SecurityWorldMarket

07/03/2025

Gartner identifies top cyber security trends for 2025

Sydney, Australia

Gartner Security & Risk Management Summit took place earlier this week in Sydney, Australia where the research company's analysts shared their findings on the cyber security industry and the trends that lay ahead this year.  In the main, these trends appear to be influenced by generative AI (GenAI) evolution, digital decentralising, supply chain interdependencies, regulatory change, endemic talent shortages and a constantly evolving threat landscape.

Speaking at the Gartner Security & Risk Management Summit, Alex Michaels, Senior Principal Analyst at Gartner, said, “Security and risk management (SRM) leaders face a mix of challenges and opportunities this year, with a goal to enable transformation and embed resilience. Their efforts in achieving both are crucial to support their organisation’s aspirations to not only innovate, but ensure their innovations are secure and sustainable in a fast-changing digital world.”

According to Gartner, the following six trends will have broad impact across these areas:

Trend 1: Gen AI driving data security programmes

Most security efforts and financial resources are traditionally focused on protecting structured data such as databases. However, the rise of Gen AI is transforming data security programmes, shifting focus to protect unstructured data — text, images and videos.

“Many organisations have completely reoriented their investment strategies, which has significant implications for large language model (LLM) training, data deployment and inference processes,” said Michaels. “Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of Gen AI on their programmes.”

Trend 2: Managing machine identities

Increasing adoption of Gen AI, cloud services, automation and Dev Ops practices, has led to the prolific use of machine accounts and credentials for physical devices and software workloads. If left uncontrolled and unmanaged, machine identities can significantly expand an organisation's attack surface.

According to Gartner, SRM leaders are under pressure to build a strategy to implement robust machine identity and access management (IAM) to protect against attacks, but it must be a coordinated enterprise-wide effort. A Gartner survey of 335 IAM leaders globally, conducted between August and October 2024, found that IAM teams are only responsible for 44% of an organization’s machine identities.

Trend 3: Tactical AI

SRM leaders are facing mixed results with their AI implementations, leading them to reprioritise their initiatives and focus on narrower use cases with direct measurable impacts. These more tactical implementations align AI practices and tools with existing metrics, fit them into existing initiatives, and enhance visibility of the real value of AI investments.

“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications and improve cyber security with AI,” said Michaels. “By focusing on more tactical, demonstrably beneficial improvements, they can minimize the risks for their cyber security programmes and can more easily demonstrate progress.”

Trend 4: Cyber security technology optimisation

According to a Gartner survey of 162 large enterprises, conducted between August and October 2024, organisations use an average of 45 cyber security tools. With over 3,000 vendors in cyber security, SRM leaders need to optimise their toolsets to build more efficient and effective security programmes.

Gartner recommends aiming for a balance that procurement, security architects, security engineers, and other stakeholders are satisfied with to maintain the right security posture. To achieve this, SRM leaders should consolidate and validate core security controls and focus on architecture that enhances portability of data. Threat modeling and organisational technology drivers such as AI adoption can also be used to assess advanced needs.

Trend 5: Extending security behaviour and culture programme value

Security behaviour and culture programmes (SBCPs) have reached an inflection point for most organisations. Effective SRM leaders recognise the value these programmes bring to improve their cyber security posture. According to Gartner, one of the largest drivers of change in these programmes is Gen AI – enterprises combining the technology with an integrated platforms-based architecture in SBCPs will experience 40% fewer employee-driven cybersecurity incidents by 2026.

This trend is gaining traction due to increasing recognition that both good and bad human behavior are critical components of cybersecurity. As a result, cultural and behavior-focused activities have become a prominent approach to address cyber-risk comprehension and ownership at the human level. This reflects a strategic shift toward embedding security into the organisational culture.

Trend 6: Addressing cyber security burnout

SRM leader and security team burnout is a key concern for an industry already impacted by a systemic skills shortage, according to Gartner. This pervasive stress stems from relentless demands associated with securing highly complex organisations in constantly changing threat, regulatory and business environments, with limited authority, executive support and resources.

“Cyber security burnout and its organisational impact must be recognised and addressed to ensure cyber security programme effectiveness,” said Michaels. “The most effective SRM leaders are not only prioritising their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”


Tags

News from the startpage
Go to "Business News"  

Product Suppliers
Change market
Global North America Middle East United Kingdom Sweden Norway Denmark
Back to top