As 2024 involves a detailed, we replicate on a 12 months with hacks, outages, laws, and quickly rising traits that shifted the cybersecurity panorama.
Synthetic intelligence (AI) continues to evolve at breakneck pace, with generative and agentic AI pushing organizations to think about its position throughout each side of the enterprise. In the meantime, new classes emerge to assist organizations higher handle their information amidst the cloud’s continued enlargement and more and more subtle cyber threats. Lastly, we’re seeing laws enacted worldwide to assist organizations mitigate danger and keep cyber resilience.
So what’s going to this result in in 2025? Learn on for six cybersecurity traits Rubrik expects to unfold subsequent 12 months.
1. Knowledge Safety might be on the coronary heart of Generative AI adoption
As we glance in direction of 2025, one important factor stands out within the discourse across the adoption and evolution of generative AI: information safety. As generative AI fashions require huge quantities of knowledge to study and generate content material, guaranteeing this information’s privateness, confidentiality, and integrity turns into paramount. Firms that may supply sturdy information safety measures will achieve a aggressive edge, fostering higher belief amongst customers and companions. This belief interprets into market share, as companies and shoppers usually tend to have interaction with AI options that prioritize information safety, aligning with stringent rules just like the EU AI Act, GDPR, or CCPA.
Knowledge safety, subsequently, is not only a hurdle for generative AI; it is turning into its driving drive. As companies and shoppers alike demand extra from AI by way of functionality and safety, generative AI’s future seems to be more and more intertwined with developments in information safety. By 2025, we predict that information safety is not going to solely be a benchmark for achievement within the AI business however a deciding issue for belief and broad-scale AI adoption by business and shoppers.
2. DORA will lengthen past monetary providers, selling cyber resilience throughout industries.
The Digital Operational Resilience Act (DORA) was initially enacted to bolster IT safety for European monetary service establishments. However in 2025, DORA will turn into extra of an operational resilience instrument as a consequence of its array of processes for danger administration, incident reporting, third-party danger administration and enterprise continuity administration. These processes will assist organizations reply to cyber threats, geopolitical tensions, and pure disasters. Certainly, DORA’s broader adoption will redefine how all companies strategy operational resilience and continuity in an more and more unpredictable world, underscoring the urgency of preparation.
AI will turn into an important ally in assembly DORA’s necessities, revealing new use instances as firms innovate methods to include AI-driven resilience measures in areas like menace detection, response automation, and compliance monitoring. In a panorama that now requires real-time responses, AI will empower organizations to reply to incidents and adapt as conditions evolve dynamically.
3. IT and safety leaders should fortify their information within the cloud.
Knowledge is the crown jewel of the enterprise—and the cloud is more and more turning into its citadel. However what good is a citadel in case you go away the drawbridge down? Organizations should put together for cloud intrusions from more and more subtle cyber threats: the 2024 CrowdStrike International Menace Report discovered cloud intrusions have surged by 75% since 2023.
With the cloud’s continued enlargement comes a fair higher duty for organizations to fight vulnerabilities—in any other case, this surge is just the start. In 2025, organizations should deal with defending information within the cloud, monitoring danger, and constructing confidence that they’ll recuperate information and purposes within the occasion of an assault.
This implies going above and past app-native safety instruments and discovering tailored options that not solely forestall threats from reaching information within the cloud but additionally recuperate swiftly towards any threats that sneak throughout the moat.
4. Knowledge Safety Posture Administration turns into a necessary factor of cyber resilience.
Knowledge safety posture administration—DSPM—goals to unravel one of the complicated points in trendy cloud environments: realizing the place all of your information is and the way it’s secured.
In line with Analysis and Markets, the DSPM market is present process vital development, pushed primarily by AI adoption. As extra (and bigger) information units turn into obtainable for AI fashions to eat, the chance of delicate information being uncovered to unauthorized customers will increase considerably.
Cloud, AI, and DSPM will go hand in hand as a result of conventional safety strategies like DLP (Knowledge Loss Prevention) and CNAPP (Cloud-Native Software Safety Platforms) alone do not adequately tackle a corporation’s total data-related cyber resilience.
5. A wave of AI brokers will enhance cyber resilience—and introduce new dangers.
The rising agentic AI market exhibits limitless potential, particularly for organizations that use the cloud to scale computing energy and storage capability to coach and deploy complicated AI fashions. CISOs specializing in cloud-first architectures will reap the advantages of elevated productiveness, higher buyer experiences, and extra. Agentic AI additionally has the potential to assist companies maintain their information and cloud apps safer; think about a future the place AI brokers automate menace detection whereas enhancing the pace of response and resilience.
Nevertheless, if not carried out cautiously, agentic AI can even danger delicate information within the cloud. As AI brokers turn into extra subtle and interconnected, they’ll probably result in extra safety vulnerabilities and unintended information leaks. Savvy enterprise and IT leaders is not going to let this maintain them again from adopting agentic AI however relatively drive them to determine guardrails, arrange stringent information entry insurance policies, and clearly talk organizational greatest practices.
6. Ransomware will proceed to evolve and create havoc.
If 2024 taught us something, ransomware isn’t going anyplace—and can proceed to be a favourite of unhealthy actors. With the evolution of AI and extra information transferring to cloud and SaaS-based platforms, attackers can automate and refine their assault methods, making ransomware much more efficient in 2025.
However it will get worse. We anticipate Ransomware-as-a-Service (RaaS) to increase past malware, providing preliminary entry brokering, information exfiltration, and negotiation providers. RaaS platforms can even proceed to decrease the technical threshold for launching ransomware assaults, which suggests extra people or much less technically expert teams can have interaction in ransomware actions, growing the quantity of assaults. Organizations might want to develop new methods to deal with this actuality.
These six predictions spotlight why 2025 guarantees to be a dynamic 12 months in cybersecurity. Now’s the time for IT and safety leaders to organize.