What Lies Ahead for Security Leaders in 2025?

With such an amazing group of CISOs, CIOs, and CEOs on our advisory board, we wanted to get their insight into what they would like to see happen in 2025. Below is a collection of their thoughts and predictions on what lies ahead for this year in cybersecurity.

Simon Hodgkinson, former CISO of bp

Increasing Acceptance of Cyber Risks

Cybersecurity spend will continue to reduce as a percentage of an organisation’s revenue. While this is not a new trend, for security teams, it means even more pressure to do more with less. In addition, people are becoming desensitised to data breaches; this is a troubling phenomenon that you can see all the way down to the end consumer. As cyber incidents have become inevitable, boards are increasingly informed to accept an appropriate degree of risk – with cyber just being one of many business risks – and there are trade-offs to be made. We may see this shift in attitude have an impact on the ransomware market, potentially with a ramp-up in destructive extortion attempts.

Resilience in Focus

In 2025, the focus will move from cyber resilience to operational resilience overall. Improving their resilience will demand ongoing attention from organisations – not just to be compliant, although regulators will continue to have a big hand in driving the security agenda. There needs to be a focus not only on having the right defences and recovery capability in place, but on people, too: The talent shortage and high levels of stress and burnout amongst security professionals, including CISOs, means support mechanisms will be critical to building a resilient workforce.

Chris Roberts, Deepfake Cyber Strategist, World Wide Technology

Embracing Hard Truths in Cybersecurity

In 2025, the cybersecurity industry will face a critical inflection point, one fueled by technology's relentless pace. More integrity and honesty will be demanded of us as professionals. We’ll be forced to confront the uncomfortable reality: we’re still building the plane while it’s mid-flight. The advancements we crave—flying cars, autonomous systems, AI-driven everything—will continue to outpace our ability to defend and manage their risks.

These innovations won’t just bring convenience; they’ll carry elevated risks, unprecedented complexities, and an unsettling disregard for individual well-being. As a result, breaches will grow more sophisticated, privacy will remain elusive, and trust in digital systems will hang by a thread.

To navigate 2025 successfully, we must abandon the illusion of control and embrace a culture of transparency, collaboration, and proactive risk management. The future won’t slow down, but we can prepare ourselves to meet it with clarity and resilience

Rinki Sethi, VP & CISO of BILL

More CISOs in the Boardroom

We need more CISOs on boards. Cybersecurity is the top risk for most companies, yet public company boards still have so few CISOs to provide governance. Unfortunately, many boards require directors with prior board experience, which limits the diversity of perspectives in the boardroom.

The good news is that the landscape has shifted. Today, CISOs are more than just tech experts; they're strategic leaders who navigate organizational boundaries, and must have the ability to influence, and communicate effectively. As regular liaisons to board members, CISOs understand the intricate interplay between business objectives, technological capabilities, and regulatory landscapes.

I'm hopeful that this year will mark a turning point for more CISO representation on Fortune 500 boards. This isn't just about improving cybersecurity - it's about making companies stronger and more resilient. 

Lucas Moody, SVP & CISO of Alteryx

CISOs Leading the Charge in Responsible AI Adoption

Although AI has plenty of promise for organizations, rapid and unrestrained GenAI deployment can lead to issues like product sprawl and data mismanagement. CISOs must align the organization's AI adoption efforts and proactively act to determine acceptable risk and manage governance, risk, and compliance. 

CISOs must also set up a plan for how employees can use AI technology, which can involve whitelisting, blacklisting, or using specific products designed for risk-managed adoption. It is imperative for CISOs to stay informed about AI developments to recognize potential risks and allocate resources and experts for responsible AI adoption.

Anshu Gupta, CISO | Investor | Advisor

AI Shaping New Cybersecurity Threats and Solutions

The rapid adoption of AI-enabled tools across enterprises is set to introduce both significant opportunities and pressing security concerns in 2025. One key challenge lies in mitigating the risks associated with these advanced tools, particularly as their widespread use increases the attack surface. A pivotal area of focus will be agentic AI security, which promises to address diverse security use cases by proactively adapting to evolving threats. Additionally, AI-driven Security Operations Center (SOC) tools, designed from the ground up using generative AI (GenAI), are poised to replace traditional Security Information and Event Management (SIEM) systems, offering more robust and predictive threat detection.

Emerging threats like deepfake-enabled fraud pose new challenges, with malicious actors leveraging hyper-realistic synthetic media to deceive individuals and organizations. Compounding this risk is the potential for automated, AI-driven disinformation campaigns designed to manipulate brand safety, stock prices, and financial outcomes, highlighting the urgent need for advanced cybersecurity solutions tailored to counter these sophisticated threats.

Sachin Vaidya, EVP/ Chief Information Officer at Heritage Bank of Commerce

Balancing AI-Driven Automation with Attention to Security, Particularly for the Banking Industry

Generative AI represents a significant leap forward, building upon the foundation of earlier technologies like Robotic Process Automation (RPA). While RPA automated basic tasks, modern AI drives far more sophisticated processes across various banking functions. This includes enhancing customer support, streamlining lending procedures, and even automating complex underwriting tasks. 

By automating back-end operations, AI significantly improves efficiency. However, this increased automation necessitates a heightened focus on security and data privacy. Robust measures must be implemented to safeguard sensitive data and maintain the integrity of AI-driven processes. 

Suhit Gupta, Founder & CEO, Sparked Ventures

An Increased Focus on Security Budget Efficiency

A common challenge I've observed throughout my extensive career in senior technology roles is the difficulty in obtaining clear visibility into the coverage and return on investment (ROI) of organizations' numerous cybersecurity technology investments. These investments are not only crucial for maintaining the health, resilience, and efficiency of our organizations but also directly impact the overall business's bottom line.

In 2024, I noticed an increasing focus on this issue, with many security leaders actively seeking ways to optimize the efficiency of their security stack. As we enter 2025, I anticipate that this topic will become even more prominent, and we can expect to see further innovations that empower security leaders to effectively manage both the budget and coverage of their entire suite of security tools.

A pillar of our core values is to contribute to the CISO community, which is reflected in our platform, resources, and leadership. Thank you to our advisory board for sharing their thoughts and predictions, for continuing to inspire and guide us on our journey, and for being a positive voice for the cyber community.