Gartner reveals top six cybersecurity trends for 2025

Today

Gartner has outlined six key cybersecurity trends for 2025, emphasising the impact of factors such as generative AI, regulatory changes, and cybersecurity burnout.

According to Gartner, these trends are influenced by the evolution of generative AI, digital decentralisation, supply chain interdependencies, regulatory adjustments, endemic talent shortages, and an ever-changing threat environment. Alex Michaels, Senior Principal Analyst at Gartner, stated, "Security and risk management (SRM) leaders face a mix of challenges and opportunities this year, with a goal to enable transformation and embed resilience. Their efforts in achieving both are crucial to support their organisation's aspirations to not only innovate, but ensure their innovations are secure and sustainable in a fast-changing digital world."

Generative AI is prompting significant transformations in data security programs, shifting the focus towards protecting unstructured data, which includes text, images, and videos, rather than traditional structured data such as databases. Michaels commented, "Many organisations have completely reoriented their investment strategies, which has significant implications for large language model (LLM) training, data deployment and inference processes. Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programs."

The second trend highlighted by Gartner involves the management of machine identities. With the increasing use of machine accounts and credentials through the adoption of generative AI, cloud services, automation, and DevOps practices, the exposure to potential security threats is elevated. Gartner suggests that SRM leaders must implement a coordinated, enterprise-wide strategy for robust machine identity and access management (IAM) efforts.

Tactical AI represents another direction SRM leaders are exploring, as they refine their AI initiatives for tangible, measurable impacts. Michaels noted, "SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications and improve cybersecurity with AI. By focusing on more tactical, demonstrably beneficial improvements, they can minimise the risks for their cybersecurity programs and can more easily demonstrate progress."

An additional trend revolves around cybersecurity technology optimisation. A survey conducted by Gartner found that organisations manage an average of 45 cybersecurity tools. SRM leaders are therefore urged to streamline and validate their security controls to maintain an effective security posture, considering the proliferation of more than 3,000 vendors in the sector.

The importance of extending security behaviour and culture programs (SBCPs) is also underscored. Gartner observes that SBCPs will bring significant value in enhancing cybersecurity posture. The incorporation of generative AI in tandem with an integrated platforms-based approach is anticipated to reduce employee-driven cybersecurity incidents by 40% by 2026.

Cybersecurity burnout and its consequent organisational impact are identified as pressing concerns. Michaels emphasised, "Cybersecurity burnout and its organisational impact must be recognised and addressed to ensure cybersecurity program effectiveness. The most effective SRM leaders are not only prioritising their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience."

Share on: