Cybersecurity Awareness Month Quotes and Commentary from Industry Experts in 2025

For Cybersecurity Awareness Month 2025, the editors at Solutions Review have compiled a list of quotes, predictions, and commentary from leading experts across industries.

As part of this year’s Cybersecurity Awareness Month, we invited the best and brightest minds in the enterprise technology market to share their best practices, predictions, and personal anecdotes about the impact of artificial intelligence on their careers, companies, and more. The experts featured represent some of the top influencers, consultants, and solution providers with experience across industries, and each projection has been vetted for relevance and ability to add business value.

Cybersecurity Awareness Month Quotes from Industry Experts in 2025

Kevin Bocek, SVP of Innovation at CyberArk

“As we enter Cybersecurity Awareness Month, organizations from retailers to airports to daycares are under attack. Unfortunately, the next big incident may be of our own making. Within months, every business and government agency will be required by Google, Microsoft, and Apple to replace their TLS certificates at an increasingly rapid pace. Beginning in March, certificates must be renewed more frequently, or websites will not load, mobile apps will not connect, and even baggage handling systems and ATMs could go offline. TLS certificates, also known as machine identities, are essential for authenticating sites to browsers and apps and for enabling encryption.

“We all recognize the problem when visiting a site that shows ‘can’t be trusted’ or ‘expired certificate.’ Now imagine the chaos if that happens eight to ten times more often within every organization as TLS certificate lifetimes shrink to just 47 days, leaving customers and citizens locked out. The good news is that automation is available through certificate management tools for every business. This is all part of sound machine identity security, which now requires the same level of priority and protection that we give to human identities.”

Ellen Boehm, SVP of IoT and AI Identity Innovation at Keyfactor

“This Cybersecurity Awareness Month, enterprises face a growing risk that wasn’t on the radar just a year ago: rogue AI agents. With agentic AI now moving into production, autonomous systems are capable of making decisions, transacting, and executing tasks without human oversight. Without strong identity and trust controls, these agents can quickly become shadow AI, acting outside policy, spoofing identities, or initiating fraud at machine speed.

“The challenge is clear. Most organizations can’t yet answer the fundamental question: Is this AI agent authentic? Legacy authentication methods like API keys and static tokens are easily compromised and offer no cryptographic proof of identity. If not addressed, this gap opens the door to breaches, data loss, and trust breakdowns, far faster than human-led security teams can respond.

“To counter this, digital trust must be embedded at the identity layer. Certificate-based machine identity management allows organizations to verify every agent, enforce policies, and revoke trust instantly if compromise occurs. This approach ensures visibility, accountability, and control over AI behavior in real-time. As agentic AI becomes part of the enterprise, securing it is no longer optional; it’s foundational. This Cybersecurity Awareness Month is a reminder that new threats demand new trust models.”

Mike Britton, Chief Information Officer at Abnormal AI

“While security education and training should, of course, be an ongoing initiative, Cybersecurity Awareness Month presents a unique opportunity for security leaders to emphasize the behaviors, tools, and resources that can help employees support the organization’s security year-round. To combat increasingly sophisticated threats—like those powered by generative AI—training must focus on the personal value of security for employees. Security leaders can also make education memorable and fun through gamification, contests, or inviting guest speakers. The goal is to maximize October’s momentum to establish an ongoing culture of security awareness that keeps employees engaged and cyber-focused throughout the remainder of the year, thereby protecting the organization.”

Phil Calvin, Chief Product Officer at Delinea

Jack Cherkas, Global Chief Information Security Officer at Syntax

“In an era of generative AI, automation, quantum computing, and advanced security platforms, it’s tempting to believe that only the latest technology can keep you safe online. This year’s Cybersecurity Awareness Month ‘Core 4’ actions prove this is a myth. The fundamentals—strong passwords, multi‑factor authentication, timely software updates, and scam awareness—remain the most consistently effective defenses for both organizations and individuals. For businesses, these basics safeguard operations and reputation; for individuals, they protect finances, privacy, and daily life. Getting them right is the cornerstone of cyber resilience and the foundation for safe innovation.”

Carolyn Duby, Field CTO and Cyber Security AI Strategist at Cloudera

“AI is driving up the volume and value of enterprise data, and cyber-criminals are matching its speed. As organizations operate across increasingly sprawling data environments, multiple platforms, each enforcing its own security and governance models, add to the complexity and inconsistency of controls within the system. This creates data silos and leaves sensitive data vulnerable, as there is no confirmation of who has access to it or how it is used.

“This lack of visibility creates a perfect opportunity for attackers and a significant liability for enterprises navigating stricter regulatory oversight. The solution to this is robust data governance, which encompasses consistent guardrails for access, accountability, and control throughout the entire lifecycle. During Cybersecurity Awareness Month, organizations have a duty to assess whether visibility and governance are being utilized correctly as the foundation of their resilience.

“You cannot defend what you cannot see. Cybersecurity begins with a clear line of sight into where data resides, who interacts with it, and under what circumstances. Yet storing data across multiple environments compounds this challenge. Security teams must manage multiple complex models simultaneously, often becoming ‘jack of all trades but master of none.’ The result is blind spots, gaps in monitoring, and frustrated users who may try to bypass cumbersome policies, which might lead to data leaks.

“Unified visibility enables organizations to detect anomalies, assess risk exposure, and prevent breaches before they occur. Governance frameworks that consolidate data across environments eliminate blind spots and give security teams a single, consolidated view of activity.”

Bill Dunnion, Chief Information Security Officer at Mitel

“Security teams today are navigating an environment where critical infrastructure is under constant pressure. Attackers understand that disrupting communications, transportation, or healthcare systems can cause significant operational and community impact, making these networks prime targets. The challenge is that these systems are often complex and rapidly evolving, with new technologies layered on top of legacy environments. That complexity means small gaps can quickly become big risks. The focus must be on visibility, detection, and the ability to respond quickly, because resilience is not just a future goal. It is what keeps essential services running safely every day.”

Ryan Edge, Director of Strategy, Privacy, and Data Governance at OneTrust

“Realistically, shadow AI will happen regardless of how strong a company’s policies are. Many companies are still in the process of rolling out enterprise solutions, and in the meantime, employees are experimenting with them. There is a clear urgency to figure out how AI tools can help people work better, faster, or in some cases, achieve something that wasn’t possible before. What matters most is how quickly an organization can identify, assess, and govern shadow AI. The reason it poses such a threat to the business is that AI can directly ingest sensitive data and make decisions without oversight. AI doesn’t operate in a silo, and issues can magnify quickly. Small decisions or inputs can scale into regulatory or ethical issues very quickly.

“For some organizations, shadow AI creeps up when governance teams can’t move fast enough to approve safe AI use. Data teams might decide to leave privacy and risk stakeholders out of the project altogether if they’re viewed as speed bumps.

“While business teams may not intentionally bypass privacy and risk management teams, these stakeholders know that inefficient processes can impact the speed at which they can innovate. This presents a clear opportunity for governance teams to demonstrate their AI readiness and serve as a driver of innovation. If they can accelerate their risk reviews, embed controls, and automate how they detect AI use throughout the business, they can shift more of their time to strategic AI advisory and earn a seat at the table, rather than chasing unsolicited AI use.”

Devin Ertel, Chief Information Security Officer at Menlo Security

Peter Galvin, Chief Growth Officer at NMI

“Cybersecurity awareness month is a great reminder that payment security is never one-and-done; it’s a constant race to stay ahead of fraudsters. Today, the two primary threats we face in online payments are fraud and compliance. Criminals are already using AI to crack outdated defence practices, but the irony here is that businesses must fight AI with AI. Payment fraud will continue to evolve with technological innovations, so the only way to protect merchants and consumers is with layered defenses that adapt in real-time. Tokenization, biometrics, passkeys, fraud detection tools, and strong underwriting all play a role. Still, true protection comes from a ‘security in depth’ approach, which involves layering tools such as AI fraud detection for both pre- and post-transaction verification, 3DS, and enhanced merchant vetting.

“The payment industry should see Cybersecurity Awareness Month as more than just a checklist; it’s a call to action. Too many companies still hesitate to adopt proven tools like tokenization because of the perceived complexity, but the cost of inaction is far greater and could come with a hefty cost. Security is about striking the right balance, keeping fraudsters out while keeping the customer experience seamless. Ultimately, the goal is to protect merchant and consumer trust, because once trust in payments is lost, everything else falls apart.”

Mike Geehan, Head of Security, Compliance, and Corporate IT at Cockroach Labs

“Yes, Cybersecurity Awareness Month can serve as a reminder to reset passwords and brush up on the latest in phishing best practices, but it’s an equally important time to revisit your organization’s approach to resiliency. Availability is one of the core pillars of the information security triad, so resiliency is vital to a business’s security strategy. Outages, cyber-attacks, unexpected vulnerabilities, or other events that cause unplanned downtime can test your defenses and expose any weaknesses in your infrastructure. Executives should take a step back and ask some simple questions: How resilient is our technical infrastructure under stress? Where are the weak spots? And are we testing them on a regular basis?

“Building scalable infrastructure is critical, but equally important is ensuring that scalability doesn’t introduce new vulnerabilities. Take a traditionally security-specific concept, zero trust. Apply the concept holistically across an organization’s entire architecture. Assume failure and breaches will happen, and build resilience at all levels of the ecosystem. Cybersecurity Awareness Month, as a lead-in to the new year, is the perfect time, aside from yesterday, to review compliance requirements, stress test your architecture, and continue to reinforce resilience. Prepare your organization to respond, not react to whatever 2026 has in store.”

Matan Getz, CEO and Co-Founder of Aim Security

“The pace of AI adoption has outpaced security, leaving many organizations exposed. Defenses must shift from ad‑hoc fixes to continuous protection that spans the full AI lifecycle. That means validating every input, governing use through clear policies, monitoring in real-time, and securing both the code and the integrations behind it. Trust in AI will depend on whether companies can see, control, and secure every point where they use, build, or run it — before attackers do.”

David Gildea, Vice President of Product and AI at Druva

Darren Guccione, CEO and co-founder at Keeper Security

“Since 2004, Cybersecurity Awareness Month has served as a reminder that protecting our nation’s digital infrastructure is inseparable from protecting our physical infrastructure. Nation-state adversaries and organized cyber-criminals are launching more frequent and more sophisticated attacks than ever before, making agencies like the Cybersecurity and Infrastructure Security Agency (CISA) vital to our collective defense.

“The majority of U.S. digital infrastructure is owned and operated by the private sector, placing businesses directly on the front lines of this battle. Public-private collaboration is no longer optional–it is essential. By sharing real-time threat intelligence, advancing zero-trust security models, and implementing modern Privileged Access Management (PAM) solutions, organizations can support our government agencies in strengthening our digital borders and protecting the systems that power our society.

“A unified approach–with government and private industry working side by side–is the only way to stay ahead of today’s adversaries and tomorrow’s unknown threats. By embracing this collaboration and prioritization of cybersecurity as a national security imperative, we can build a more resilient future for all.”

Subo Guha, Senior Vice President of Product Management at Stellar Cyber

“For Cybersecurity Awareness Month, Stellar Cyber is reminding everyone if it seems too good to be true, don’t click it. Nearly 73 percent of Americans have experienced an online scam or attack. Cybersecurity isn’t just a tech problem, we all have a responsibility to build better digital instincts and make safer online choices.

“Safe practices to follow:

• Check Who Sent It: If you get a message from someone you don’t know or the number looks suspicious, don;t click on anything!
• Watch for Red Flags: Fake texts often have mistakes such as bad spelling, odd grammar or urgent language saying ‘Hurry!’ or ‘Do this now!’ They might also promise you prizes or threaten you into clicking.
• Keep Your Info Secret: Never share personal information through text or email. Legitimate organizations never ask for sensitive info this way.

“Senior citizens are a frequent target of online scams,but research shows that Gen Z is now the most at risk. Let’s all help each other stay safe and spread awareness!”

Elyse Gunn, Chief Information Security Officer (CISO) at Nasuni

“As cybersecurity threats become increasingly complex and widespread (67 percent of organizations report at least one cyber-attack in the past year), Cybersecurity Awareness Month is vital in reminding leaders of the actions needed to keep their businesses secure. As these threats become more common, the role of cybersecurity leaders has evolved. Where security teams once took a more cautious stance toward new technologies, they are now driving innovation, working alongside business leaders to find secure and strategic ways to adopt tools that strengthen both protection and performance.

“Recognizing security as a core business function and embedding risk management across product design, culture, and decision-making allows organizations to adopt AI, cloud platforms, and emerging technologies with greater confidence. The organizations most at risk are those that are slow to adapt, which is why preparedness across people, processes, and technology is essential. As AI and cloud transformation reshape the enterprise, strong oversight and governance must ensure accountability and data protection, particularly as unstructured data volumes continue to grow. Ultimately, resilience is a shared responsibility among executives, employees, and partners. Every stakeholder plays a role in safeguarding data and sustaining the culture of vigilance that keeps organizations both protected and ready to evolve.”

Benjamin Harris, CEO and Founder of watchTowr

“Attackers are moving faster than ever. The time from disclosure to in-the-wild exploitation has never been shorter—in most cases, measured in hours, not days. That speed gives adversaries a huge advantage: they can slip in, drop backdoors, and establish persistence before security teams have even finished testing and rolling out a patch.

“That’s why patching alone is no longer a measure of resilience. If your only defense is ‘how quickly can we patch,’ you’re already playing catch-up. Think about it: fixing the lock on your front door doesn’t help if an intruder has already made a copy of the key and is coming and going as they please.

“Cybersecurity resilience today means the ability to react rapidly to emerging threats, not just patch, but detect compromise attempts, contain intrusions, and neutralize backdoors before attackers can fully capitalize. The organizations that succeed are the ones that treat rapid reaction to emerging threats as a broader capability and incident response rather than patching alone.”

Chris Hosking, AI and Cloud Security Evangelist at SentinelOne

“Cybersecurity Awareness Month is not just a time to celebrate AI breakthroughs, but a reminder that innovation without security can undermine the very progress AI promises to deliver. This risk is heightened by the sudden rise of AI agents, which are reshaping cybersecurity faster than most organizations can keep up. The question is no longer how to use agents, but how to secure them. Agentic AI has moved rapidly from theory to reality, but unless controls keep pace, innovation without security can compromise the safety and security of operations.

“As security teams develop AI-powered lines of defense, attackers are weaponizing the same advancements. Unsecured AI adoption leaves the door wide open to data leaks, malicious prompt injections and model exploitation. Organizations must have complete visibility into where AI agents are deployed and what data they can access – teams can only secure what they can see. Armed with end-to-end visibility, organizations can then deploy the policy-driven controls, guardrails, and real-time monitoring needed to outpace evolving threats. The organizations that succeed will be those that pair innovation with discipline, securing AI from the start rather than bolting on protection after the fact.”

Craig Jones, Chief Security Officer at Ontinue

Cliff Jurkiewicz, VP of Global Strategy at Phenom

“AI tools like ChatGPT and other generative AI models are being used to create perfect resumes and job applications, making it easier for fraudsters to deceive employers. Legacy HR systems were built on supply chain models and are easily exploited by imposter candidates. Job seekers who are not what they seem can hinder an organization’s ability to scale and grow into new markets, as well as hire top talent. The net effect of that can be devastating. You could literally go out of business.”

Nicholas Kathmann, CISO at LogicGate

“Shadow AI is one of the most significant threats facing enterprise cybersecurity today. The problem isn’t just that employees are using unmanaged AI solutions—today’s SaaS tools often treat AI as an opt-out feature rather than an opt-in, automatically providing AI capabilities to employees who may not be aware of how to use it safely. Recent industry research paints a concerning picture: While MIT’s 2025 State of AI in Business report found that over 90 percent of employees use LLMs regularly, IBM’s 2025 Cost of a Data Breach report found that only about a third of organizations perform regular checks for unsanctioned AI use. Without proper AI oversight, your data is at risk—and that ultimately puts your business at risk.

“With IT and security leaders managing hundreds to thousands of different SaaS applications at a time, maintaining continuous visibility into all AI use within the organization can be a challenge. However, a variety of tools are available today that can help identify when, where, and how AI is being used, and then determine whether those uses are authorized or unauthorized. At the same time, AI awareness training, in combination with ongoing security awareness training, is necessary for educating employees on what constitutes acceptable AI use within your organization. This is a critical part of driving safe and effective AI use that benefits the business, rather than creating unnecessary risk. AI policies will vary by organization, but a strong AI governance program should prioritize the issue of shadow AI. After all, it’s hard to limit risks your organization isn’t even aware of.”

Jason Keenaghan, Director of Product Management, IAM at Thales

“Cybersecurity Awareness Month is a reminder that trust in our digital lives is only as strong as our weakest link, which in many cases is human error. While often unintentional, mistakes like reusing or sharing passwords, alongside phishing, are entry points for attackers to exploit stolen credentials to move deeper into networks. For decades, organizations have relied on passwords to safeguard computer systems, applications, etc., against unauthorized users. While passwords have served their purpose, they demand extra effort from users for proper hygiene.

“Most people struggle to create and remember complex, ever-changing passwords for the maze of systems they access daily, or feel frustrated by multifactor authentication, but passkeys are a significant leap in removing this burden. Using cryptographic techniques and biometric authentication, passkeys are harder to compromise, and when device-bound, they never leave the user’s device, reducing the chance of threat actor interception. Synced passkeys remove the hassle of enrolling multiple times and make it simple for users to regain access if a device is lost or stolen.

“Building a passwordless strategy at the enterprise level doesn’t just reduce risk at scale; it empowers employees to extend safer practices across both their professional and personal digital lives. Employees who practice secure habits in the workplace may be inspired to install extensions only from trusted sources, keep devices updated, and use passkeys for critical accounts like banking and email. Adoption may not happen overnight, but embracing passkeys today sets both businesses and consumers on the path toward a more secure, passwordless reality.”

Doug Kersten, Chief Information Security Officer (CISO) at Appfire

“Many of today’s AI-enabled threats are not entirely new—they are amplified versions of long-standing attack vectors such as phishing, social engineering, and identity exploitation. What has shifted is their sophistication and credibility. Voice deepfakes and AI-generated messages can erode traditional trust signals, making awareness and vigilance critical. Organizations must return to fundamentals: control access, establish clear governance around SaaS and AI adoption, and equip security operations teams with the expertise and tools to recognize and mitigate AI-driven risks. The fundamentals of cybersecurity have not changed, but the urgency to apply them has intensified. Resilience in this moment depends less on reacting to every emerging tool and more on embedding proven practices into how we detect, respond, and protect.”

Fouad Khalil, Senior Director of Enterprise Security, Risk, and Compliance at Locus Robotics

“Businesses today are tasked with not only managing an influx of sensitive data and various software and applications, but also an explosion in devices and the networks they’re connected to. With a surge in access points, traditional network perimeters are no longer enough to keep businesses secure. Instead, modern threats require zero-trust architectures.

“This is especially true for automated warehousing environments where data management, software systems, and digital network infrastructure are identified as key vulnerabilities. These environments introduce additional security considerations, like the need to prevent robots from connecting to the public internet, which requires additional security layers built in, like separate private networks. As warehouses continue to automate their operations, leveraging solutions that embed zero-trust architecture principles will be essential in keeping the industry secure.

“This year’s Cybersecurity Awareness Month theme of staying safe online underscores the use of best practices like leveraging strong passwords and multifactor authentication, which are all core principles of zero trust architecture.”

Khash Kiani, Head of Security, Trust, and IT at ASAPP

“Generative AI is everywhere—and most tools require access to your organization’s most confidential data. This Cybersecurity Awareness Month, leaders need to go beyond the basics and understand the new wave of risks generative AI introduces. Everyone knows the general concept of cybersecurity, but few are prepared for emerging threats like prompt injection and data poisoning. These are subtle, dangerous, and often invisible ways in which AI systems can be manipulated.

“With traditional deterministic software, security testing can identify most vulnerabilities. But with generative AI, the same reviews may miss nuanced risks—like a malicious prompt hidden in customer feedback that bypasses controls, or two AI agents communicating in ways that leak sensitive data. Data poisoning poses another unique challenge: if attackers feed false or malicious information into your training data or knowledge sources, your AI can learn to behave incorrectly or even reveal private information later.

“AI security isn’t just about protecting systems anymore—it’s about safeguarding the integrity of the intelligence you build.”

Pete Luban, Field CISO at AttackIQ

“Cyber threats to organizations have never been higher than they are in 2025. With powerful cyber-crime groups like Scattered Spider and ShinyHunters conducting attacks that span across the globe, as well as the proliferation of insider threats made possible by the integration of AI into attack vectors, organizations have become overwhelmed by the multitude of different angles they can be hit from.

“It’s time to start fighting back and get a step ahead of the actors who seem to have organizations beat at every turn. By studying the tactics that cyber-crime organizations or individual actors employ when breaching systems, security teams can train their defenses to recognize when those strategies are used against them and react accordingly. Utilizing adversarial emulation techniques helps cybersecurity platforms identify potential areas of exploitation and alert security teams to handle them swiftly.”

Jon Lucas, Co-Founder and Director at Hyve Managed Hosting

“In 2025, we’ve seen just how quickly a breach can unravel operations, revenue, and brand trust, from the $375 million hit to Marks & Spencer to widespread attacks across the aviation sector.

“The key takeaway for 2026 is that resilience must be the cornerstone of cybersecurity strategies. Businesses should prioritize layered defense mechanisms, like zero-trust access, segmented networks, continuous training, and fast recovery playbooks. At Hyve, we believe that companies that are prepared for disruption, rather than chasing perfection, are far better equipped to maintain operations under pressure. With new regulations like CIRCIA and NIS2 demanding rapid response, cyber readiness now extends beyond IT to legal and compliance teams. Recovery speed and organizational awareness will define cybersecurity success in 2026.”

Andy Lunsford, CEO and co-founder at BreachRx

“Decades of cybersecurity tradition have fed a dangerous delusion: thinking static incident response plans, buried in digital drawers, can protect organizations from the harsh reality of a real cyber crisis. When incidents hit, most teams improvise while their playbooks gather dust, exposing them to both outside threats and internal scrutiny.

“The truth is, that paper plan is dead weight when a compromise occurs and executives need answers fast. Real-world resilience must be distributed, dynamic, and fully transparent. Every function—from IT and legal to HR and communications—needs a living playbook, clear ownership, and a culture built on practice and accountability. Document every move as it happens. Measure what matters: how fast teams detect, respond, and communicate.

“Ditch the old playbook and build systems that truly prepare people for the moments that count. This is more than technical insurance; it’s reputation management, operational survival, and the defining test of modern leadership.”

Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet

“In a year where threats have grown more automated, opportunistic, and relentless, two fundamentals remain critical: protecting against phishing and keeping software updated. These aren’t new ideas, and Fortinet’s 2025 Global Threat Landscape Report reveals why these basic actions continue to be the foundation of resilience. Attackers are increasingly using bots and machine-speed tools to scan for vulnerabilities and launch phishing campaigns at scale. This shift has made phishing more dangerous than ever.

“The value of Cybersecurity Awareness Month is that it reminds us to take the time to turn research into action. Here are two practices reinforced by Fortinet’s findings that we recommend everyone implement:

• “Strengthen phishing awareness. Employees should be trained to pause before clicking, verify sender details, and report suspicious messages. And remember, multifactor authentication (MFA) provides an additional safety net when credentials are compromised.
• “Automate software updates where possible. Organizations should implement centralized patch management. For individuals, enabling automatic updates on personal devices helps eliminate the lag time between patch releases and applications.”

Kavitha Mariappan, Chief Transformation Officer at Rubrik

“As AI drives the next wave of digital transformation, Cyber Awareness Month reminds us that cyber resilience—not just visibility—is key to securing our digital future. AI is forcing leaders to transform their infrastructure and applications, and adopt more cloud, which makes cyber resilience the number one priority for cybersecurity.

AI is also increasing identity and credential-based attacks—now the most prevalent type of cyber-attack. Rather than hacking into systems, attackers are now simply logging in, leveraging unauthorized access to credentials. Enterprises need to focus on Identity Resilience, which is designed to secure the entire identity landscape alongside data and protect the most common entry points for attackers—human and non-human identities (NHIs).”

Jimmy Mesta, Co-Founder and Chief Technology Officer at RAD Security

“Cybersecurity Awareness Month tends to focus on consumer safety, and that’s important, but it’s only part of the story. Behind every phishing warning or software update prompt, there’s a security team under pressure to make those defenses work at scale. That’s where awareness breaks down: not at the user level, but in the complexity of the systems that support them.

“The truth is, many security teams already know what needs fixing. The problem is bandwidth. They’re overwhelmed with alerts, stuck reconciling disconnected tools, and buried under compliance work that’s growing faster than their teams are.

“I believe that awareness has to include that layer too: the people behind the platform, not just the people using it. That means helping defenders focus on what matters, eliminate wasted motion, and translate technical insight into business action—before it ends up as a headline.”

Kunal Modasiya, Senior Vice President of Product, GTM, and Growth at Qualys

“Recent research reveals a troubling gap: while nearly half of organizations have formal cyber risk programs, only 30 percent align those efforts with business objectives. This disconnect leaves companies vulnerable, not just to technical breaches but to cascading impacts across operations, finances, and reputation. To close this maturity gap, security leaders must move beyond legacy metrics, such as CVSS scores, and adopt a unified risk framework, such as a Risk Operations Center (ROC)—one that continuously correlates vulnerability data, asset context, and threat exposure. This will enable smarter prioritization and faster, more meaningful remediation.

“Cybersecurity Awareness Month is a timely reminder: resilience is not just about tools and frameworks. It’s about context, clarity, and collaboration. Business leaders must ensure their 2026 cybersecurity strategy reflects this shift, investing in workforce enablement, governance, and technologies that align security with what truly matters to the business.”

Vasu Murthy, CPO at Cohesity

“The age of AI-powered attacks is here, and legacy tools simply can’t keep pace. This Cybersecurity Awareness Month, we must recognize that the next race in cybersecurity is AI versus AI. Forward-thinking organizations are now leveraging AI on two fronts: to better defend and recover against attacks, and to deliver clean, governed data that securely unlocks their data assets to fuel innovation. This isn’t just about better defense; it is about fueling innovation with cyber resilient data strategies.”

Renuka Nadkarni, Chief Product Officer at Aryaka

“Cybersecurity Awareness Month’s theme of Building a Cyber Strong America underscores that resilience is not just a government or enterprise issue, it’s a shared responsibility across every sector and individual. From protecting small businesses against ransomware to securing critical infrastructure to empowering citizens with practical habits like MFA, patching, and phishing awareness, the focus is on collective strength. By aligning education, technology, and collaboration, we create a layered defense that not only reduces risk but also reinforces national security and trust in the digital economy.

“Today’s interconnected world means a single weak link can ripple across industries and borders. It’s all about closing those gaps, whether it’s addressing supply chain risks, securing remote work, or ensuring public and private sectors work hand in hand. By embracing proactive defense strategies, investing in cyber skills, and making security part of daily culture, America can move from being reactive to truly resilient in the face of evolving threats.”

Elizabeth Nammour, Founder and CEO of Teleskope

“This October marks the 22nd annual ‘Cybersecurity Awareness Month.’ As we consider the cybersecurity landscape, we must also take into account the rapid acceleration of AI adoption and the increasing amount of sensitive information being ingested and exposed in unexpected ways.

“IDC projects global data volume will reach 181 zettabytes by 2025, meaning this rapid data sprawl is now one of the most urgent challenges in cybersecurity. Organizations now store petabytes of data across hundreds of fragmented systems, with limited visibility into what exists, where it resides, who can access it, or how it’s being used. Furthermore, many of the data security tools designed to solve this problem stop at visibility without offering any context or solution behind the countless threats these security teams, who are often stretched thin, face each day.

“Cybersecurity Awareness Month is a good reminder of the community’s responsibility to make solutions that are equipped to not only solve the problems of today, but tomorrow as well. This means going beyond basic visibility and ineffective security alerts and focusing on giving security teams what they need—accurate discovery, immediate enforcement, and scalable automated remediation, so enterprises can not only see their risks but resolve them at scale.”

Apu Pavithran, CEO and Founder at ⁠Hexnode

“Cyberattacks are no longer a burden IT can shoulder alone, especially now with Generative AI supercharging phishing and social engineering attacks. A quarterly security awareness seminar is, quite simply, a relic of the past. Employees need hands-on, simulation-based training that mirrors the sophistication of real-world attacks. When these drills are woven into daily workflows, people develop the instincts to pause, question legitimacy, and respond with discipline. That’s when training stops being theoretical, transforming awareness into action and action into habit.”

Gunnar Peterson, CISO at Forter

“The resilience of digital infrastructures largely hinges on how well businesses secure the identity systems at the heart of online commerce. As AI agents increasingly act on behalf of consumers, merchants face a critical test: how to welcome automation as a business driver without opening the door to fraudsters exploiting the same tools. Outdated defenses, such as static authentication checks or CAPTCHA, no longer provide meaningful protection. True resilience comes from pairing layered protection with adaptive detection—capturing richer identity signals, monitoring them continuously, and ensuring authentication cannot be manipulated into a vulnerability.

“By adopting detection-driven security and leveraging global intelligence networks, businesses not only reduce fraud risk but also strengthen the foundation of digital commerce. In doing so, they help protect both customers and the broader economy.”

Steve Povolny, Senior Director of Security Research at Exabeam

“Cybersecurity Awareness Month underscores a critical, often underestimated reality: insider threats represent the most dangerous risk to organizations today. According to Exabeam research, 64 percent of cybersecurity leaders agree that insider threats are more dangerous than external actors, and the risk is intensifying. With the rise of generative AI, two of the top three insider threat vectors are now AI-related.

“Despite this rising threat, most organizations remain underprepared. Eighty-eight percent of security leaders say they lack the behavioral analytics needed for early detection. Meanwhile, only 44 percent report using User and Entity Behavior Analytics (UEBA), a key capability for identifying abnormal activity and compromised credentials before they lead to serious incidents. Insider threats have evolved. They’re faster, more sophisticated, and increasingly AI-enabled. Security operations need to evolve, too.”

John Prisco, Quantum Consultant at Toshiba

“As we approach Cybersecurity Awareness Month, there’s a significant threat on the horizon that we must focus on–quantum computers that will break much of today’s cryptography.

“The U.S. previously set a goal to get to post-quantum cryptography (PQC) by 2030. This is essential to achieve, but the danger is that PQC alone is not enough. A purely algorithmic ‘safe’ cipher can still be cracked with time and computing power. That’s where Quantum Key Distribution (QKD) comes in, armed with physics-based security. To be prepared for a quantum-safe future, a hybrid approach of PQC and QKD is vital.

“A cryptosystem is considered to have information-theoretic security if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system that depends on the computational cost of cryptanalysis to be secure is called computationally secure or conditionally secure. For example, QKD has information-theoretic security, while PQC is computationally secure (conditionally secure).

“If we fail to act, we risk a ‘harvest now, decrypt later’ scenario, in which hackers siphon encrypted data today and wait until quantum computers can break it. In that case, what appears secure now may become vulnerable to a future breach. Ultimately, it’s on industry leaders to build a defense now, before the threat becomes unmanageable in the near future.”

Ravit Sadeh, VP Product Management at CTERA

“Cyberattacks unfold in seconds, while our distracted, fast-paced routines often leave us exposed. It’s not that people ignore cybersecurity—most of us know the basics of avoiding suspicious links and shady websites. The real risk comes when we’re multitasking: replying instantly to what looks like a boss’s urgent email, downloading a new AI tool in the rush to finish a presentation, or skimming messages while on the move. In 2025, impulsivity has become the new vulnerability.”

Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass

Darren Shou, Chief Strategy Officer at RSAC

“As CISA braces for potential furloughs during a government shutdown, the moment underscores a deeper issue: most small and mid-sized businesses have little clarity on which federal agency to call when ransomware strikes. Is it CISA, the FBI, or the Secret Service, and in what order? This uncertainty fuels a dangerous preparedness gap for SMBs, who represent nearly all U.S. businesses and a significant share of the economy. Cybersecurity Awareness Month is the perfect time to call for a clearer realignment between government and the private sector, rooted in step-by-step guidance and consistent communication. It’s essential if we want to move cyber awareness beyond phishing emails and into true incident response readiness.”

Nigel Tan, Director at Delinea

“The attack surface is changing, and the rise of machine identities is at the center of it. From chatbots to APIs and autonomous agents, they already outnumber humans 46 to 1–yet they’re too often overlooked. Securing these identities is now just as critical as protecting human ones.

“The recent Salesloft breach proved the risk. Attackers didn’t target staff logins; instead, they exploited an AI-powered chatbot’s privileged access, gaining entry into systems such as AWS and Slack. With less than half of organizations (44 percent) across the globe reporting that their security architectures are equipped to fully support secure AI, the gap is clear.

“Cybersecurity Awareness Month is the moment to act. As machine identities increasingly become entry points for attackers, start with visibility into where they are and what they can access. Then shorten credential lifespans so stolen details quickly expire and restrict each identity’s access to only what it truly needs. Treating machine identities with the same priority as human ones is essential to business resilience.”

Nick Tausek, Lead Security Automation Architect at Swimlane

“This Cybersecurity Awareness Month provides an opportunity for us to turn our heads towards the future of threat defense. The integration of agentic AI is quickly emerging as the next critical threshold for cybersecurity platforms, one that organizations must cross to keep pace with adversaries already exploiting these capabilities for malicious gain.

“By automating Tier-1 tasks like initial incident response, preliminary evidence analysis, and documentation, agentic AI significantly reduces the workload on SOC analysts. This not only alleviates resource constraints but also allows security teams to reallocate their time and expertise toward advanced threat prevention and strategic risk reduction. Ultimately, embracing agentic AI strengthens an organization’s overall security posture, transforming awareness into action and helping defenders stay one step ahead.”

Paul Walker, Field Strategist at Omada

“When we think about identity in cybersecurity, we instinctively think of people. But that picture has shifted dramatically. In most organizations today, non-human identities—service accounts, APIs, bots, workloads, and increasingly AI agents—outnumber human identities by a huge margin. Research shows the ratio is roughly 82 to one. That’s not just a matter of scale; it’s a structural change in how identity works.

“One of the biggest accelerators is the rise of Agentic AI. These autonomous or semi-autonomous agents carry out decisions and actions on behalf of a user or an organization, and need their own identities to authenticate, authorize, and interact across systems and data. Each one is effectively a new kind of actor in your digital ecosystem, and it has to be governed accordingly.

“But non-human identities don’t behave like human ones. They’re created at high speed, live across hybrid and multi-cloud environments, and often connect directly into sensitive systems. They don’t follow typical joiner–mover–leaver processes. They’re dynamic and woven into orchestration, pipelines, and business decisions. Traditional IAM simply wasn’t built for this complexity and unpredictability. That gap creates blind spots and an expanded attack surface. And with regulations like DORA and NIS2 demanding accountability for all identities, not just human ones, the urgency is clear.

“Cybersecurity Awareness Month is a reminder: identity governance must now extend beyond people. Securing the vast, fast-moving ecosystem of non-human identities, especially AI-driven ones, is becoming central to resilience and trust.”

“AI is everywhere. It’s powering the apps we use, transforming the way companies operate, and giving attackers faster, smarter ways to evolve their tactics. That makes ‘staying safe online’ more complicated than ever. Yes—strong passwords, multifactor authentication, and software updates are still must-do basics. But the truth is, those everyday actions are now happening against a backdrop of AI-driven threats that move at machine speed.

“Defenders feel this shift. For the second year in a row, the vast majority (87 percent) say they’ll lean more on AI to replace outdated detection and response tools. Why? Because legacy approaches can’t keep up. SOC teams are drowning in alerts. Nearly half (44 percent) admit they’re losing the battle to separate real threats from noise. And attackers know it.

“So what does ‘staying safe online’ mean in an AI era? It means keeping the fundamentals, but pairing them with vigilance, awareness, and AI-driven defenses that can think and move as fast as attackers do. Because the adoption curve isn’t slowing, AI is reshaping both offense and defense. The question then becomes: can we see them, can we stop them, and how fast can we do both?”

Want more insights like these? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!