As we tread into 2025, it is time to evaluate how several key cyber trends have unfolded, and forecast what the future holds.

• The dual-edged sword of GenAI
  
  GenAI offers remarkable potential for automating tasks like threat detection, incident response, and vulnerability management. However, the technology is not without risks.
  
  Attackers have weaponized the same technology, using it to develop sophisticated phishing campaigns and advanced malware. This dual nature calls for a careful approach to AI adoption, focusing on privacy safeguards to ensure sensitive data remains protected.
  
  We must balance leveraging the benefits of AI while addressing its risks, with privacy being a top priority to ensure AI systems protect sensitive data.
• From metrics to accountability
  
  As organizations look to measure the return on their cybersecurity investments, outcome-driven metrics have gained traction. While not new, the approach has become more crucial. Key metrics such as “reduced mean time to detect and respond (MTTD)”, and “false-positive reduction rate”, help measure success.
  
  However, the challenge lies in translating technical metrics for non-IT leaders. For example, rather than discussing technical jargon, framing MTTD as “the time taken to spot potential threats” resonates better with leadership teams.
  
  To foster executive accountability, high-profile incidents — such as outages impacting critical systems globally — underscore the importance of aligning cybersecurity narratives with business priorities. High-profile cybersecurity issues such as the recent CrowdStrike outage demonstrate the importance of communicating strategies and situations clearly in the boardroom.
• Reducing human risks
  
  Gartner analysts’ call for human-centric security design center around the assertion that most breaches stem from human error. A culture of cybersecurity awareness through comprehensive employee training is therefore critical.
  
  Security responsibility must extend beyond the Chief Information Security Officer (CISO) to every business unit.
  
  By embedding security champions across departments, organizations can decentralize efforts, making each team accountable for its own security, alleviating pressure on leaders, and addressing skills gaps.
• Addressing third-party risks
  
  In today’s hyper-connected world, no business operates in isolation, and supply chain risks abound. Whether in software, services, or hardware, we need to apply due diligence to address supply chain vulnerabilities.
  
  The key to mitigating these risks lies in not just ample diligence but ongoing, resilience-focused investments.
  
  We foresee organizations conducting continuous third-party assessments, ensuring vendors adhere to rigorous security standards. Still, no system is foolproof, and strong internal controls will be essential in 2025 to minimize the damage from third-party vulnerabilities.
• Understanding continuous threat exposure management
  
  According to Gartner, more organizations will be prioritizing security investments based on Continuous Threat Exposure Management (CTEM) by 2026.
  
  Still, equipping organizations with the tools to improve their understanding of external vulnerabilities will be crucial for strengthening security.
• Identity-first security based on Zero Trust
  
  Identity is the new perimeter. With more employees accessing data from multiple locations and devices, robust identity and access management is vital.
  
  Zero Trust architecture is key to this strategy. We predict and encourage more organizations to integrate identity and access management across infrastructures for a seamless, secure user experience while ensuring stringent protection.
  
  Behavioural analytics is also critical to Zero Trust. By monitoring user behavior continuously, anomalies and suspicious activities can be intercepted quickly.