This is the time of year when market observers and subject matter experts predict the near future before going on vacation
Gleaning various insights from its business between 2023 and this year, Forrester has released a series of cyber predictions for 2025.
According to their forecast, cybercrime is expected to cost US$12tn next year, so regulators will take a more active role to protect consumer data.
To limit material impacts to their organization, leaders will pivot to adopt more proactive security measures.
Other predictions
In 2025, Forrester analysts expect a provider of general-purpose AI models to receive the first fine for violating the EU AI Act.
As businesses diversify the generative AI (GenAI) models they use, they need to vet their providers carefully, ensuring they collect all of the evidence necessary to avoid exposing themselves to investigation and fines. Other predictions include:
- Next year, a major IoT breach will disrupt a large class of devices, requiring organizations to conduct time-consuming and expensive remediation efforts.
- According to its current data, Forrester estimates that CISOs will deprioritize GenAI use by 10% due to lack of quantifiable value. Disenchantment factors include inadequate budgets, and struggles to make the case for the budget requirements to support fund allocation requests.
- A Western government will bar specific third-party or open source software, on national-security rationales.
- In data breach litigations, class-action costs are enormous. With the percentage of organizations facing class actions at a 13-year high, the firm predicts that CISOs will be asked to contribute toward class-action defense funds in 2025, making costs from class actions greatly exceed fines imposed by regulators.
In the meantime, the research and advisory firm is raising awareness of human-related breaches. These include deepfakes, data exfiltration by insiders, misuse of GenAI, physical theft or loss, and just plain human error. These types of risks are expected to accelerate and become more complex with the advent of GenAI and the expansion of communication channels.
Finally, the firm is also researching how GenAI will influence Identity and Access Management technologies, in terms of administration and audit, identity lifecycle, authentication, and identity data services.
