Too much trust in automation/IT can be hazardous, as the 2024 global IT outage and other cyber incidents have shown

As the year draws to a close, our cybersecurity experts are looking ahead to 2025 with bold predictions on what is next for identity, technology, and digital trust.

From advancements in post-quantum cryptography to increasing AI-driven phishing attacks, these trends highlight the evolving security landscape.

Our predictions for 2025 underscore the need for bold strategies to drive quantum readiness, enhance transparency, and reinforce trust.

2025 predictions

  1. Post-quantum cryptography will takes off

    This is the year that post-quantum cryptography (PQC) shifts from theoretical frameworks to real-world deployments, with significant momentum in the Asia Pacific region. Governments will actively advance quantum readiness through national initiatives. With impending announcements from the US National Security Agency and growing compliance pressures, PQC adoption will surge, empowering industries to embrace quantum-resistant solutions.

  2. Organizations will demand resilience and zero outages

    The CrowdStrike outage this year caused massive global disruptions, and underscores the need for better testing of automated updates and stronger digital trust. As IoT adoption grows, concerns about the safety of over-the-air updates, particularly for self-driving cars, are prompting calls for greater transparency in security practices. Governments and the critical infrastructures will need to enhance oversight and enforce stricter measures on high-risk computer systems crucial to national security.

  3. AI-driven phishing attacks will surge

    There will be an unprecedented surge in sophisticated phishing attacks as attackers leverage AI to craft highly personalized and convincing phishing campaigns, while automated tools will enable them to scale attacks at an alarming rate, targeting individuals and organizations with precision.

  4. Chief Trust Officers will take center stage

    Digital trust will become a boardroom priority in 2025, leading to a continued rise of Chief Trust Officers (CTrOs) who will oversee the management of ethical AI, secure digital experiences and compliance in an increasingly regulated environment.

  5. Automation and crypto-agility will become a necessity

    With industry shifts towards shorter SSL/TLS certificate lifespans, automation and crypto-agility will emerge as critical capabilities for organizations aiming to maintain secure operations amid evolving standards.

  6. Content provenance goes mainstream

    In an era of deepfakes and digital misinformation, the Coalition for Content Provenance and Authenticity (C2PA) is set to redefine how we verify digital content. Expect to see the organization’s Content Credential icon become commonplace on images and videos for enhancing trust across media platforms.

  7. New private PKI standards will gain momentum

    ASC X9 is poised to gain momentum as industries like finance and healthcare increasingly require customized security frameworks to meet stringent regulatory demands and unique operational needs. Unlike public PKI, ASC X9 offers greater flexibility by enabling tailored policies and trust models, addressing critical areas such as data integrity and authentication. This ability to foster secure, scalable, and interoperable frameworks will make ASC X9 a preferred standard for organizations prioritizing trust and collaboration.

  8. The Cryptography Bill of Materials (CBOM) gains traction

    In response to escalating cybersecurity threats, CBOMs will become a vital tool for ensuring digital trust by ensuring that cryptographic assets and dependencies are catalogued, enabling better risk assessments.

  9. The era of Manual Certificate Management ends

    Manual management of certificates, still common in a small portion of enterprises, will be phased out as automation becomes indispensable for handling shorter certificate lifespans and stricter security protocols.

  10. Organizations will continue to prioritize fewer vendors

    Despite concerns about single-vendor risks (such as that surrounding the CrowdStrike outage) and a peak of venture capital funding for AI startups, enterprises will continue to consolidate vendors to simplify management, improve integration, and enhance overall security practices.