As we look to the future of cyber security, several key trends are emerging that will shape the landscape in 2025 and beyond. From the transformative power of AI agents to the increasing importance of digital sovereignty, these trends highlight both the opportunities and challenges that lie ahead. In this overview, we delve into six prominent cyber security trends that are set to dominate discussions and drive investments. Explore how regulatory debates will evolve, why supply chain security needs more attention, and the role of quantum cryptography in safeguarding data. Additionally, understand the profound impact of digital sovereignty and the critical need to protect operational technology (OT) and the Industrial Internet of Things (IIoT). Keep up with the latest trends and insights from Cyber Security Leader Grant Waterfall on the future of cyber security.
1. AI Agents – the new kid on the block
AI agents will be transformative, democratising personal AI in workplaces and beyond. Microsoft’s Copilot Studio is one example of an AI agent development platform, with other tech companies joining the trend. While the potential is vast, the rise of personal AI agents raises the question of control and an inadvertent increase in the attack surface. According to our global cyber study Digital Trust Insights, 67% of the German respondents (66% in EMEA) said that generative AI had increased the attack surface in the last 12 months. At the same time, many companies plan to use the technology to improve their cyber defences.
2. Expect the debate on the regulatory load to intensify
Discussions will intensify between regulators and broader society on the the regulatory load, effectiveness of regulation and the need to harmonise. Strenghened by the outcome of the US election, the debate will be particularly strong in the European Union. However, in the short to medium term, do not expect much respite as governments see the need to increase the resilience of critical infrastructure and provide guardrails for AI. An open question is whether some member states will drag their feet on enforcement. According to our global cyber study, cyber security regulation is having an impact on companies’ investments. 89% of German organisations cite a moderate, large or even significant impact on increasing cyber spend – EMEA-wide, the figure is 80%.
3. Time to commit more budget to securing the supply chain
At the World Economic Forum Annual Meeting for Cyber Security in November 2024, Third Party Risk Management including software in the supply chain was voted the biggest cybersecurity challenge – but it’s still not a big spend category for CISOs. Expect to see it get more attention and begin to make up a bigger share of budgets in 2025.
4. Post Quantum Cryptography moves into the mainstream
The need for AI processing power is accelerating Quantum Computing investments and advances. Time is the enemy for organisations efforts to adopt Post Quantum Cryptography and many have not started programs to address this. 2025 should see the completion of PQC risk assessments and program plans for many who have not started.
5. Dealing with the impact of creeping Digital Sovereignty
Geopolitics has long driven digital sovereignty initiatives, from China and Russia to the Middle East and the European Union. Concerns about resilience and personal data protection have increased complexity, costs, and have even given life to new business models. Companies are impacted e.g. by having to retrospectively carve out certain countries from global ERP deployments or comply with regulatory requirements to build contigency plans to roll bag cloud deployments. Full sovereign clouds are being developed in several nations – some fully bespoke and others driven by hyperscalers setting up a physical presence in countries – or somewhere in the middle. This trend is expected to continue. Organisations should consider the impact of this in their technology strategy.
6. Committing more resources to OT and IIoT Protection
The vast majority of cyber security spend is still on IT in favour of OT and IIoT. Securing Operational Technology (OT) and Industrial Internet of Things (IIoT) has been getting more attention in the past few years but is is still highly under-invested. In addition IT / OT convergence demands new ways of looking at the problem and top down organisational realignment. Expect to see this getting more attention in 2025 but still not at the level required. Budgets will take time to rebalance – expect this to take another 2-3 years.
Contact us
