With 2025 just around the corner, security and risk professionals are preparing for a landscape defined by stringent regulations and the necessity for resilience. In 2024, these professionals grappled with evolving cyber threats, compliance with shifting regulations, and the integration of advanced technologies like AI, all while safeguarding data privacy. With cybercrime projected to cost $12 trillion in 2025, regulatory bodies are expected to intensify their efforts to protect consumer data, prompting organizations to adopt proactive security measures.
Cody Scott, a Senior Analyst at Forrester, emphasizes the urgency of this situation: “As cybercrime costs escalate, organizations will be compelled to pivot towards more proactive security strategies to mitigate material impacts.”
The upcoming year will see significant regulatory actions, particularly in AI. For instance, the EU is poised to impose its first fine on a general-purpose AI (GPAI) provider under the newly enacted EU AI Act. This landmark decision will serve as a wake-up call for organizations that rely on AI technologies without proper vetting. Companies must diligently assess their genAI providers to mitigate the risk of exposure to investigations and potential fines.
Moreover, the Internet of Things (IoT) presents an increasing vulnerability. Forrester predicts a major breach involving a common class of IoT devices in 2025, leading to widespread disruption and necessitating costly remediation efforts. Scott notes that “the interconnected nature of these devices makes them attractive targets for malicious actors,” underscoring the need for robust security measures in IoT environments.
Another noteworthy trend is the anticipated decline in the prioritization of genAI initiatives among Chief Information Security Officers (CISOs). Forrester’s research indicates that 35% of global CISOs and CIOs view the exploration of genAI use cases as a top priority. However, this enthusiasm is expected to wane, with a projected 10% deprioritization due to a lack of quantifiable value. Inadequate budgets and unrealized benefits will contribute to growing disenchantment with AI technologies, as organizations struggle to justify the investment needed to support these initiatives.
In conclusion, as regulatory pressures mount and the threat landscape evolves, security and risk professionals must adapt their strategies. The predictions for 2025 highlight the critical importance of compliance, resilience, and informed decision-making in navigating this complex environment. Organizations that proactively address these challenges will be better positioned to safeguard their data and maintain consumer trust.