Cyber ​​Crisis is Coming! 6 Trends Gartner Warns of in 2025

Cyber ​​Crisis is Coming! 6 Trends Gartner Warns of in 2025

Gartner Inc. has revealed key cybersecurity trends for 2025 driven by the evolution of generative AI, decentralized digital work, supply chain interdependence, regulatory changes, lack of qualified talent and an ever-changing threat landscape.

️ The following 6 key trends are having far-reaching impacts across industries:

 Trend 1: GenAI Driving Data Security Programs

The majority of security efforts and budgets have focused on protecting structured data such as databases. However, the growth of GenAI is changing the way information security programs are developed, with a greater focus on protecting unstructured data such as text, images, and video.

Many organizations have radically changed their investment strategies, with significant impacts on large language model (LLM) training, data consumption, and inference processes. Ultimately, this shift has highlighted the shifting priorities that leaders must address when communicating the impact of GenAI on their security programs, said Michaels.

 Trend 2: Managing Machine Identities

The increasing adoption of GenAI, cloud services, automation, and DevOps practices has led to the widespread use of machine accounts and identities for devices and software workloads, which, if not controlled and managed, can become a target for organizations to attack.

Gartner predicts that SRM leaders are under pressure to adopt a strong Identity and Access Management (IAM) approach to defense, but it must be a collaborative effort across the organization. According to a Gartner survey of 335 IAM leaders worldwide in August and October 2024, only 44% of IAM teams are responsible for machine identities across the organization.

 Trend 3: Tactical AI

SRM leaders are facing mixed results from AI implementations, leading to a reprioritization of projects and a focus on narrower use cases where impact can be directly measured. These more strategic AI implementations will align AI practices and tools with existing metrics and increase visibility into the true value of AI investments.

SRM leaders now have a clear responsibility to secure third-party AI deployments, protect their organizations AI applications, and improve AI cybersecurity by focusing on tactical improvements that have clear benefits. They can more easily mitigate risk for their own cybersecurity programs and demonstrate progress, Michaels said.

 Trend 4: Cybersecurity Technology Optimization

According to a Gartner survey of 162 large organizations in August and October 2024, organizations use an average of 45 cybersecurity tools. With more than 3,000 vendors in the cybersecurity market, SRM leaders need to optimize their security tools to build more effective and efficient security programs.

Gartner recommends that organizations seek to balance procurement, security architects and engineers, and other partners to maintain the right security approach. To achieve this, executives should consolidate and review core security controls and focus on architectures that maximize storage capacity through threat modeling and use them as a driver for enterprise technologies, such as AI, that can be used to assess advanced needs.

 Trend 5: Extending Security Behavior and Culture Program Value

Most organizations security behavior and culture management (SBCP) programs have reached a critical tipping point, with effective SRM executives recognizing the value these programs can bring to improving and shaping their cybersecurity performance. Gartner expects GenAI to be one of the largest drivers of change in these programs, with organizations that integrate this technology into their integrated platform-based architectures in their SBCPs seeing 40% fewer employee-involved cybersecurity incidents by 2026.

This trend is gaining traction as organizations increasingly recognize that both good and bad human behaviors are key components of cybersecurity. As such, activities focused on shaping culture and behavior are becoming key practices to address understanding and fostering human ownership of cyber risk. However, this approach also reflects a strategic shift towards embedding security into organizational culture.

 Trend 6: Focus on Addressing Cybersecurity Burnout

Gartner says that burnout among SRM executives and security teams is a significant concern for an industry already suffering from a systemic skills shortage. This widespread stress comes from the dynamic demands associated with securing highly complex organizations in a constantly evolving threat, regulatory and business environment, yet executives and teams are constrained by limited authority, executive support and resources.

Cybersecurity burnout and its impact on organizations must be recognized and addressed urgently to ensure the effectiveness of cybersecurity programs. The most effective SRMs not only prioritize and manage their own stress, but also nurture their teams to foster team-wide well-being and significantly increase personal resilience.

Gartner / PC & Associates Consulting (PR)