Cyber threats today are more clever, unpredictable, and harder to identify. Attackers don’t just focus on technical weaknesses; they hone in on human behavior, organizational oversights, and regulatory gaps. They use tactics like spear phishing, deepfake fraud, and AI-generated misinformation, harnessing new technologies for precise attacks. Relying solely on old technical defenses isn’t enough anymore.
Organizations need to change their approach. It’s time to focus on promoting secure human behaviors, make the most of technologies like Generative AI, and recognize that business risks demand just as much attention as external threats. Cybersecurity isn’t just about tech; it’s about people, too.
Chief Information Security Officers (CISOs) have new trends to consider for their upcoming strategies:
-
The Rising Cost of Malinformation
In 2024, malinformation—misleading information meant to manipulate—gained traction. This issue now sits at the center of many organizations’ strategies. By 2028, companies will be spending over $500 billion yearly to manage the fallout from malinformation, impacting both marketing and cybersecurity budgets. Deepfake fraud and AI scams are pushing companies to implement enterprise-wide programs, urging CISOs to invest in resilience-building measures like chaos engineering. -
Zero-Trust Principles Under Pressure
Zero-trust strategies are crucial in cybersecurity, but they’re facing limits. By 2026, 75% of organizations will exclude legacy systems from their zero-trust approaches due to these systems’ constraints. Companies need to adapt zero-trust principles for non-IT environments like production lines to enhance defenses while keeping operations efficient. -
Shifting Responsibilities for CISOs
Cybersecurity leaders are carrying more accountability. By 2027, two-thirds of Global 100 companies will extend insurance coverage to their cyber leaders, signaling heightened scrutiny of their roles. It’s important to clarify the CISO’s responsibilities and align them with regulatory needs to manage risks effectively. -
Merging Insider Risk and Data Security
Insider threats pose a real challenge today, especially with remote work. By 2027, 70% of organizations will merge data loss prevention with insider risk management, connecting these with identity and access systems. This integrated strategy will help companies better identify potential threats and build a more streamlined security framework. -
GenAI: A Quiet Revolution
Generative AI is set to reshape cybersecurity operations. By 2028, AI solutions will enable 50% of entry-level cybersecurity roles to be filled without specialized education, helping to ease the talent shortage. Plus, organizations that incorporate GenAI into training could see up to a 40% drop in employee-driven incidents by 2026. While AI presents valuable tools for boosting efficiency and training, it should complement, not replace, existing security strategies. - Decentralizing Application Security
As low-code and no-code tools gain traction, application security is shifting closer to development teams. By 2027, 30% of organizations will allow non-technical staff to handle parts of app security, supported by new roles like “application security product managers.” Equipping these teams with the right resources and training is essential to ensure robust security practices in this decentralized environment.
2024 highlighted the rising personal and legal stakes for cybersecurity leaders. The evolving threat landscape emphasizes the need for agility, innovation, and a human-centered approach. While the potential of Generative AI is clear, its effectiveness depends on careful governance and targeted application. The growing impact of malinformation and personal liability stresses the importance of new tools, strategies, and insurance safeguards.
Navigating cybersecurity in 2025 will require decisive and collaborative action from security and risk management leaders. Those who tackle this complexity and prioritize instilling secure behaviors within their teams will stand the best chance of success.