As we reach the end of 2024, the cybersecurity industry faces plenty of challenges. For starters, losses due to cybercrime have quadrupled to hit $2.5 billion since 2017, according to one report.
Major companies are losing millions to ransomware or, in T-Mobile’s case, a $30 million settlement for exposing customer data. One US cybersecurity firm even accidentally hired a North Korean hacker.
As we reach a full quarter-century into the new millennium, the landscape of online security will continue to shift under our collective feet. How can you ensure that you stay aware of the latest trends? By taking a spin through the guide below — we’ve combed through dozens of cybersecurity experts’ predictions, cautions, and forecasts to collect the cream of the crop.
Here’s what to expect from the world of cybersecurity across the new year.
The Biggest Cybersecurity Predictions for 2025:
- Boosted Security for the Internet of Things
- Zero Trust Architecture Expands Beyond Devices
- Risk Quantification Becomes a Core Security Tool
- A Focus on Mid-level Cyber Skills Gaps
- AI Tools Will Further Integrate into Companies’ Security Protocol
- Be Wary of Undermanaged Assets
Boosted Security for the Internet of Things
The “Internet of Things,” or IoT, refers to any tech devices that are connected to the internet and rely on software updates, from smart fridges to thermostats, doorbells, and even pacemakers. They’re all doing better than ever today, and that strikes fear in the hearts of many cybersecurity experts — because all those devices are now freshly vulnerable to cyberattacks.
Daniel Pearson, CEO at KnownHost, notes that the IoT isn’t just for smart homes. Businesses have plenty of IoT devices on their premises: Sensors, monitoring equipment, energy management systems, and day-to-day office items including light bulbs, door locks, and CCTV systems.
To deal with the high number of potential vulnerabilities, businesses in 2025 must “ensure their smart devices are adequately secured using multi-factor authentication, regular encryption and firmware updates,” Pearson says.
Zero Trust Architecture Expands Beyond Devices
Zero Trust architectures require continuous verification to mitigate lateral attack risks by minimizing implicit trust. In 2025, those tactics will expand beyond just device security — and start to encompass all users, devices, applications, and interactions.
Ofer Regev, CTO at Faddom, foresees Zero Trust will go beyond devices.
“Zero Trust will expand beyond devices and networks to include identity verification frameworks for all digital interactions. With the surge of remote work and decentralized systems, traditional identity models will fall short. This will demand tools capable of tracking and validating user and system behaviors across dynamic IT landscapes.” -Regev
The Zero Trust expansion will emerge because cybersecurity professionals will keep reaching for additional measures to ensure safety at their companies.
Risk Quantification Becomes a Core Security Tool
A report from Bitsight and Diligent has found that despite cyber-secure companies delivering four times higher financial performance than their peers, a mere 5% of companies have cyber experts on their boards.
How can IT professionals communicate with their boards? Risk quantification, according to Diligent’s own CISO, Monica Landen, who says the it will emerge as “the strongest and most reliable tool for communicating cyber risk to your boardroom in 2025.” Landen compares risk quantification in the security sector to risk assessment in the insurance industry: Constantly improving.
“2025 could be the year of more cross-organizational pollination to properly communicate cyber risks to the board. Security teams have historically been siloed, but if they can tie their challenges and successes to customer impact, sales pipeline, or product development, those barriers will deteriorate and the impact, positive or negative, of poor security will properly resonate with the board.” -Landen
Companies will need a strong GRC framework to make sure that cybersecurity stays a cornerstone of their overall risk management strategy for the new year. In 2025, cybersecurity must be a priority across all levels of an organization.
A Focus on Mid-level Cyber Skills Gaps
Upskilling and reskilling are constant problems for white collar workers dealing with cybersecurity. Software updates are constantly rolling out, so workers must always be getting new degrees and certifications to keep up.
Keatron Evans, VP of AI Strategy at Infosec Institute, predicts that skills gaps — and the learning needed to close them — will be more important than ever in 2025. And it’s not just entry-level workers who will need to hit the books.
“When we talk about cybersecurity skills gaps, one of the misstatements that people often make is they will attribute that gap to all entry-level roles. However, industry-wide, we have realized that some of the biggest gaps fall under the need for experienced talent with a few years of work under their belts […]” -Evans
The industry will likely see a rise in hands-on or verifiable skills, as well as the immersive learning needed to teach them, says Evans, who adds that “part of the challenge is the level of degrees and certifications required within the industry.” Workers will have to balance the risk of burnout against the need to keep adding new certifications.
Ofer Regev takes the skills gap discussion a step further, predicting that it will accelerate lightweight automation tools: “The global shortage of skilled IT professionals will worsen in 2025,” Regev says, “pushing businesses to adopt more lightweight, automated tools. Complex solutions requiring extensive expertise will lose ground to agentless technologies that rapidly simplify deployment and deliver value.”
That’s far from the only prediction related to the use of AI technology, of course.
AI Tools Will Further Integrate into Companies’ Security Protocols
The cybersecurity experts we consulted for this article had a lot of different AI-related predictions, but the general trend can be summed up as: AI will continue to find a place within the industry as a whole. AI has long been a solution in search of a problem, and in 2025, it might start finding those problems.
This might look like a growing bottom-up understanding on the tech, as Keatron Evans argues:
“People that are serious about maintaining an edge in cyber, need to get themselves closer to the technology, not just the consumer usage of it. Next year, will be the year of truly advocating for understanding the underlying technology and how it works – That’s going to make employees exponentially more valuable.” -Evans
It might look like shoring up the data security risks that AI’s reliance on data training will usher in, according to data privacy company Kiteworks’ 2025 Forecast report.
“In 2025, stricter global regulations will demand transparency and accountability for AI data handling, with organizations facing penalties for mishandling sensitive content. To combat these threats, businesses must implement robust AI governance frameworks, prioritize privacy-preserving technologies, and adopt secure model development practices to ensure compliance and safeguard trust.” -Kiteworks
AI will also power backup automation, says Sebastian Straub, Principal Solution Architect at N2W.
“2025 will see the beginnings of backup systems with near-zero administrative intervention. AI will learn the intricate patterns of data usage, compliance requirements, and organizational needs, becoming a proactive data management expert, autonomously determining what needs to be backed up and when, including adherence to compliance standards like GDPR, HIPAA or PCI DSS.” -Straub
However, AI adaptation is an uphill battle. Staub also warns that AI is “not a silver bullet,” and we’ll still see plenty of “unfortunate breaches of trust and compliance violations” as companies struggle to fold AI into their systems across 2025 and beyond.
Be Wary of Undermanaged Assets
Tim Matthews, CMO at CyCognito, argues that we’ll see an uptick of data breaches due to “unknown, undermanaged assets.” Matthews predicts that 70% of breaches in 2025 will be traced back to these assets, marking an increase from the 60% that many analysts estimate today.
“This will be fueled by expanding and increasingly complex attack surfaces, cloud migrations, third-party dependencies, and remote work infrastructure. Organizations will be forced to shift from reactive, asset-specific security to a discovery-first approach that focuses on items outside known inventory.” -Matthews
This chimes with the wider tech trends predictions we collected from tech professionals across many more industries: More proactive measures will be required in 2025, not just reactive ones.
In the end, the story remains the same for the online security business. Whether the tools and protocols are AI functions, Zero Risk architecture, or risk quantification, it all marks a constant arms race of upskilling between bad actors and cybersecurity pros, with no genuine end in sight.
