1. AI will be behind 25% of enterprise breaches by 2028
By 2028, Gartner predicts that 25 per cent of enterprise breaches will stem from AI agent abuse, driven by both external and internal actors. Dealing with this threat will require the rapid development of new security solutions to protect against sophisticated AI-driven attacks.
2. Toxic team cultures increase number of security incidents
Fostering a positive and supportive team culture should be a cybersecurity imperative for 2025 – organisations that fail to do so will pay the price. According to Forrester, ‘toxic’ security team cultures – typified by disengaged employees, high levels of absenteeism and a resistance to raising unpopular issues – result in a higher number of internal and external incidents.
3. Security behaviour, cultural programs are key to reducing security errors
Organisational security postures will continue to evolve to address cultural and behavioural weaknesses, says Gartner. By 2028, 50 per cent of organisations will implement security behaviour and culture programs (SBCPs) to improve employees’ security awareness and reduce the number of cyber incidents caused by human error.
4. Gartner predicts rise of disinformation security technology
Continuing the predictions, Gartner claims that an emerging category of technology called disinformation security will grow to oppose the spread of false information. By 2028, 50 per cent of enterprises will adopt disinformation security tools to address this growing threat, driven, of course, by the rise of AI-powered campaigns.
5. Forrester reflects on a busy year for cybersecurity
Forrester analysts have reviewed the year in security. The last 12 months have seen significant changes in the EU legislative landscape, including the AI Act, NIS2, the Cyber Resilience Act and DORA, and witnessed state-sponsored cyberattacks fuelled by ongoing geopolitical tensions. Forrester also highlights the evolving role of the CISO, moving from a purely technical expert to one adopting more strategic positions.
6. US federal agencies must comply with new cloud security directive
CISA has ordered US federal agencies to implement secure cloud practices with a new directive. The agency’s binding operational directive aims to reduce incidents caused by improper security control configurations in cloud environments. Federal agencies will need to identify cloud tenants, increase the use of assessment tools and adhere to CISA security baselines.
7. ENISA publishes first report on security postures throughout the EU
ENISA has produced its first report assessing the state of security in the EU. The report found differing levels of cyber maturity across states, outlined a need to strengthen compliance and policy implementation, and highlighted required improvements around crisis management and supply chain security. The report calls for the continuous enhancement of cyber skills and a more unified approach to security.
8. IDC considers challenges and opportunities of GenAI for security
An IDC report considers the ways in which GenAI offers both opportunities and challenges to security teams. Among the five topics the report considers, IDC warns that defenders need to adopt a proactive approach to the tech, characterised by continuous adaptation and developing a deep understanding of how GenAI affects security, both as an ally and an opponent.
9. Top concern about cloud services in 2025: Risk of exploits
In its 2024 Strategic Security Survey, Dark Reading found that 49.6 per cent of enterprise IT and security managers say their top worry around the cloud services they use is exploits that target cloud service providers. Other concerns include cloud services breaches (47.8 per cent), lack of data visibility in cloud environments (39.1 per cent) and an inability to enforce security policies on cloud-stored data (39.1 per cent).
10. AIOps adoption will lead to increased technical debt by 2026
Three quarters of tech leaders will face rising technical debt by 2026 due to the rapid development of AI solutions. As part of its 2025 predictions, Forrester believes that CIOs will triple AIOps adoption for IT operations. Success will hinge on IT culture, data strategy and, naturally, a robust security strategy.