With continued advancements in AI, the threat landscape is evolving quicker and more regularly than ever before. Combining this with persistent macro-economic pressures and a change in leadership across multiple countries, the world around us is undergoing huge changes. In turn, CISOs are faced with the ever-expanding task of protecting their organisations against a new frontier, in a world that is undergoing massive shifts.
As cybersecurity and geopolitics continue to converge, governments and public sector organisations are going to need to reprioritise cyber resilience and improve legacy infrastructure across the board. Our research earlier this year found that governments saw a nearly 50% increase in ransomware extortion attacks in 2024. The general public expect – and deserve – their data to be properly protected. So, now more than ever, cybersecurity professionals must be tapped into the world around them and understand the nuances of a shifting geopolitical landscape.
With this in mind, here are five predictions that I think will take shape throughout 2025.
1) Nation-state and ransomware attacks will intensify their focus on the OT side; and data centers will fight back
As we look ahead to 2025, critical infrastructure and the manufacturing sector will face an increased volume of threats from both nation-states and ransomware operators. These threat actors will also look to target industries reliant on newer technologies, such as cloud computing and AI systems. And nation states are clearly looking to get ahead of this trend, evidenced by the UK designating data centers as critical infrastructure earlier this year, and I suspect others will follow suit.
2) Geopolitics and cybersecurity will become increasingly inseparable as National Critical Infrastructure (NCI) becomes one of the biggest focuses for attackers
The intensifying geopolitical climate and the major global elections that have punctuated 2024 will absolutely drive transformation with regards to cybersecurity policies and regulations in 2025. With cyberattacks increasingly targeting political processes and attempting to influence election outcomes, businesses must adapt their operations to navigate geopolitical tensions and sanctions. Organisations should seek to deploy flexible security architectures that can quickly isolate threats and adjust to evolving political regulatory requirements.
While advancements in digital transformation offers significant benefits, it acts somewhat as a double-edged sword and makes infrastructure more vulnerable to attacks. Given cyberattacks often precede physical ones, protecting critical infrastructure from exposure is crucial and organisations must take responsibility for their security beyond mere regulatory compliance. Over the coming year, we will see a heightened focus on critical infrastructure from both defensive and offensive perspectives.
3) Economic pressures will drive cybersecurity consolidation and optimisation
The broader macro-economic landscape, and persistent inflationary environment has resulted in many industries taking a more measured approach to their spending, and cybersecurity is no different. In fact, in 2025, we’re going to see the effects of economic pressures ending the era of unlimited cybersecurity spending. Instead, organisations are going to be forced to optimise their security investments, driving a trend toward the consolidation of security tools. In addition, we’re going to see the adoption of integrated platforms, and businesses embracing cloud solutions to simplify complex security infrastructures. The added bonus here is that the shift to automated, consolidated platforms will also help to address issues around the security skills shortage, given that service-based models reduce the burden of hardware maintenance.
4) Connectivity sovereignty will reshape global IT architectures
In 2025, connectivity sovereignty will emerge as a crucial factor in global IT planning, building on 2024’s data sovereignty focus. As nations increasingly implement digital borders through national firewalls, organisations will turn to distributed cloud and edge computing to maintain control over data and networks within national boundaries.
As a result, this trend will transform large data lakes into smaller “data puddles”, as data becomes increasingly localised. While organisations will still need to integrate data across geographical and organisational boundaries, data will need to be organised into smaller, location-specific datasets. This data segmentation could offer security advantages, as it may limit Machine Learning models access to comprehensive datasets that could attract attackers.
5) Cyber resilience will become a mandatory design principle
In 2025, the concept of cyber resilience will evolve from being a buzzword to becoming a fundamental design principle for organizations. As cyber threats become more sophisticated and disruptions more frequent, it will become more a matter of “when” not “if” a cyber incident will happen. Organizations will be forced to move beyond traditional prevention approaches to embrace true, embedded reaction and response capabilities in every aspect of their operations. Consequently, we will see organizations turn their attention to more proactive risk management and threat hunting practices to help contain the blast radius of an incident. This necessary shift will ensure that organizations not only withstand attacks, but continue functioning during them, with security and business continuity becoming inseparable concepts.
The year ahead
As 2025 begins to take shape, and with new political leaders either already in role or commencing their leadership soon, CISOs and IT leaders are going to have to weather the storm that naturally accompanies change. To do this, they must tap into the world around them, engage the C-suite, simplify IT architectures, and ensure that even if budget constraints persist, that good cybersecurity practice remains at the forefront of their organization’s agenda.
