As 2024 involves a detailed, we replicate on a 12 months with hacks, outages, laws, and quickly rising traits that shifted the cybersecurity panorama.
Synthetic intelligence (AI) continues to evolve at breakneck pace, with generative and agentic AI pushing organizations to think about its position throughout each facet of the enterprise. In the meantime, new classes emerge to assist organizations higher handle their information amidst the cloud’s continued growth and more and more subtle cyber threats. Lastly, we’re seeing laws enacted worldwide to assist organizations mitigate threat and keep cyber resilience.
So what is going to this result in in 2025? Learn on for six cybersecurity traits Rubrik expects to unfold subsequent 12 months.
1. Knowledge Safety will likely be on the coronary heart of Generative AI adoption
As we glance in direction of 2025, one crucial factor stands out within the discourse across the adoption and evolution of generative AI: information safety. As generative AI fashions require huge quantities of information to study and generate content material, guaranteeing this information’s privateness, confidentiality, and integrity turns into paramount. Corporations that may supply sturdy information safety measures will acquire a aggressive edge, fostering better belief amongst customers and companions. This belief interprets into market share, as companies and customers usually tend to interact with AI options that prioritize information safety, aligning with stringent rules just like the EU AI Act, GDPR, or CCPA.
Knowledge safety, subsequently, is not only a hurdle for generative AI; it is changing into its driving power. As companies and customers alike demand extra from AI by way of functionality and safety, generative AI’s future appears more and more intertwined with developments in information safety. By 2025, we predict that information safety won’t solely be a benchmark for achievement within the AI trade however a deciding issue for belief and broad-scale AI adoption by trade and customers.
2. DORA will lengthen past monetary companies, selling cyber resilience throughout industries.
The Digital Operational Resilience Act (DORA) was initially enacted to bolster IT safety for European monetary service establishments. However in 2025, DORA will change into extra of an operational resilience instrument as a result of its array of processes for threat administration, incident reporting, third-party threat administration and enterprise continuity administration. These processes will assist organizations reply to cyber threats, geopolitical tensions, and pure disasters. Certainly, DORA’s broader adoption will redefine how all companies strategy operational resilience and continuity in an more and more unpredictable world, underscoring the urgency of preparation.
AI will change into a significant ally in assembly DORA’s necessities, revealing new use circumstances as corporations innovate methods to include AI-driven resilience measures in areas like menace detection, response automation, and compliance monitoring. In a panorama that now requires real-time responses, AI will empower organizations to answer incidents and adapt as conditions evolve dynamically.
3. IT and safety leaders should fortify their information within the cloud.
Knowledge is the crown jewel of the enterprise—and the cloud is more and more changing into its fort. However what good is a fort for those who go away the drawbridge down? Organizations should put together for cloud intrusions from more and more subtle cyber threats: the 2024 CrowdStrike Global Threat Report discovered cloud intrusions have surged by 75% since 2023.
With the cloud’s continued growth comes a good better accountability for organizations to fight vulnerabilities—in any other case, this surge is just the start. In 2025, organizations should concentrate on defending information within the cloud, monitoring threat, and constructing confidence that they’ll get well information and purposes within the occasion of an assault.
This implies going above and past app-native safety instruments and discovering tailored options that not solely forestall threats from reaching information within the cloud but in addition get well swiftly towards any threats that sneak throughout the moat.
4. Knowledge Safety Posture Administration turns into an important factor of cyber resilience.
Knowledge safety posture administration—DSPM—goals to unravel one of the crucial complicated points in fashionable cloud environments: realizing the place all of your information is and the way it’s secured.
In accordance with Analysis and Markets, the DSPM market is present process important development, driven mainly by AI adoption. As extra (and bigger) information units change into accessible for AI fashions to eat, the probability of delicate information being uncovered to unauthorized customers will increase considerably.
Cloud, AI, and DSPM will go hand in hand as a result of conventional safety strategies like DLP (Knowledge Loss Prevention) and CNAPP (Cloud-Native Software Safety Platforms) alone do not adequately handle a company’s total data-related cyber resilience.
5. A wave of AI brokers will enhance cyber resilience—and introduce new dangers.
The rising agentic AI market reveals limitless potential, particularly for organizations that use the cloud to scale computing energy and storage capability to coach and deploy complicated AI fashions. CISOs specializing in cloud-first architectures will reap the advantages of elevated productiveness, higher buyer experiences, and extra. Agentic AI additionally has the potential to assist companies preserve their information and cloud apps safer; think about a future the place AI brokers automate menace detection whereas enhancing the pace of response and resilience.
Nevertheless, if not applied cautiously, agentic AI may even threat delicate information within the cloud. As AI brokers change into extra subtle and interconnected, they may seemingly result in extra safety vulnerabilities and unintended information leaks. Savvy enterprise and IT leaders won’t let this maintain them again from adopting agentic AI however reasonably drive them to ascertain guardrails, arrange stringent information entry insurance policies, and clearly talk organizational greatest practices.
6. Ransomware will proceed to evolve and create havoc.
If 2024 taught us something, ransomware isn’t going anyplace—and can proceed to be a favourite of dangerous actors. With the evolution of AI and extra information transferring to cloud and SaaS-based platforms, attackers can automate and refine their assault methods, making ransomware much more efficient in 2025.
However it will get worse. We count on Ransomware-as-a-Service (RaaS) to develop past malware, providing preliminary entry brokering, information exfiltration, and negotiation companies. RaaS platforms may even proceed to decrease the technical threshold for launching ransomware assaults, which implies extra people or much less technically expert teams can interact in ransomware actions, rising the amount of assaults. Organizations might want to develop new methods to take care of this actuality.
These six predictions spotlight why 2025 guarantees to be a dynamic 12 months in cybersecurity. Now’s the time for IT and safety leaders to organize.