Gen AI Tops Gartner's 2025 Cybersecurity Trends
Security leaders and their organisations face a difficult balancing act over the next 12 months, according to Gartner, as they must continue to enable organisational evolution and transformation without compromising resilience and security posture.
To do so effectively enables the kind of innovation and development that enterprises desire at pace. At the same time, it ensures that they achieve sustainable growth in a fast-changing digital world.
AI dominates much of that landscape, with investment in and adoption of the technology continuing at pace across businesses and industries.
But with that growth comes challenges, including a broader attack surface as the result of more technologies within the enterprise and greater risk of more sophisticated attack vectors like deepfakes and AI-powered phishing.
It’s why AI and associated technologies dominate Gartner’s top cybersecurity trends for 2025. As well as AI, these include digital decentralising, supply chain interdependencies and regulatory issues.
Gen AI transforming data security
Traditional security programmes and investment have been centred around the protection of structured enterprise datasets. This is predominantly because of ease of management – structured and organised data with defined formats is simpler to monitor and control – but also due to factors including regulatory compliance and the clear value and risk of structured data.
Gen AI adoption is changing this approach, shifting the focus of security leaders increasingly towards protecting unstructured data such as text, image and videos.
“Many organisations have completely reoriented their investment strategies, which has significant implications for large language model (LLM) training, data deployment and inference processes,” says Senior Principal Analyst at Gartner, Alex Michaels.
“Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of Gen AI on their programmes.”
Leaders also face increasing pressure to build effective strategies for implementing robust machine identity and access management (IAM) to protect against attacks.
The growing use of Gen AI, automation and cloud has led to a prolific use of machine accounts and credentials in organisations that increase the potential for attack. According to Gartner, defending against this should involve a coordinated enterprise-wide approach.
Tactical AI adoption
Despite widespread AI adoption, security and risk management (SRM) leaders report mixed results with AI implementation. This is leading to a reprioritisation of AI-led initiatives within the enterprise focused on more tactical implementations that deliver measurable impact.
This typically involves aligning AI tools and practices with existing metrics or fitting them into existing or ongoing programmes to enhance visibility and value. “SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications and improve cybersecurity with AI,” says Alex.
“By focusing on more tactical, demonstrably beneficial improvements, they can minimise the risks for their cybersecurity programs and can more easily demonstrate progress.”
Technology optimisation, culture and burnout
Organisations are using too many tools – an average of 45 cybersecurity tools according to a Gartner survey of 162 large enterprises. According to the firm, there are more than 3,000 vendors in cybersecurity and navigating this marketplace is a key challenge for security leaders moving forward.
To be effective, leaders and their organisations need to optimise toolsets and focus on building more efficient and effective security programmes. Gartner recommends aiming for a balance that procurement, security architects, security engineers and other stakeholders are satisfied with to maximise security posture.
“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications and improve cybersecurity with AI”
On a practical level, this means consolidating and validating core security controls to enhance the use of data and incorporating advanced threat modelling and organisational technology.
Irrespective of year, one constant remains in cybersecurity: people are a vulnerability point. As a result, training and nurturing a security-minded culture continues to be a priority for leaders in 2025.
Gen AI can play a role, says Gartner, noting that enterprises that combine the technology with an integrated platforms-based architecture in security behaviour and culture programmes (SBCPs) will experience 40% fewer employee-driven cybersecurity incidents by 2026.
However, this process must be managed carefully as cybersecurity burnout grows in the industry. Spurred by an ongoing skills shortage, this results from relentless demands associated with securing highly complex organizations in constantly changing threat, regulatory and business environments, with limited authority, executive support and resources.
“Cybersecurity burnout and its organisational impact must be recognised and addressed to ensure cybersecurity program effectiveness,” notes Alex.
“The most effective SRM leaders are not only prioritising their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
