber diplomacy summits and confidence-building measures can promote trust and cooperation between nations. Expanding AI-powered threat intelligence networks and establishing national and international cyber defence task forces will enhance real-time response capabilities.

VIEW ALL

Liat Hayun
VP of product and research at Tenable

In 2025 and beyond, we’ll see more organisations incorporating AI into their infrastructure and products as the technology becomes more accessible. This widespread adoption will lead to data being distributed across a more complex landscape of locations, accounts and applications, creating new security and infrastructure challenges.

In response, CISOs will prioritise the development of AI-specific policies and security measures tailored to these evolving needs. Expect heightened scrutiny over vendor practices, with a focus on responsible and secure AI usage that aligns with organisational security standards. As AI adoption accelerates, ensuring secure, compliant implementation will become a top priority for all industries.

Anthony Spiteri
Regional CTO APJ at Veeam

2025 will be a year of realisation for many organisations as many are still underprepared to recover efficiently from cyber incidents. According to a recent report, only 50 per cent of Australian business leaders were confident in their staff’s ability to tackle a cyber incident effectively. However, with the growing risk of AI-powered cyber threats and the push for stricter cyber regulations, such as the proposed Cyber Security Bill in Australia, more businesses will take a proactive approach towards resiliency.

This will extend beyond basic cyber security training for employees to encompass proactive threat detection using AI-driven solutions, as well as a robust backup and data recovery strategy. End-to-end data resiliency solutions, such as those provided through the Veeam Cyber Secure Program, will play an instrumental role in helping businesses feel confident and prepared for any threat ahead.

Kumar Mitra
General manager and managing director, greater Asia-Pacific region, at Lenovo ISG

As reliance on digital services and artificial intelligence (AI) grows, the energy demands of data centres across the APAC region are rising exponentially. Estimates suggest that AI will add 3 per cent to global electricity demands. In 2025, we will see increased scrutiny on businesses to act in an environmentally sustainable manner, with some markets introducing legislation imposing tighter restrictions on the disclosure of climate risks. For data centres, the challenge will be balancing the need for innovation and scalability with its carbon footprint.

Governments and businesses alike will be focusing more on sustainable infrastructure, leveraging new advancements in energy-efficient cooling systems, virtualised server environments and sustainable building materials. For example, Lenovo is taking liquid cooling mainstream with its Neptune Liquid Cooling Ecosystem, enabling up to a 40 per cent reduction in power consumption. We will also see more businesses explore sustainable energy sources, such as wind and solar energy, with nine out of 10 businesses already planning to boost their sustainability-focused IT investments.

Leon Poggioli
ANZ regional director at Claroty

Organisations will place a renewed focus on user access in their operational technology (OT) environments – targeting both internal and external users. Organisations will increasingly move away from jumpboxes and VPNs to simpler, fit-for-purpose solutions designed to appropriately govern “Just in Time” Access to OT systems. This will also result in organisations clamping down on unsanctioned remote access methods in OT, like hidden 4G modems and FTP servers for file uploads. Password sharing will also be removed in favour of better user identity and control methods for these critical systems.

Raghu Nandakumara
Head of industry solutions at Illumio

The nuanced and specialised role of the CISO will be phased out to make way for chief security officers (CSOs) in 2025, driven by increased interconnectivity and the convergence of IT and OT systems. Organisations recognise that threats are no longer siloed in separate areas of the business, and [they] require a leader to unify all risks and provide comprehensive oversight of security.

The CSO will also sit on the executive team and board, ensuring that the top of the organisation is not only aware of cyber security issues but is also accountable for security-related decisions and strategies.

Stu Sjouwerman
CEO of KnowBe4

There will be wider adoption of a zero-trust mindset and cyber mindfulness, representing a proactive approach to cyber security. Organisations embracing these principles encourage a vigilant attitude among their employees, treating every user and device as a potential threat. Training employees to maintain a healthy level of scepticism encourages them to apply critical thinking skills, and this mindset shift will be another crucial step in mitigating internal risks.

The cyber security landscape is rapidly evolving, and the dynamic between defenders and attackers has never been more complex. As we enter 2025, we must embrace the potential of AI to enhance our defences and protect organisations globally. It is more important than ever to focus on the human element in organisations to lower the risk of becoming a victim of cyber crime. One of the best forms of defence remains cultivating a robust security culture.

Nick Schneider
CEO of Arctic Wolf

Looking ahead, 2025 will be a year marked by further consolidation within the cyber security market, driven largely by a shift toward platformisation. Organisations are increasingly demanding integrated, comprehensive solutions rather than disparate security products. This is reshaping the industry, with market consolidation anticipated as both private equity firms and large platform companies emerge as key acquirers, seeking to unify multiple capabilities under single, cohesive platforms.

At its core, security is fundamentally a data problem. Organisations must manage and analyse vast amounts of data to effectively protect their assets against evolving threats. Conversely, this very ability to access, aggregate and manage massive, disparate data sets is what will separate the true platforms from point products.

Platformisation addresses these challenges by integrating various security functions – such as detection, response, threat intelligence, and analytics – into unified solutions. This not only enhances overall security posture but also simplifies the deployment and management process for IT teams, allowing them to efficiently tackle complex threats with streamlined tools and workflows.

Tony Jarvis
VP enterprise security, APJ, at Darktrace

We will see a major shift in the emphasis placed on cyber security at the board level. No business intends to be the next major organisation named against a data breach, and business leaders are starting to understand that securing an organisation is an ongoing effort [that] requires a consistent focus.

Cyber security conversations will focus primarily [on] the three pillars of risk, strategy and financials. Business leaders understand that these are the three areas that will result in achieving the desired outcomes, and each of these will be covered in board meetings.

While many business leaders may be entrenched in the day-to-day running of the organisation, they will increasingly rely on cyber professionals to educate them on the risks being faced and answer questions relating to vulnerabilities being exploited.

Most pressingly, the one recurring question is often: “Could this have happened to us?”

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.