As the digital landscape continues to evolve at an unprecedented pace, cybersecurity threats grow increasingly sophisticated. To stay ahead of the curve, organizations must anticipate and adapt to the evolving threat landscape. In this article, we delve into the predictions of several leading cybersecurity experts, offering valuable insights into the key challenges and opportunities that lie ahead in 2025.
Guardrails and Quantum Creep: Addressing Emerging Threats
Morey Haber, Chief Security Advisor at BeyondTrust, emphasizes the criticality of addressing privilege escalation. “As identity compromises increase in frequency, 2025 will be the year CISOs begin to consider the Paths to Privilege that allow lateral movement,” he explains. “Attackers are adept at manipulating cloud permissions, roles, and entitlements. Their attacks are preventable through a thorough re-evaluation of hygiene.”
Haber also highlights the looming threat of quantum computing. “Previous estimates suggest that where a digital machine would take 300 trillion years to crack 2-megabit RSA encryption, a 4,099-qubit quantum computer would only need 10 seconds,” he notes. “This post-quantum reality could be with us by the early 2030s, so we will probably continue to see individuals and organizations urge action on this critical future problem.” He anticipates the formation of exploratory committees within critical infrastructure organizations to examine NIST’s post-quantum encryption standards, emphasizing the need for proactive measures and the likely emergence of new regulations surrounding post-quantum cryptography.
Data Privacy and the Shift Towards On-Premises Solutions
Itay Glick, VP of Products at OPSWAT, underscores the increasing importance of data privacy and compliance. “With regulations like GDPR and CCPA gaining traction, organizations are under heightened pressure to protect sensitive data,” he states. The significant fine imposed on Meta by Ireland’s Data Protection Commission serves as a stark reminder of the severe financial consequences of non-compliance.
Glick also observes a notable shift in organizations’ approach to data security. “As organizations reassess their data security strategies, many are moving from cloud services to on-premises solutions to maintain greater control over their data and mitigate risks associated with cloud vulnerabilities,” he explains. This trend, driven by high-profile breaches like the MOVEit cyberattacks, reflects a growing desire for enhanced security, reduced reliance on third-party providers, and improved alignment with compliance requirements.
The Evolving Role of AI and the Importance of Strategic Collaboration
Richard Seiersen, Chief Risk Technology Officer at Qualys, cautions against overhyping the transformative power of AI in cybersecurity. “While several regional enterprises are looking for the next best AI solution in an effort to fight fire with fire, I am reminded of the famous Alphonse Karr quote, ‘The more things change, the more they stay the same,’” he observes. Seiersen emphasizes the importance of understanding the specific risks associated with AI abuse and misuse, as well as leveraging existing security capabilities to address these threats. He recommends proactive threat modelling and the development of “secure by default” solutions to mitigating potential AI-related risks.
Seiersen also emphasizes the evolving relationship between CISOs, the C-suite, and boards. “The CISO that focuses on economic and operational efficiency will be fast friends with business-focused leaders,” he asserts. By framing risk management to minimise business impact without excessive costs, CISOs can foster stronger partnerships with business leaders and drive more strategic decision-making. Clear, measurable communication will translate complex security strategies into actionable insights for business stakeholders.
Digital Modernization and the Rise of Agentic AI
Asanka Abeysinghe, CTO at WSO2, predicts a continued acceleration in digital modernization efforts in 2025. “Platform engineering made significant strides, with organizations trying to build more scalable and efficient systems,” he notes. “Kubernetes continued its rapid adoption as the standard for container orchestration, simplifying deployments across various environments.” Abeysinghe anticipates a growing focus on value creation through the adoption of core technologies like API management, integration, and identity and access management.
Furthermore, Abeysinghe highlights the emergence of agentic AI, powered by small language models (SLMs), which will drive the development of more autonomous systems. “Companies will also prioritize improving developer productivity through internal developer platforms (IDPs) and leveraging SaaS commodity services while striving to create unique differentiators,” he adds. Hybrid cloud strategies will continue to evolve, with increased adoption of Kubernetes and cloud repatriation to enhance flexibility.
The Rise of AI in IT Operations
Chrystal Taylor, Evangelist & Product Marketing Manager at SolarWinds, emphasizes the increasing role of AI in IT operations. “AI and machine learning are becoming essential tools in IT, helping teams connect the dots between systems and data,” she explains. “Whether it’s automating correlation, supporting root cause analysis, or spotting seasonal anomalies, AI is taking on the heavy lifting that used to be manual.” Taylor highlights the integration of AI into various IT tools, such as monitoring, observability, and incident response systems, enabling faster problem resolution and improved operational efficiency.
Taylor acknowledges the challenges associated with AI adoption, emphasizing the importance of continuous learning and skill development. “Prompt engineering is already becoming a hot skill, and as AI keeps evolving, we’ll need to keep improving how we manage data and handle new regulations,” she notes. “AI isn’t taking over jobs – it’s changing them. And for those willing to embrace the change, the opportunities in 2025 are endless.”
The cybersecurity landscape is constantly evolving, presenting both challenges and opportunities for organizations. By understanding the key trends and predictions outlined by these leading experts, organizations can proactively address emerging threats, strengthen their security posture, and ensure business continuity in an increasingly complex and interconnected world.