iTech-Ed Ltd

Top six cybersecurity trends for 2025

Follow us on Twitter

Pinterest


Monday, 10 March 2025

As someone who writes regularly about mainframe security and AI, you’ll not be surprised that Gartner’s recent announcement of the top cybersecurity trends for 2025 caught my eye. Let’s take a look at the six trends they identified.

Trend 1: GenAI driving data security programs

Most security efforts and financial resources are traditionally focused on protecting structured data such as databases. However, the rise of GenAI is transforming data security programs, shifting focus to protect unstructured data – text, images and videos.

Trend 2: managing machine identities

Increasing adoption of GenAI, cloud services, automation, and DevOps practices has led to the prolific use of machine accounts and credentials for physical devices and software workloads. If left uncontrolled and unmanaged, machine identities can significantly expand an organization's attack surface.

According to Gartner, security and risk management (SRM) leaders are under pressure to build a strategy to implement robust machine identity and access management (IAM) to protect against attacks, but it must be a coordinated enterprise-wide effort. A Gartner survey of 335 IAM leaders globally, conducted between August and October 2024, found that IAM teams are only responsible for 44% of an organization’s machine identities.

Trend 3: tactical AI

SRM leaders are facing mixed results with their AI implementations, leading them to reprioritize their initiatives and focus on narrower use cases with direct measurable impacts. These more tactical implementations align AI practices and tools with existing metrics, fit them into existing initiatives, and enhance visibility of the real value of AI investments.

“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications and improve cybersecurity with AI”, said Michaels. “By focusing on more tactical, demonstrably beneficial improvements, they can minimize the risks for their cybersecurity programs and can more easily demonstrate progress.”

Trend 4: cybersecurity technology optimization

According to a Gartner survey of 162 large enterprises, conducted between August and October 2024, organizations use an average of 45 cybersecurity tools. With over 3,000 vendors in cybersecurity, SRM leaders need to optimize their toolsets to build more efficient and effective security programs.

Gartner recommends aiming for a balance that procurement, security architects, security engineers, and other stakeholders are satisfied with to maintain the right security posture. To achieve this, SRM leaders should consolidate and validate core security controls and focus on architecture that enhances portability of data. Threat modelling and organizational technology drivers such as AI adoption can also be used to assess advanced needs.

Trend 5: extending security behaviour and culture program value

Security behaviour and culture programs (SBCPs) have reached an inflection point for most organizations. Effective SRM leaders recognize the value these programs bring to improve their cybersecurity posture. According to Gartner, one of the largest drivers of change in these programs is GenAI – enterprises combining the technology with an integrated platforms-based architecture in SBCPs will experience 40% fewer employee-driven cybersecurity incidents by 2026.

This trend is gaining traction due to increasing recognition that both good and bad human behaviour are critical components of cybersecurity. As a result, cultural and behaviour-focused activities have become a prominent approach to address cyber-risk comprehension and ownership at the human level. This reflects a strategic shift toward embedding security into the organizational culture.

Trend 6: addressing cybersecurity burnout

SRM leader and security team burnout is a key concern for an industry already impacted by a systemic skills shortage, according to Gartner. This pervasive stress stems from relentless demands associated with securing highly complex organizations in constantly changing threat, regulatory and business environments, with limited authority, executive support and resources.

“Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure cybersecurity program effectiveness,” said Michaels. “The most effective SRM leaders are not only prioritizing their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”

In terms of managing machine identities, organizations that are still relying on manual identity governance and administration (IGA) processes are going to find their processes inefficient and potentially exposed to cyberattack.

I’m not surprised that burnout is now an identified issue because anecdotal reporting has been going on for a while now, and, these days, individuals are more prepared to speak out about feelings of being overwhelmed at work or experiencing burnout. Not only that, surveys are beginning to pick up on the problem. Gartner’s Peer Community Survey found that 62% of cybersecurity leaders have experienced burnout. A 2024 study by Hack The Box found that 90% of CISOs were concerned about stress, fatigue, and burnout affecting their team’s wellbeing. Devo’s Cybersecurity Burnout Survey found that 83% of its respondents said burnout in their workplace has led to errors resulting in a security breach. ISACA’s State of Cybersecurity 2024 report found that 46% of cybersecurity professionals gave high stress as a reason for leaving their role.

I would suggest it’s worth not only IT staff, but also all C-level employees taking a look at the report in order to familiarize themselves with what needs to be done to keep their data safe, and their company’s reputation intact, and also keep their employees mentally healthy and functioning optimally.

 

If you need anything written, contact Trevor Eddolls at iTech-Ed.
Telephone number and street address are shown here.