Predicting the future can be tricky, but six trends are clearly shaping the next five years. It’ll be interesting to revisit this in 2029 and see how things played out. Here’s what’s on the radar now.
First up is preparing for the move to post-quantum cryptography. Organizations need to get top management on board and allocate proper resources. It’s crucial to track where encryption is used across your systems—think libraries, the Internet of Things (IoT), communication protocols, storage, and databases. Prioritizing this transition means identifying your critical systems.
Transition management is another big focus. Using hybrid protocols that blend classical and post-quantum methods may let clients migrate at their own pace, easing potential disruption. Testing is non-negotiable, though setting up a realistic test environment could be challenging. Timing the migration right will also be tough, even with government guidelines.
Next is tightening oversight on operational technologies (OT) to boost cyber resilience and integrate them with existing cybersecurity measures. This convergence has been happening for over a decade. OT cybersecurity needs to address human safety and foster close collaboration with engineering teams. AI can help monitor for unusual behavior, supporting threat detection, but some legacy systems might lack essential features. Inserting an intermediate security layer could solve this.
We must also focus on improving cybersecurity basics, like identity management and network micro-segmentation, supporting a zero-trust framework while automating threat responses. Enforcing strong identity and access management, based on least-privilege principles and multi-factor authentication, is key. Dynamic, policy-driven access management adds transparency and enforceability. Continuous monitoring and real-time analytics will help spot anomalies and unauthorized activities based on user behavior, device status, and location.
Then there’s the challenge of securing AI pipelines while building a business case for AI-driven cybersecurity solutions, like detecting zero-day exploits. This focus responds to the growing complexity of cyber threats as AI reshapes the landscape. As AI regulations evolve, both globally and locally, they will be essential for ensuring compliance, resilience, and trust.
Regulatory compliance is becoming a major priority, especially for privacy, critical infrastructure, and business continuity. Stricter rules, like the EU’s GDPR and AI Act and California’s CCPA, require organizations to weave these regulations into their security strategies. In addition, the EU’s NIS2 and CISA guidelines in the U.S. set new standards for critical industries, while DORA outlines specific requirements for financial companies.
Finally, collaboration with third parties is key. Understanding their Software Bill of Materials (SBOM) and communicating vulnerabilities through the supply chain is essential. As enterprises grow more interconnected, grasping these dependencies will help organizations mature in their security efforts.
These top priorities will definitely shape how organizations strengthen their resilience in the face of emerging challenges. Watch that horizon; threats are always lurking nearby!
Pierre-Martin Tardif, a member of the ISACA Emerging Trends Working Group, is an experienced professional and educator in IT and cybersecurity, based in Quebec, Canada.