Essential cybersecurity insights from Q4 24

Closeup of electronic circuitry in teal on a black background. (Photo by Adi Goldstein on Unsplash)

Essential cybersecurity insights from Q4 24

Written by

Aled Herbert
 

28/01/2025

1. AI will be behind 25% of enterprise breaches by 2028

By 2028, Gartner predicts that 25 per cent of enterprise breaches will stem from AI agent abuse, driven by both external and internal actors. Dealing with this threat will require the rapid development of new security solutions to protect against sophisticated AI-driven attacks.

2. Toxic team cultures increase number of security incidents

Fostering a positive and supportive team culture should be a cybersecurity imperative for 2025 – organisations that fail to do so will pay the price. According to Forrester, ‘toxic’ security team cultures – typified by disengaged employees, high levels of absenteeism and a resistance to raising unpopular issues – result in a higher number of internal and external incidents.

3. Security behaviour, cultural programs are key to reducing security errors

Organisational security postures will continue to evolve to address cultural and behavioural weaknesses, says Gartner. By 2028, 50 per cent of organisations will implement security behaviour and culture programs (SBCPs) to improve employees’ security awareness and reduce the number of cyber incidents caused by human error.

4. Gartner predicts rise of disinformation security technology

Continuing the predictions, Gartner claims that an emerging category of technology called disinformation security will grow to oppose the spread of false information. By 2028, 50 per cent of enterprises will adopt disinformation security tools to address this growing threat, driven, of course, by the rise of AI-powered campaigns.

5. Forrester reflects on a busy year for cybersecurity

Forrester analysts have reviewed the year in security. The last 12 months have seen significant changes in the EU legislative landscape, including the AI Act, NIS2, the Cyber Resilience Act and DORA, and witnessed state-sponsored cyberattacks fuelled by ongoing geopolitical tensions. Forrester also highlights the evolving role of the CISO, moving from a purely technical expert to one adopting more strategic positions.

6. US federal agencies must comply with new cloud security directive

CISA has ordered US federal agencies to implement secure cloud practices with a new directive. The agency’s binding operational directive aims to reduce incidents caused by improper security control configurations in cloud environments. Federal agencies will need to identify cloud tenants, increase the use of assessment tools and adhere to CISA security baselines.

7. ENISA publishes first report on security postures throughout the EU

ENISA has produced its first report assessing the state of security in the EU. The report found differing levels of cyber maturity across states, outlined a need to strengthen compliance and policy implementation, and highlighted required improvements around crisis management and supply chain security. The report calls for the continuous enhancement of cyber skills and a more unified approach to security.

8. IDC considers challenges and opportunities of GenAI for security

An IDC report considers the ways in which GenAI offers both opportunities and challenges to security teams. Among the five topics the report considers, IDC warns that defenders need to adopt a proactive approach to the tech, characterised by continuous adaptation and developing a deep understanding of how GenAI affects security, both as an ally and an opponent.

9. Top concern about cloud services in 2025: Risk of exploits

In its 2024 Strategic Security Survey, Dark Reading found that 49.6 per cent of enterprise IT and security managers say their top worry around the cloud services they use is exploits that target cloud service providers. Other concerns include cloud services breaches (47.8 per cent), lack of data visibility in cloud environments (39.1 per cent) and an inability to enforce security policies on cloud-stored data (39.1 per cent).

10. AIOps adoption will lead to increased technical debt by 2026

Three quarters of tech leaders will face rising technical debt by 2026 due to the rapid development of AI solutions. As part of its 2025 predictions, Forrester believes that CIOs will triple AIOps adoption for IT operations. Success will hinge on IT culture, data strategy and, naturally, a robust security strategy.

What is Tech Quarterly?

Tech Quarterly is Collective Content’s quarterly summary of top research, market stats, new developments and predictions in five key technology topics of importance to our readers and clients: artificial intelligence, automation, CIOs, Internet of Things and virtual reality/augmented reality/extended reality (VR/AR/XR).

If a major analyst report, survey or forecast has been published on any of these topics in the preceding three months, you’ll find out about it in Tech Quarterly, so be sure to visit regularly.

Our blog

Top