As 2024 involves an in depth, we reflect on a 12 months with hacks, outages, laws, and rapidly emerging trends that shifted the cybersecurity landscape.
Artificial intelligence (AI) continues to evolve at breakneck speed, with generative and agentic AI pushing organizations to contemplate its role across every aspect of the business. Meanwhile, recent categories emerge to assist organizations higher manage their data amidst the cloud’s continued expansion and increasingly sophisticated cyber threats. Finally, we’re seeing laws enacted worldwide to assist organizations mitigate risk and maintain cyber resilience.
So what’s going to this result in in 2025? Read on for six cybersecurity trends Rubrik expects to unfold next 12 months.
1. Data Security will probably be at the center of Generative AI adoption
As we glance towards 2025, one critical element stands out within the discourse across the adoption and evolution of generative AI: data security. As generative AI models require vast amounts of knowledge to learn and generate content, ensuring this data’s privacy, confidentiality, and integrity becomes paramount. Corporations that may offer robust data security measures will gain a competitive edge, fostering greater trust amongst users and partners. This trust translates into market share, as businesses and consumers are more likely to interact with AI solutions that prioritize data protection, aligning with stringent regulations just like the EU AI Act, GDPR, or CCPA.
Data security, due to this fact, is not just a hurdle for generative AI; it’s becoming its driving force. As businesses and consumers alike demand more from AI when it comes to capability and security, generative AI’s future looks increasingly intertwined with advancements in data protection. By 2025, we predict that data security is not going to only be a benchmark for achievement within the AI industry but a deciding factor for trust and broad-scale AI adoption by industry and consumers.
2. DORA will extend beyond financial services, promoting cyber resilience across industries.
The Digital Operational Resilience Act (DORA) was initially enacted to bolster IT security for European financial service institutions. But in 2025, DORA will develop into more of an operational resilience tool resulting from its array of processes for risk management, incident reporting, third-party risk management and business continuity management. These processes will help organizations reply to cyber threats, geopolitical tensions, and natural disasters. Indeed, DORA’s broader adoption will redefine how all businesses approach operational resilience and continuity in an increasingly unpredictable world, underscoring the urgency of preparation.
AI will develop into an important ally in meeting DORA’s requirements, revealing recent use cases as corporations innovate ways to include AI-driven resilience measures in areas like threat detection, response automation, and compliance monitoring. In a landscape that now requires real-time responses, AI will empower organizations to reply to incidents and adapt as situations evolve dynamically.
3. IT and security leaders must fortify their data within the cloud.
Data is the crown jewel of the business—and the cloud is increasingly becoming its castle. But what good is a castle in case you leave the drawbridge down? Organizations must prepare for cloud intrusions from increasingly sophisticated cyber threats: the 2024 CrowdStrike Global Threat Report found cloud intrusions have surged by 75% since 2023.
With the cloud’s continued expansion comes a good greater responsibility for organizations to combat vulnerabilities—otherwise, this surge is simply the start. In 2025, organizations must give attention to protecting data within the cloud, monitoring risk, and constructing confidence that they will get better data and applications within the event of an attack.
This implies going above and beyond app-native security tools and finding tailor-made solutions that not only prevent threats from reaching data within the cloud but in addition get better swiftly against any threats that sneak across the moat.
4. Data Security Posture Management becomes an important element of cyber resilience.
Data security posture management—DSPM—goals to resolve one of the complex issues in modern cloud environments: knowing where all of your data is and the way it’s secured.
In keeping with Research and Markets, the DSPM market is undergoing significant growth, driven mainly by AI adoption. As more (and bigger) data sets develop into available for AI models to eat, the likelihood of sensitive data being exposed to unauthorized users increases significantly.
Cloud, AI, and DSPM will go hand in hand because traditional security methods like DLP (Data Loss Prevention) and CNAPP (Cloud-Native Application Protection Platforms) alone don’t adequately address a company’s overall data-related cyber resilience.
5. A wave of AI agents will increase cyber resilience—and introduce recent risks.
The emerging agentic AI market shows limitless potential, especially for organizations that use the cloud to scale computing power and storage capability to coach and deploy complex AI models. CISOs specializing in cloud-first architectures will reap the advantages of increased productivity, higher customer experiences, and more. Agentic AI also has the potential to assist businesses keep their data and cloud apps safer; imagine a future where AI agents automate threat detection while enhancing the speed of response and resilience.
Nevertheless, if not implemented cautiously, agentic AI may also risk sensitive data within the cloud. As AI agents develop into more sophisticated and interconnected, they’ll likely result in more security vulnerabilities and accidental data leaks. Savvy business and IT leaders is not going to let this hold them back from adopting agentic AI but fairly drive them to ascertain guardrails, arrange stringent data access policies, and clearly communicate organizational best practices.
6. Ransomware will proceed to evolve and create havoc.
If 2024 taught us anything, ransomware isn’t going anywhere—and can proceed to be a favourite of bad actors. With the evolution of AI and more data moving to cloud and SaaS-based platforms, attackers can automate and refine their attack strategies, making ransomware even simpler in 2025.
But it surely gets worse. We expect Ransomware-as-a-Service (RaaS) to expand beyond malware, offering initial access brokering, data exfiltration, and negotiation services. RaaS platforms may also proceed to lower the technical threshold for launching ransomware attacks, which implies more individuals or less technically expert groups can engage in ransomware activities, increasing the quantity of attacks. Organizations might want to develop recent strategies to contend with this reality.
These six predictions highlight why 2025 guarantees to be a dynamic 12 months in cybersecurity. Now could be the time for IT and security leaders to organize.
