Data Protection Predictions from Experts for 2025
For our 6th annual Insight Jam LIVE!: Strategies for AI Impact. Solutions Review editors sourced this resource guide of data protection predictions for 2025 from Insight Jam, its community of enterprise tech and AI builders, implementors, and experts. Join Insight Jam free for exclusive expert insights and much more.
As we step into 2025, the evolving landscape of enterprise technology and artificial intelligence continues to shape how organizations approach data protection. In an era defined by rapid innovation and heightened cybersecurity threats, staying ahead requires insights from those who build, implement, and innovate at the cutting edge of these technologies.
This curation features predictions from leading professionals within our vibrant enterprise tech and AI community—visionaries who design the systems, implement the strategies, and secure the lifeblood of modern enterprises: their data. These expert insights offer a window into the trends, challenges, and solutions that will define data protection in the year ahead.
From advancements in AI-powered risk mitigation to new paradigms in regulatory compliance, these predictions provide actionable perspectives to help organizations navigate the complexities of 2025. Dive in to gain strategic foresight and practical guidance from the builders and implementors shaping the future of enterprise data protection.
Data Protection Predictions from Experts for 2025
Charles Ruffino, SoftIron
Cloud-Native will replace 40 percent of traditional VMware deployments
One of the beauties (and costs) of capitalism is that dramatic price increases to existing technologies drives innovation and adaptation. With average price increases of 325 percent (and some substantially higher), and three-year lock-ins, both the buy side and the sell side of this market segment will scream for alternatives, and they will show up. The coming year will see legacy VMware users reevaluate their options, with many pivoting to cloud-native approaches for greater flexibility. This shift for smaller organizations is already a no-brainer, but the real coup will be in federal and large enterprise entities.
While there are no technologies capable of making the transition as simple as checking a box (due to patent infringement and scary men in black suits showing up at your office), rethinking the convoluted Gordian knot of interconnectedness into more straightforward implementations with modern approaches is the clear and effective way forward.
Andy Boyd, Appfire
The SaaS market will evolve through AI-driven innovation and compliance
Looking toward the year ahead, the SaaS industry will be defined by three critical imperatives: adopting AI, upskilling in AI, and navigating increasing regulatory complexity. To stay relevant in the future, SaaS providers must leverage AI to both build great products and also a foundational method to how teams work — to deliver smarter, differentiated products and services. Additionally, Product leaders will need to revisit their organizational structures, ensuring they have the right expertise—individuals who understand how to use and apply AI—to meet the demands of this evolving landscape.
At the same time, organizations must be aware of the changing risk and regulatory landscape. Evolving compliance and cloud regulations will demand a proactive approach to managing risks, including areas of data security, AI regulation and intellectual property concerns. Ultimately, success in 2025 and beyond will hinge on the ability to align technology and people investments with shifting market realities, all while maintaining a proactive approach toward the risk landscape.
Skip Levens, Quantum
We’re talking the data race v. the arms race
In the last year, there has been a frenzy around AI, with investors and organizations throwing cash at the buzzy technology. But the real winners are those who saw past the “buzz” and focused on actionable takeaways and what will actually help their organization. We’re finding now that the gold rush isn’t the technology itself, it’s the data that feeds AI and the value it presents. In 2025, organizations that take a more pragmatic approach to AI—and its underlying data infrastructure—will be best prepared to fuel new insights and power discovery.
Those who are leading the data race are the ones who are not only leveraging every scrap of their collected data for differentiated AI outcomes, but those who have an infrastructure and process in place for effectively doing so—managing, organizing, indexing, and cataloging every piece of it. They’ll produce more, faster, and better results than their competitors. In 2025, we’ll start to see who leaps ahead in this new ‘data and algorithm arms race.’
Tim Golden, Compliance Scorecard
Intensified Regulatory Enforcement and Fines
Regulatory bodies are expected to increase enforcement of cybersecurity laws, such as CMMC and FTC 3.14, with a focus on stricter audits and leveraging mechanisms like whistleblowing. This will intensify scrutiny on compliance practices across the board.
MSPs will face heightened risk of fines and legal actions if they fail to meet these regulatory demands, making proactive compliance a business-critical priority.
Increased Legal Accountability and Liability
In 2025, evolving legal frameworks will place greater responsibility on MSPs for their clients’ cybersecurity, holding them liable for security breaches and compliance lapses. This heightened accountability is set to redefine service contracts and risk management strategies. MSPs without a thorough understanding of legal obligations may find themselves vulnerable to lawsuits and significant financial losses, emphasizing the need for legal expertise in their operations.
Resource Constraints Hindering Compliance Efforts
The ongoing shortage of skilled cybersecurity professionals will exacerbate staffing challenges for MSPs, leaving teams stretched thin and under-resourced. This could hamper their ability to meet compliance demands effectively. Resource limitations may result in compliance gaps and heightened vulnerability to security breaches, making workforce development a pressing need for MSPs in 2025.
Over-Reliance on Tools Without Adequate Processes and Personnel
MSPs will increasingly depend on tools to address compliance and cybersecurity challenges, often at the expense of establishing strong processes and trained personnel. This approach could prove counterproductive. Tools without robust processes and skilled management may lead to misconfigurations, overlooked risks, and a false sense of security, underscoring the importance of a balanced strategy involving people, processes, and technology.
Ian Cohen, LOKKER
- The federal agencies will likely become less activist. The FTC and CFPB will become less activist, and state Attorneys General will become more active.
- States will continue to act in both bi-partisan and partisan ways. Privacy has generally been a bi-partisan issue, and this will continue as one of the few areas where legislators will sometimes cooperate.
- Many states will get more vigilant in the protection of certain groups and areas. Reproductive rights, immigration, healthcare/medical data, location tracking and surveillance will all get additional legislation to protect associated rights to restrict sharing of their data.
- Children’s privacy will expand as several states will push back more against social media and for age-gating. This will help limit what children are exposed to and influenced by via these channels. More parental controls will be built into apps to provide robust parental oversight features.
- Healthcare and medical data in particular will remain under strict scrutiny when it comes to consumer privacy online. Companies providing consumer health care information need a Consumer Health Data Privacy Policy. Those without, will be more likely to get sued.
- Legal enforcement actions will continue to drive privacy needs as the technology issues causing privacy fails continue to exist. Online “Consent” continues to be ineffective for privacy protection as consumer choices to opt-out don’t actually stop data sharing.
- There will be no federal privacy law under the current administration. If anything is proposed, it will not affect the state laws at all. State legislation around privacy will continue to grow.
- Cyber Liability insurance will increasingly require a privacy audit. As the number of privacy breaches and privacy violations continues to rise, cyber insurers will demand more thorough privacy programs at underwriting. Prior to giving coverage, insurers will scan company websites to check if they have systems and processes in place to mitigate their privacy risk.
- Notice and Consent Frameworks will be further scrutinized, both for accuracy and effectiveness. Regulators will find and fine companies that share data when consumer choice is to reject data sharing.
- Privacy will become a competitive advantage for companies. Prioritizing privacy will attract not only privacy fanatics but also common consumers who realize the value of protecting their data. Consumers realize sharing their data is driving incessant ad retargeting and out of control ad frequency that makes them feel “tracked.”
- Privacy and Security will work together more closely. Losing data in a breach or sharing data illegally are two sides of the same coin. Cybersecurity audits will be seen as incomplete without a privacy risk audit.
Ted Krantz, interos.ai
Attack surface security risk in supply chains
As global interconnectivity deepens, the scale and speed of cyber breaches ripples across the globe quicker than ever, amplifying the “blast radius” of attacks. In the first 10 months of 2024, 15,137 companies were impacted by reported cyber attacks, according to interos data. This multiplied out to 1.3 million tier 1 suppliers, 3.1 million tier 2 suppliers and 3.8 million tier 3 suppliers. As today’s supply chains rely more heavily on networks with many tiers of suppliers, the expanded attack surface of businesses must be approached with more diligence.
In 2025, organizations must adopt advanced attack surface management strategies to gain visibility into their entire supplier networks to fully assess their exposure to cyberattacks. These strategies include uncovering hidden supplier relationships, evaluating the cyber vulnerabilities of both direct and sub-tier suppliers, and assessing a broad spectrum of risk categories. Companies will also focus on identifying over-reliance on single suppliers and visualizing geographic clusters to mitigate cyber risks when they are impacted. By embracing these measures in the upcoming year, organizations can reduce their exposure to cyber threats, protect their digital supply chains, and ensure resilience in an era of ever-expanding cyberattack surfaces.
Paul Laudanski, Onapsis
Cloud migration delays will trigger security emergencies
As organizations face pressure to migrate their business-critical data to the cloud, many are still dragging their feet. Once migration becomes urgent, especially as we approach deadlines such as SAP’s 2027 cutoff to move to S/4HANA, the rush to transition will lead to mistakes such as leaving remaining vulnerabilities in the code or data you are bringing over. These mistakes could lead to costly delays or re-dos. Organizations still on legacy systems need to modernize their applications immediately to survive in the digital world that is already surpassing them. In 2025, we must prioritize addressing this migration before the risk compounds, by way of proper cross-functional planning and execution.
New year, same vulnerabilities
The threat landscape is only getting bigger; the vulnerabilities security teams are facing are the same ones we continue to see every year. Organizations are still not prioritizing securing their business-critical applications and, therefore, often end up in the same situations. Vulnerabilities, old and new, are continuously being leveraged to get through Internet of Things devices, firewalls and VPNs. Once threat actors enter an organization’s systems, they go after the most valuable information, which is stored in business-critical applications.
If nothing changes in 2025, companies will continue to battle these typical, preventable vulnerabilities and put their customer’s data at great risk. When crafting goals for 2025, leaders need to evaluate where security is on their priority list and how they can best combat these threats.
Jeffrey Wheatman, Black Kite
There will be a rise of the vCISO and CISO consultants
It’s no secret that there has been increased pressure on the CISO role over the past several years. From the rise of ransomware attacks, AI sparking new tactics and more sophisticated social engineering attacks, companies now have to play good offense and defense to stay ahead of bad actors. With these pressures — plus often stretched security teams — CISOs will move out of in-house positions and into more consulting roles or vCISO roles in the coming year to better manage their workloads. If this trend comes to fruition, the impact on the industry could be immense. Having security leaders who are not in-house could create vulnerabilities or gaps in security, which can stifle organizations’ strategies and leave them open to attacks.
EU’s DORA framework will start a trend toward regulations focusing on business resilience
The financial industry is a prime target for cyberattacks because of the substantial capital and sensitive data it holds. DORA, a compliance framework out of the European Union (EU), which will go into effect on January 7, 2025, addresses risk by building on existing laws, such as the Network and Information Security (NIS) Directive and GDPR, to close gaps in digital and third-party risk management. It’s a great first step in the financial sector that will start a trend across industries. It will be the first in a series of globally focused regulations that move upstream from cyber and focus more on business and organizational resilience as the primary objective.
There will be more shareholder action against companies that drop the cybersecurity ball
It is not uncommon for shareholders to file lawsuits against companies for not doing ‘the right thing,’ and in 2025, we can expect to see more of this action being taken. When cyber incidents occur, they lead to substantial financial losses, regulatory fines and damage to brand reputation — all of which directly impact shareholder value. Investors argue that neglecting cybersecurity reflects inadequate governance and risk management, especially when companies don’t prioritize safeguarding data and operational systems. In today’s threat landscape, a proactive approach to cybersecurity is essential for corporate responsibility. Shareholders will increasingly take legal action against companies that fail to implement effective cybersecurity measures, viewing it as a breach of fiduciary duty to protect assets.
J-M Erlendson, Software AG
Shadow AI is here to stay
Even as companies push towards developing proprietary AI models, shadow AI will remain pervasive. People tend to favor their own way of doing things, so it’s incumbent on business leaders to evolve in how they address unsanctioned AI use.
Blanket bans may have the unintended effect of discouraging innovation, while a failure to lay out policies will bring security and compliance risks. The focus from a governance standpoint should make sure company tools are the best available options, as well as educating workers about the inherent risks of shadow AI.
Moshie Weis, Check Point Software
GenAI to Drive the Future of Cloud Security Against Evolving Threats
In continuation to last year, GenAI will continue to empower both attackers and defenders. Attackers can now use AI to generate complex, targeted phishing, deepfakes, and adaptive malware. In response, cloud-native security solutions leverage GenAI to automate threat detection and response across distributed environments, enabling real-time analysis and predictive defense. By 2025, using AI within cloud-native frameworks will be essential for maintaining the agility needed to counter increasingly adaptive threats.
Cloud-Native Solutions to Shape the Future of Data Security
With data spread across diverse cloud-native architectures, adaptive, data-centric security is essential. Cloud-native solutions now provide dynamic protection across data lifecycles, securing data at rest, in motion, and in use. This will be critical in 2025 as stricter compliance standards and more data-centric attacks demand robust, consistent security for data everywhere. In 2025, cloud-native solutions will be crucial for staying resilient, adapting to new regulations, and navigating an ever-evolving threat landscape.
Balaji Ganesan, Privacera
Adaptive Strategies for Modern Data Protection
As hybrid and multi-cloud infrastructures become the norm, the need for comprehensive data protection strategies that span on-premises and cloud data becomes increasingly pressing. A report by Oracle and 451 Research noted that 98 percent of enterprises use a multi-cloud approach, underscoring the security complexities this brings.
Hybrid and multi-cloud architectures are the lifeblood of modern business agility. However, with great flexibility comes great responsibility. For 2025, we must enforce consistent, adaptive security policies that accompany data wherever it flows—cloud, on-premises, or edge. This is not just about safeguarding data but about building a resilient and trust-driven digital economy.
Joe Regensburger, Immuta
Greater AI reasoning capabilities will broaden the types of business problems that can be solved using LLMs
OpenAI’s GPT-o1 is being developed to better reason through complex tasks and solve more challenging problems. As these types of LLMs gain traction, the real world problems they are tasked to solve require more than just language modeling. These problems require reasoning and inference. Existing LLMs struggle with these types of problems.
Small Language Models (SLMs) will take off as a means of solving more targeted problems with greater cost-efficiency
We need to be more discriminating in what problems we ask LLMs to solve. Many natural language processing (NLP) applications can be solved using more cost efficient models such as GPT-4o-mini, Gemini-flash, etc. Using more cost efficient models means lowering the cost-covering point for the use of LLM services.
Model security—specifically data security, data lifecycle management, and data telemetry—will be a top priority as Commercial-off-the-shelf (COTS) foundational models drive quicker adoption of Generative AI functionality across multiple industries
Enterprises can now build applications around COTS AI models, reducing the need to acquire and maintain specialized hardware, and affording Generative AI companies the opportunity to amortize astronomical training costs across multiple users. This has been a revolution in machine learning, but it carries a cost to security. The fact that there are a relatively small number of models serving a broad number of users, makes these foundational models tempting targets for adversaries both in terms of training and avoidance. We are applying generative AI to more tasks, and empowering generative AI with a degree of autonomy. This increases the responsibility for AI developers to demonstrate that the data they use to train and refine model predictions is clean, timely, and has provable lineage. We will see a greater need for tools which automate the track data usage throughout its lifecycle.
Andrew Harding, Menlo Security
AI-driven deep fakes will become more sophisticated and hidden, bypassing traditional security measures
As Menlo Security has outlined in the Global Cyber Gangs Report in June, hyper-realistic, AI-driven cyber fraud will increase, making it difficult for individuals to discern between legitimate and malicious sites. These deepfakes will mimic trusted brands, government agencies, or even personal acquaintances, leading to automated and targeted phishing attacks and credential theft. Such attacks will largely bypass traditional security measures and exploit vulnerabilities in systems that are not yet known or patched, leading to widespread data breaches and system disruptions if enterprises don’t adopt AI-driven defenses to counter these threats.
Cybercriminals will up the ante on browser-based attacks to deploy ransomware, targeting critical infrastructure in particular
Cybercriminals will leverage browser-based attacks to deploy ransomware, targeting critical infrastructure sectors like healthcare, energy, and transportation. This shift will bypass traditional network defenses, making it easier for attackers to infiltrate systems and encrypt sensitive data. We have seen this trend developing during 2024, with about one significant confirmed browser exploit each month. To mitigate this risk, organizations must prioritize browser security, implement robust security measures, and stay updated on the latest threat intelligence.
Insider threats will proliferate as widespread remote and hybrid work environments exacerbate risk
Insider threats will increasingly originate from well-intentioned users who fall victim to sophisticated targeted attacks. The persistence of widespread remote and hybrid work environments will exacerbate this risk. To combat this emerging threat, new tools and technologies will emerge to assist users, removing the burden of identifying and mitigating potential risks on their own. These tools will detect malicious activity and operate far beyond the capacity of manual human analysis.
Todd Moore, Thales
Data privacy regulations will take main stage in the US
The U.S. has notoriously lagged behind other countries in establishing federal level regulation around data privacy; typically, this has been dealt with on a state-by-state basis with some, like California, introducing their own flavor of privacy acts. In 2024, we saw the introduction of the American Privacy Rights Act (APRA), which is still awaiting approvals, bringing the federal regulation closer to a reality.
The future of APRA is currently uncertain and while it’s not possible to predict how emerging regulations may unfold, we can expect APRA and data privacy more broadly to remain central to discussions during the year ahead in the U.S. This will further force data privacy in the spotlight and bring into question the ways in which data dynamics may change for companies, from how they store, share and look at their data under the lens of privacy.
Data privacy regulations will dominate globally
The United Nations Trade and Development (UNCTAD) states that 80% of countries now have or are working on data protection and privacy legislation. Regulations will increasingly mandate that data be stored and processed within specific jurisdictions to address risks associated with international law enforcement. Cloud providers and businesses will need to comply with local data sovereignty laws. Organizations will increasingly adopt privacy-by-design principles, with privacy and data protection embedded in new systems and application development. Privacy-enhancing technologies based on encryption and cryptography are the leading technical measures implemented to mitigate these risks.
While historically led by the states, privacy regulation is gaining momentum in the United States at the federal level. For example, 2024 saw the introduction of the American Privacy Rights Act (APRA), which, while awaiting approval, brought federal regulation closer to a reality.
The future of APRA is currently uncertain and while it’s not possible to predict how emerging regulations may unfold, we can expect APRA and data privacy more broadly to remain central to discussions in the year ahead in the U.S. This will further force data privacy in the spotlight and bring into question how data dynamics may change for companies, from how they store, share and look at their data under the lens of privacy.
Companies will proactively embrace compliance
With the acceleration of cyber-attacks, in the global context of the digital transformation of society and the fast adoption of cloud services or AI technologies by organizations, Nation-states are taking steps to regulate the digital space better. They adapt their compliance frameworks to formalize and enforce the responsibility of companies over their digital assets (workload, data, identities) and business resilience.
The cybersecurity landscape in 2025 will see a shift from reactive to proactive measures. Continuous monitoring and getting ahead of potential threats will become standard practice, along with more robust authentication measures. Compliance with new regulations such as NIS2, DORA, PCI 4.0, the UK Cyber Resilience Act, and the EU AI Act will be crucial. We will see some companies move to handle their data on-premises as a result, necessitating the same stringent security postures as cloud environments.
Gen AI-powered breaches will skyrocket
The adoption of AI technologies is also a reality for cyber threats. Hackers can leverage AI to complexify their attacks. AI can also facilitate the development of automated scripts by a larger number of less experienced hackers.
With enterprises being targeted by an influx of advanced phishing attacks, the likelihood that someone within their organization falls victim to an attack is at an all-time high, and we expect to see a steady rise in these across 2025. Once credentials are compromised, an enterprise’s entire network security crumbles, and with generative AI rapidly advancing social engineering methods, typical defense measures for credential compromise won’t be able to keep pace.
Critical infrastructure attacks will surge
Attacks targeting critical infrastructure have grown exponentially over the last few years. The overwhelming majority of these attacks on operational technology (OT) and critical infrastructure start with IT. Unfortunately, few within the operational space—from manufacturing to automotive—make this connection, often viewing themselves as separate from data security concerns. This focus on product development has led to a lag in security controls, with many industries still relying on dated and unsecured legacy systems.
Given that critical infrastructure will always be a prime target for cybercriminals due to its potential for widespread impact, the disconnect between IT and OT, combined with geopolitical issues, creates the perfect storm for insider threats to thrive. In the year ahead, addressing this gap will be crucial to safeguarding critical infrastructure.
Data fortification and supply chain resilience will intensify
In 2025, securing the software supply chain will be a top priority, especially after major breaches like SolarWinds and the rise of software supply chain attacks. Organizations will conduct deeper security assessments on their third-party vendors, including cloud providers, to ensure their software and services are secure. Protecting data from being compromised through uncontrolled third-party applications or services will become even more critical, with organizations needing more visibility into the services they rely on.
With the proliferation of data via collaboration platforms, companies will need to focus on file activity monitoring and data watermarking to protect sensitive information. Supply chain security will also be a significant concern, as vulnerabilities in the supply chain can lead to widespread security breaches. The generation of personal data by users through various apps and services will increase the risk of data exposure, necessitating stronger data protection measures.
Chene Tradonsky, LightSolver
2025 Prediction: Don’t believe the hype around the use of optical computing for AI computations
Despite the industry hype around the use of optical computing for AI computations, we anticipate faster implementation and innovation of the technology in the HPC field for complex simulations such as climate modeling and computer-aided engineering. The iterative nature of many of these computations gives optical processors a significant advantage as they can execute single calculations at a speed unrivaled by classical computers. For optical chips and systems to deliver their speed and energy-efficiency promise in AI, new methods and models must be developed and brought to maturity first, which could be a few years away.
Avani Desai, Schellman
AI-Driven Cyber Threats on the Rise
The biggest cyber threats in 2025 will stem from increasingly sophisticated, AI-driven attacks. As AI evolves at breakneck speed, attackers are deploying machine learning models that adapt, disguise themselves, and evade traditional defenses in real-time. This creates a constant race between defensive and offensive AI technologies, making it harder to detect and combat cyber threats.
Emergence of Autonomous Malware
One under-the-radar development is the rise of autonomous malware. Unlike traditional malware, this next generation can operate independently, learning to bypass security measures as it moves through systems. These self-sustaining attacks refine themselves at each step, presenting a profound challenge for cybersecurity defenses. Few are prepared for this shift, but it has the potential to reshape the entire cybersecurity landscape.
Geopolitical Cyber Warfare and AI Alignment
The geopolitical landscape will grow more complex as governments expand their cyber warfare capabilities. With rising tensions, state-sponsored attacks are likely to escalate. Cyber operations will increasingly serve as extensions of diplomacy, exposing organizations to indirect risks from global rivalries. A critical, emerging concern is AI alignment—AI models tailored to serve specific geopolitical motives. These tools could be engineered to exploit vulnerabilities in a rival’s infrastructure, targeting not only regions but also specific economic and political agendas.
Jeremy Ventura, Myriad360
GRC Takes Center Stage
Governance, Risk, and Compliance (GRC) will gain heightened importance as businesses face mounting regulatory and compliance demands. Companies will increasingly integrate GRC into their core business operations, making it a strategic pillar rather than just a checkbox exercise.
Jean-Marc Gaufres, Dassault Systemes
Virtual Twins: The Game-Changer for Reducing Data Center Energy Consumption
In 2024, we witnessed a significant surge in data center demands driven by the rapid growth of AI technology, which is projected to further increase energy consumption by 160 percent by 2030. In response, in 2025 we can expect data center stakeholders to take more concerted action to mitigate this trend.
In 2025, we may not completely solve the problem of energy consumption challenges of data centers, but we will significantly reduce their impact. For instance, an effective strategy is to take a holistic approach to optimizing the energy consumption of cooling systems and IT, which together account for 80 percent of total energy use, by leveraging virtual twins – a solution with the potential to be revolutionary. These virtual models can simulate computer workloads and their impact on energy consumption, heat generation, airflow cooling and the combination of water cooling systems – direct liquid cooling. This approach can reduce server consumption by up to 10 percent, along with cooling consumption by 30 percent, resulting in significant savings on energy bills.
Finding ways to reduce energy consumption in any form is critical in the short-term versus attempting to solve the problem in full – small, manageable steps are the key to long-term progress. By showcasing the efficacy of strategies like optimizing cooling systems through virtual twins, it paves the way for further innovation in other aspects down the road.
Mehdi Daoudi, Catchpoint
2025: The Year of Comprehensive Third-Party Risk Management in Business Continuity
Third-party risk will dominate business continuity planning as companies rely more heavily not just on SaaS and cloud providers but also on a complex web of APIs, partner integrations, supply chains, and third-party code. This intricate network means that disruptions from any single vendor—or even a single integration—will have ripple effects across operations, potentially impacting entire supply chains and revenue. To mitigate these risks, proactive, real-time monitoring of all third-party interactions will be critical, with companies demanding full transparency and accountability on performance and recovery plans from all their critical vendors and partners.
Navigating Mega and Micro-Outages in a Hybrid-First World
In 2025, digital infrastructures will reach unprecedented levels of complexity, making outages an inevitable part of the landscape. This year will see a rise in both industry-wide mega-outages and subtle micro-outages—small disruptions that can chip away at customer trust over time. The critical issue is not simply hybrid versus cloud but rather the entropic nature of technology itself: as systems become more distributed and complex, they’re inherently harder to manage and predict. To maintain resilience, companies will need a strategic, adaptive approach that focuses on rigorous monitoring and faster response times to both large-scale and minor disruptions, protecting their brand and fostering reliable customer engagement amidst this volatile digital environment.
Milliseconds Define the New Standard for Uptime and User Experience
Milliseconds will become a critical metric for digital performance, as even slight delays accumulate to create significant interruptions in user experience. As our latest benchmark report indicates, sites experiencing full-second delays are not uncommon. However, when each call in a transaction adds just a few milliseconds, the aggregated impact can extend to seconds, which users perceive as frustratingly slow. In a world where “slow is the new down,” companies will treat sub-second optimizations as the gold standard, investing in advanced tools to monitor and minimize these incremental delays and to maintain a seamless, high-speed digital experience for customers.
Cloud Optimization Will Shift from Cost to Risk Mitigation
Enterprises will increasingly view cloud infrastructure as a tool for risk mitigation rather than just a means to cut costs. As organizations balance hybrid infrastructures with regulatory demands and the need for resilient systems, they’ll focus on creating secure environments that safeguard data, support AI-driven operations, and withstand unpredictable outages and cyber threats. Standards like DORA (DevOps Research and Assessment) will play a crucial role in guiding companies in establishing reliable, secure, and efficient cloud architectures that prioritize resilience and reduce operational risks across complex, distributed environments.
Edge Compute: The New Frontier in 2025
Edge computing will emerge as the new frontier, enabling real-time data processing closer to where it’s generated—whether in autonomous vehicles, IoT devices, or remote facilities. By minimizing latency and reducing the load on centralized cloud resources, edge computing will transform industries like manufacturing, healthcare, and retail with faster, more reliable data-driven insights. This shift empowers applications that demand ultra-low latency, increased security, and local processing capabilities, pushing businesses toward a future where edge intelligence enhances user experiences, operational efficiency, and scalability like never before.
Bill Bruno, Celebrus
We will see more and more compliance conversations enter industries such as retail that have historically been further behind in this discussion
Given that the US has generally been behind in the privacy and compliance discussions in comparison to other countries with the state-level approach, we have already seen frameworks such as HIPAA take an approach to provide more national control over PHI in healthcare.I suspect that this will then result in more legislation considered at a national level, and much of this will most likely be driven by the breaches that have occurred in the past six months.
Stephen Manley, Druva
We’ll see the first data breach of an AI model, temporarily refocusing efforts in favor of shoring up security vulnerabilities.
Paige Schaffer, Global Identity & Cyber Protection
Regulatory Environment
The regulatory landscape for AI is developing along divergent paths globally. The European Union is taking a risk-based approach about AI through the EU AI Act, implementing comprehensive regulatory frameworks. In contrast, I expect the United States to adopt a more permissive approach under potential libertarian economic policies, allowing for greater flexibility in AI development and deployment, emphasizing national security and economic competition with China.
Neeraj Methi, BeyondID
AI-powered identity management beats SSO+MFA
- Taking that step further, AI-powered identity management will transform access control by integrating with popular AI frameworks to monitor and analyze user behavior continuously. These AI-enhanced IAM systems will detect anomalies and dynamically adjust permissions based on real-time context, reducing the risk of unauthorized access. This shift will make identity management more adaptive, providing enhanced security while responding to users’ changing behaviors and needs.
- Generative AI will introduce sophisticated new attack vectors, with synthetic identity fraud becoming a prominent method for unauthorized access. Cybercriminals will leverage AI to create highly realistic digital identities, posing significant challenges for traditional verification methods. To combat this threat, organizations must adopt advanced identity verification tools capable of detecting synthetic identities and monitoring for anomalies in real-time.
Nadir Izrael, Armis Security
Unified Security Management for Holistic Risk Prioritization
The rise of AI-driven cyber weapons and the increasingly blurred lines between military and civilian targets underscore the need for a holistic approach to security. A “single-pane-of-glass” strategy—one that consolidates security insights from diverse inputs like source code, misconfigurations, and vulnerabilities—will become essential to navigating the complexities of cyberwarfare in 2025.
Unified security management platforms that integrate early warning intelligence and risk prioritization across an enterprise’s entire infrastructure will be the cornerstone of cyber defense strategies. By offering a clear, comprehensive view of security vulnerabilities, risks, and threats, organizations can make more informed decisions and mitigate risks before they materialize into full-scale attacks.
Expanding the Scope of Vulnerability Management
In 2025, vulnerability management will expand beyond traditional vulnerabilities. Organizations will need to consider security gaps, such as compliance failures, misconfigurations, and operational blind spots, as integral parts of their defense strategy. Adopting a broader vulnerability management framework that captures the full spectrum of security risks, along with AI-based alarm deduplication, prioritization, assignment, and mitigation, will be critical in maintaining resilience in the face of evolving cyber threats.