2025 heralds a new era for cybersecurity with fresh challenges for enterprises, according to the experts we spoke with. Following the Russia-Ukraine war, Israel-Hamas conflict, and a year of elections in over 70 countries, geopolitics and cybersecurity have become tightly intertwined.
Consequently, critical infrastructure, healthcare, and financial organisations face growing threats from state-sponsored bad actors with limitless resources. As a result, zero trust architectures will become central to many companies’ strategies this year, and security will tighten for OT devices.
Additionally, it is predicted that tool consolidation will remain a priority for streamlining operations.
AI’s impact on cybersecurity is discussed in a separate article on TI, but its impact on training is debated here, while preparing for a time when quantum computers will break traditional encryption systems is another hot topic in the coming year.
Geopolitics and cybersecurity become inseparable
Nadir Izrael, CTO, Armis
“Nation-states and rogue factions are rapidly integrating cyberattacks into their military arsenals, with cyber operations becoming a first-strike option in geopolitical conflicts. By targeting critical infrastructure—such as energy grids, communication networks, transportation systems, and supply chains—these attacks can cripple an entire national infrastructure and create mass chaos without a single physical shot being fired.
“In 2025, we expect to see an escalation in state-sponsored cyberattacks aimed at creating widespread disruption and psychological stress. These attacks will be characterised by increased sophistication, as governments turn to advanced technologies, including AI-driven malware, to outmanoeuvre their targets.”
John Kindervag, chief evangelist, Illumio
“The prevalence of cyber warfare is set to escalate as nation-state actors intensify their efforts to target Federal agencies and critical infrastructure. This rising threat blurs the lines between traditional warfare and cyberattacks, creating a complex battlefield where the implications of cyber operations can be as significant as conventional military actions. As a result, the urgency for robust cybersecurity measures to protect vital systems and maintain national security has never been greater.”
James Tucker, head of CISO, EMEA, Zscaler
“In the wake of global elections and rising geopolitical tensions, cybersecurity strategies and regulations will need to adapt.
“While digitalisation improves efficiency, it also increases the attractiveness of infrastructure to threat actors. Digital attacks usually precede physical ones, requiring protection for critical infrastructure. Enterprises must take responsibility for safeguarding their operations, irrespective of regulatory pressures. Expect intensified focus on critical infrastructure from both defenders and attackers in the coming year.”
Darius Belejevas, head of Incogni data privacy platform
“With tensions between the US and Russia at their highest since the Cold War, I think we’ll see an increase in both cyberattacks and laws regulating data trade. Investigations have shown that it’s possible—easy, even—to track US military personnel via data brokers. The DOJ has already proposed a law to keep sensitive US data from being sold to anyone from or located in countries like Russia, China, Cuba, Iran, North Korea, and Venezuela.
Darius Belejevas, Incongni
“But regulating how data is sold isn’t enough. We’ve seen a fitness app used by soldiers leak a heatmap exposing US bases and patrol routes. Any company that collects information that may interest foreign powers, even if it doesn’t sell this data, puts a target on its back. These kinds of incidents are likely to increase, especially as tensions continue to rise.”
Critical Infrastructure adopts ‘assume breach’ principles
Nadir Izrael, CTO and cofounder, Armis
“The distinctions between military and civilian infrastructure are rapidly blurring in the cyber domain. Hospitals, water utilities, transportation networks, and even personal smart devices have become prime targets for cyberattacks.
Nadir Izrael, Armis
“In 2025, the civilian infrastructure is expected to be on the frontlines of cyber warfare. The risks posed to civilians—whether through disruption of essential services or direct harm via compromised healthcare systems—are no longer secondary concerns in cyberwarfare, but key objectives.”
Gary Barlet, Public Sector CTO, Illumio
“Critical infrastructure sectors will need to accelerate cybersecurity efforts, prioritising ‘assume breach’ principles as they face intensifying geopolitical cyber threats. In 2025, utilities, transportation, healthcare, and energy will focus heavily on advanced threat detection, segmentation, and rapid incident response to contain potential breaches before they disrupt essential services.”
Axel Maisonneuve, technical education contributor, SmartLedger Solutions
“Cyber resilience will become a non-negotiable standard for businesses of all sizes, from critical infrastructure operators to small and medium enterprises. Additionally, the cryptocurrency and blockchain sectors will face intensified threats.
“With the market capitalisation of cryptocurrencies growing exponentially, cybercriminals are increasingly targeting these assets through sophisticated social engineering, phishing attacks, and wallet vulnerabilities.”
Securing operational technology becomes non-negotiable
Tony Fergusson, CISO in residence, EMEA, Zscaler
“In recent years, operational technology (OT) security has become a growing concern because of the integration of IT and OT infrastructures. With OT becoming increasingly cloud-connected, the type of threats organisations face with IT have started to spread into OT environments too.
Tony Fergesson, Zscaler
“Threat actors will shift their focus to more vulnerable targets, and the lack of security on many OT devices makes them easy targets for attackers, especially since the OT lifecycle is much longer and patching is much more difficult. This dramatically increases the number of attack vectors against organisations.”
James Neilson, SVP International, OPSWAT
“Attackers will target OT within supply chains for critical sectors like energy, utilities, and manufacturing, which are increasingly digitised but often lack robust security controls.
“Threat actors will compromise OT suppliers or contractors, using them as conduits to introduce malware that disrupts operations or damages physical infrastructure. Such attacks could result in power outages, halted production lines, or safety-to-life events.”
Erik Knapp, CTO of OT, OPSWAT
“As organisations increasingly leverage the cloud, robust network security controls at the perimeter are essential. For secure communication, devices interacting with cloud services should ideally use data diodes for one-way data transfer. Additionally, remote access to OT environments for maintenance requires secure pathways limited to authorised personnel. By 2025, we anticipate greater adoption of both solutions as organisations manage their cloud connections effectively.”
John Kindervag, chief evangelist, Illumio
“The increasing recognition of the challenges posed by silos between IT and OT teams will drive the need for greater integration of these functions. I predict we will see an increase in organisations looking to adopt unified security frameworks that effectively merge IT and OT security efforts, fostering collaboration and enhancing overall security posture.”
Zero trust becomes cornerstone of modern cybersecurity
Axel Maisonneuve, technical education contributor, SmartLedger Solutions
“Emphasising ‘never trust, always verify,’ zero trust requires strict identity verification and continuous monitoring of all devices, users, and connections, regardless of their location. As businesses increasingly operate in decentralised environments with hybrid workforces, zero trust will be essential for securing networks against sophisticated and persistent threats.”
John Kindervag, chief evangelist, Illumio
“Zero trust will continue to be recognised as the ‘North Star’ for cybersecurity strategies. This strategic shift is driven by the need to combat advanced persistent threats that jeopardise national security. As a result, zero trust and breach containment are becoming foundational for enhancing cybersecurity resilience across federal networks.”
Gary Barlet, Public Sector CTO, Illumio
“State and local governments will significantly expand their adoption of zero trust architectures to better protect critical public infrastructure. As threats evolve and target vital systems at all levels, these governments will prioritise granular access controls, network segmentation, and continuous verification to reduce vulnerabilities and limit attackers’ movements.”
Sterling Wilson, Object First Field CTO
“In 2025, companies will adopt a more holistic approach to zero trust to avoid being seen as security risks in an increasingly cyber-aware market. This shift will require organisations and developers to integrate zero trust principles across all levels and products, addressing potential breaches proactively. Zero trust will expand into areas like gaming, personal apps, and IoT as connected devices grow. It will also evolve to counter AI-driven threats, such as deep fakes, by prioritising proactive testing and defence.”
An acceptance of cyber risks prompts ransomware gangs into stealth mode
Simon Hodgkinson, strategic advisor, Semperis
“As cyber incidents have become inevitable, boards are increasingly informed to accept an appropriate degree of risk – with cyber just being one of many business risks – and there are trade-offs to be made. We may see this shift in attitude have an impact on the ransomware market, potentially with a ramp-up in destructive extortion attempts.”
John Hammond, principal security researcher, Huntress
“Smash-and-grab operations will become less common as bad actors will wait for a bigger impact. Attacks of opportunity and low-hanging fruit will still undeniably be targets, but adversaries are starting to, and will continue to, acknowledge that their reward is bigger and better when they play the long game.
John Hammond, Huntress
“We will see more capable threat actors go after larger corporations or leverage smaller compromises as stepping stones to reach more prominent organisations that can do more damage to an entire supply chain. The often-forgotten sectors that don’t have security front of mind (think gasoline, construction, agriculture… unfortunately, typical critical infrastructure) will be targeted and taken advantage of if just because there is less scrutiny for security.”
Gary Barlet, Public Sector CTO, Illumio
“Agencies will prioritise internal defences and post-breach strategies over traditional perimeter security, recognising that the fight against cyberattacks is shifting inward. Advanced attacks will increasingly target sectors like education and healthcare, making data encryption and network segmentation essential components of resilient cybersecurity frameworks.
Gary Bartlet, Illumio
“As AI-fuelled attacks grow more sophisticated, agencies will focus on limiting attackers’ movements within networks, accepting that the perimeter can no longer be the sole line of defence.”
We will see more platform convergence and tool consolidation
Nick Walker, regional director, EMEA, NETSPI
“Over the next year, we will move from siloed security to a unified approach. As cyber threats grow more sophisticated, individual solutions struggle, leading to complexity and coverage gaps. A cohesive strategy is essential. Consolidating security on a single platform enhances continuous threat exposure management (CTEM), streamlines workflows, and boosts efficiency.”
Sebastian Kemim, CISO in residence, EMEA, Zscaler
“The days of cybersecurity having a ‘blank cheque’ with regards to investment budgets are over. The harmonisation and consolidation of security tools, adopting integrated security platforms, and leveraging cloud-based solutions for scalability and flexibility will set a trend to reduce the complexity of traditional security infrastructures.”
In a pre-quantum era, organisations start assessing encryption methods
Sam Peters, chief product officer, ISMS online
“While the quantum computing revolution is still on the horizon, a more immediate concern could be quantum-inspired cryptography. Hackers may begin experimenting with quantum algorithms to solve traditional encryption problems more efficiently, weakening some existing cryptographic standards ahead of actual quantum computers.”
Akhil Mittal, senior security consulting manager, Black Duck
“Quantum computing is not yet a mainstream threat, but by 2025, organisations must begin preparing for its impact. Forward-thinking organisations, particularly in finance, healthcare, and government, should start transitioning to quantum-resilient encryption. This shift involves adopting quantum-safe algorithms, a process that will take time but is necessary to protect data against future quantum threats.”
AI’s impact on cybersecurity skills gap is scrutinised
Gary Barlet, Public Sector CTO, Illumio
“One of the most pressing cyber challenges in 2025 will be the cyber skills gap. Agencies’ ability to scale cybersecurity efforts is dependent on their capacity to fully implement emerging technologies and modern defence strategies.
“To truly advance cybersecurity, agencies will need to innovate in recruitment and retention, creating incentives that resonate with potential and current employees alike.”
Dave Merkel, CEO & co-founder, Expel
“The dialogue around AI exacerbating the cybersecurity skills gap tends to be misdirected, focusing more on companies having an AI talent issue over employees lacking a specific AI skillset.
Dave Merkel, Expel
“AI isn’t going to take your job; someone that understands AI is. But as a leader focused on the future of my workforce, I’m less worried about hiring someone that already knows everything about AI. I want to hire someone who is perpetually curious, who spends time and energy understanding and using new technology because it intrigues them.”
Dave Spencer, director of technical product management, Immersive Labs
“AI investments will continue, but demand will surge for skills where AI falls short. In 2025, skills in blockchain, SOAR, OT, and DevSecOps will be among the highest in demand, shaping hiring and workforce development priorities.
“If security leaders want to strengthen these areas, they have to make sure they are finding the people that are passionate about cyber and giving them the tools and exercises they need to excel.”
