• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Compliance and Governance

Predictions 2025: Security and Risk pros gear up for regulations and resilience

Cody Scott by Cody Scott
November 11, 2024
Predictions 2025: Security and Risk pros gear up for regulations and resilience

Photo by RDNE Stock project: https://www.pexels.com/photo/selective-focus-photo-of-terms-and-conditions-written-on-a-paper-7821937/

Share on FacebookShare on Twitter

In 2024, regulators around the globe introduced a myriad of proposed cybersecurity- and privacy-focused policies and legislation to better manage emerging risks relating to emerging technologies such as generative AI (GenAI), as well as those related to managing third-party relationships.

Security and risk leaders sprinted to secure GenAI, even as its use cases were still evolving; almost every industry experienced critical IT disruptions due to a lack of resilience planning; and despite downplaying third-party risks, organizations globally saw an increase in software supply chain breaches.

With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organizations pivot to adopt more proactive security measures to limit material impacts. This year’s cybersecurity, risk, and privacy predictions from Forrester for 2025 reflect how organizations need to evolve to address these emerging risk domains. Here are three of those predictions:

CISOs will deprioritise GenAI use by 10% due to a lack of quantifiable value. According to Forrester’s 2024 data, 35% of global CISOs and CIOs consider exploring and deploying use cases for GenAI to improve employee productivity as a top priority.

The security product market has been quick to hype GenAI’s expected productivity benefits, but a lack of practical outcomes is fostering disillusionment. The thought of an autonomous security operations centre using GenAI generated a lot of hype, but it couldn’t be further from reality.

In 2025, the trend will continue, and security practitioners will sink deeper into disenchantment as challenges such as inadequate budgets and unrealized AI benefits reduce the number of security-focused GenAI deployments.

Related:  Prudential to use GenAI on medical claims

Breach-related class-action costs will surpass regulatory fines by 50%. Breach-related spending is no longer limited to regulatory fines and remediation costs. Historically, cyber regulations have not gone far enough to protect customers and employees — causing these same people to pursue class-action lawsuits and seek damages.

Class-action costs are enormous in data breach litigations. And with the percentage of companies facing class actions at a 13-year high, CISOs will be asked to contribute toward the company’s class-action defence fund in 2025, making costs from class actions greatly exceed fines imposed by regulators.

A Western government will bar specific third-party or open-source software. Software supply chain attacks are a top culprit for data breaches in organizations globally. Growing pressure from Western governments to require private companies to produce software bills of materials (SBOMs) has been a boon for software component transparency, but these SBOMs highlight the role of third-party and open-source software in the products that governments purchase.

In 2025, a government armed with this information will restrict an open-source component on the grounds of national security. To comply, software suppliers will need to remove the offending component and replace the functionality.

Tags: ForresterPredictions 2025
Cody Scott

Cody Scott

Cody Scott is a senior analyst at Forrester serving security and risk professionals. He covers cyber risk management with a focus on cyber risk quantification (CRQ), enterprise risk management (ERM), and governance, risk, and compliance (GRC). In this role, Scott helps Forrester clients tailor and implement effective risk management strategies, processes, and technologies that innovate their security programs, strengthen operational resilience, and deliver business value. Previous Work Experience Scott has 10 years of experience in the security field leading complex projects, building high-performing teams, and transforming cybersecurity and privacy programs. Prior to Forrester, Scott served as the first chief cybersecurity risk officer of the National Aeronautics and Space Administration (NASA), where he led a team focused on building a world-class cyber risk and resilience program. Before joining the civil service, Scott worked as a consultant supporting technology projects and programs across the US Department of Homeland Security, the Transportation Security Administration, and NASA. He has been a featured speaker at leading conferences, including RSA Conference, FAIRCON, and DOE CyberCon. Education Scott holds a BA in international affairs from the George Washington University. He is also a certified expert risk management framework professional.

No Result
View All Result

Recent Posts

  • DDoS attacks surge in Asia Pacific, claims Cloudflare
  • Reimagining security for the AI Era
  • PodChats for FutureCISO: Articulating the business value of security in 2025
  • New standard for cybersecurity at the storage layer
  • Cybersecurity challenges persist despite improved defenses

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl