Industry predictions for 2025 part 2: How will the industry itself change in the next 12 months?

Monica Landen
CISO at Diligent

In 2025, risk quantification will become the most powerful and reliable tool for communicating cyber risk to the boardroom. Just as the insurance industry continuously improves its risk assessment methods, security professionals must overcome traditional silos and effectively articulate how vulnerabilities in a tech stack can impact every part of the business. This will require security teams to connect their challenges and successes to broader business outcomes, such as customer impact, sales pipeline, and product development. By doing so, barriers between departments will break down, allowing the board to better understand the impact, positive or negative, of cyber security decisions.

At the same time, it will be mission-critical for organisations to make cyber security a cornerstone of their overall risk management strategy. This will demand a close partnership between CISOs and governance, risk, and compliance (GRC) teams, ensuring that cyber risks and solutions are communicated to leaders and board members in clear, actionable terms. Leaders must also prioritise fostering a cyber-centric culture through upskilling and training, ensuring that cyber security is a priority across all levels of the organisation. Together, these efforts will help organisations withstand ongoing threats while highlighting the critical importance of robust cyber security programs to safeguard long-term business success.

Shirley Salzman
CEO and co-founder of SeeMetrics

In 2025, cyber security organisations will recognise that adding more tools doesn’t necessarily equate to better security. Similarly, relying on compliance checkboxes for static reassurance will no longer suffice – not only in the face of dynamic and evolving threats but also in meeting executives’ growing expectations to demonstrate measurable progress and ROI.

Building on last year’s hype around the security data fabric, organisations will come to understand that true visibility and actionable insights require the ability to blend data from multiple tools. By correlating this data with programs, certifications, and threats, businesses can manage their defences with full context – reflecting the dynamic reality of their environment and the evolving threat landscape. This shift will empower organisations to measure and adapt their defences in real time, enabling them to proactively prioritise what matters most.

For example, rather than reacting to 30,000 potential vulnerabilities, companies will integrate data across tools to assess priority based on meaningful context – such as drilling down to business unit, geography, user, and asset type. The result? A transformation of overwhelming data into clear, contextual and actionable priorities.

David Nuti
Head of security strategy at Extreme Networks

VIEW ALL

MSPs will add another S for security. And they should be incredibly excited about the opportunity this presents. Driven by the convergence of networking and security, the increased threats created by hybrid users and IoT, and the preference for cloud-native and SaaS-based application workloads, cloud-native subscription-based security services to govern it all will become the ideal solution.

Vendors in this space, some that are entirely MSP-centric in their go-to-market strategy, have made it easier than ever for MSPs that may have traditionally avoided a deeper cyber security conversation to now deliver rich, scalable solutions where the complexity of unification has already been solved by the supplier. It is one of the biggest spend participation opportunities in a decade for MSPs … or should I say MSSPs?

Richard Sorosina
CTSO and VP solution architecture EMEA and APAC at Qualys

Consolidation of security capabilities has been on the agenda of many organisations for a while, and this will only continue to increase in 2025. And now, organisations are increasingly moving towards a unified platform approach that can provide both a centralised view of risk across the organisation, and mechanisms to remediate that risk when found. This has primarily been driven by a need to reduce complexity, increase operational efficiency, enhance detection and response capabilities, and reduce overall cost.

A unified platform is not a single solution that does everything but is one that provides a strong set of core capabilities, with a well-integrated partner ecosystem of additional capabilities that provide additional context. A well-integrated security platform that allows organisations to discover, prioritise and remediate critical business risks will serve to eliminate the challenges of complexity, inefficiency and increasing cost of ownership while allowing businesses to focus on what matters most to them.

Richard Seiersen
Chief risk tech officer at Qualys

Over the next five years, we can expect significant improvements in operational and capital efficiency for defenders as AI continues to automate routine tasks and streamline processes. This will free security practitioners to focus on more complex challenges, particularly those involving “irreducible uncertainty” – situations where the risk cannot be fully understood through empirical data.

As the deterministic aspects of cyber security are automated, the role of experts will increasingly shift towards decision-making in uncertain scenarios. AI will aid in modelling these risks, but the effectiveness of these models will heavily depend on the expertise and assumptions of the security professionals using them. This means that while AI will enhance analytical capabilities, the human element will remain critical in interpreting data and making informed choices among plausible alternatives. Security professionals will continue to play a vital role in navigating complexities and uncertainties, underscoring the importance of their expertise in the evolving landscape of AI-driven cyber security.

Alex Coates
CEO at Interactive

I’d encourage business leaders to prioritise a few things as we enter 2025. We must stay on top of managing the evolving workplace, which goes beyond working-from-home policies all the way to what technology you use day-to-day.

Organisations can’t avoid conversations around ESG, cyber security, and AI. These are no longer mere tick boxes; these are categories your business can lean into in order to get to the next level. You don’t want to be seen as falling behind in sustainability commitments, protecting private data – particularly as we begin to adjust to the newly passed Cyber Security Bill – and finding efficiencies. From our perspective at Interactive, we also look at ways to manage hybrid infrastructures and find the best data centre solution for your computing power.

Thomas Fikentscher
Area vice president for ANZ at CyberArk

The rapid adoption of cloud-native technologies and AI means there are more identities to manage at greater speed and with more complexity. Attackers are increasingly zeroing in on non-human identities, particularly in cloud-native, development and broader OT/IoT environments.

As Australian organisations continue to shift their workflows and workforces to the cloud, post-authentication breaches will become even more common. Multifactor authentication does not offer sufficient protections for employees across a variety of business functions who have access to sensitive data, are authorised to manage critical business processes and could become privileged users at multiple points during an ordinary workday. Organisations should be taking active steps to reimagine their workforce identity security.

Arvind Nithrakashyap
Co-founder and CTO at Rubrik

Data security posture management – DSPM – aims to solve one of the most complex issues in modern cloud environments: knowing where all your data is and how it is secured.

According to Research and Markets, the DSPM market is undergoing significant growth, driven mainly by AI adoption. As more (and larger) data sets become available for AI models to consume, the likelihood of sensitive data being exposed to unauthorised users increases significantly.

Cloud, AI, and DSPM will go hand in hand because traditional security methods like DLP (data loss prevention) and CNAPP (cloud-native application protection platforms) alone don’t adequately address an organisation’s overall data-related cyber resilience.

Nathaniel Jones
Director of strategic threat and engagement at Darktrace

The global space industry is growing at an incredibly fast pace, and 2025 is on track to be another record-breaking year for spaceflight with major missions and test flights planned by NASA, ESA, [and] CNSA, as well as the expected launch of the first commercial space station from Vast and programs from Blue Origin, Amazon and more. Research from Analysis Mason suggests that 38,000 additional satellites will be built and launched by 2033 and the global space industry revenue will reach $1.7 trillion by 2032. Space has also been identified as a focus area for the incoming US administration.

In 2025, we expect to see new levels of tension emerge as private and public infrastructure increasingly intersect in space, shining a light on the lack of agreed-upon cyber norms and the increasing challenge of protecting complex and remote space systems against modern cyber threats. Historically focused on securing Earth-bound networks and environments, the space industry will face challenges as post-orbit threats rise, with satellites moving up the target list.

The EU’s NIS2 Directive now recognises the space sector as an essential entity that is subject to its most strict cyber security requirements. Will other jurisdictions follow suit? We expect global debates about cyber vulnerabilities in space to come to the forefront as we become more reliant on space-based technology.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.