It is hard to believe that we are now over three months into 2025. With Q1 in the books, we have approached the one-third of the year mark. This is a good time to pause and survey stakeholders and cybersecurity experts about the emerging trends observed so far this year. Gartner released its list recently of the emerging cybersecurity trends of 2025, and then we surveyed a few of our own experts.
Top trends noted by Gartner
Trend 1: GenAI driving data security programs – Most security efforts and financial resources are traditionally focused on protecting structured data such as databases. However, the rise of Generative AI (GenAI) is transforming data security programs, shifting focus to protect unstructured data — text, images and videos. “Many organizations have completely reoriented their investment strategies, which has significant implications for large language model (LLM) training, data deployment and inference processes,” said Alex Michaels, senior principal analyst at Gartner, adding that “Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programs.”
Trend 2: Managing machine identities – The increasing adoption of Generative AI (GenAI), cloud services, automation, and DevOps practices has led to the widespread use of machine accounts and credentials for both physical devices and software workloads. If left uncontrolled and unmanaged, these machine identities can significantly expand an organization’s attack surface, as noted in Gartner’s report.
According to Gartner, security and risk management (SRM) leaders are under pressure to develop a strategy for implementing robust machine identity and access management (IAM) to protect against potential attacks. This effort must be coordinated across the entire enterprise. A Gartner survey of 335 IAM leaders conducted globally between August and October 2024 revealed that IAM teams are responsible for only 44 percent of an organization’s machine identities.
Other rising trends to watch, including tactical AI, cybersecurity technology optimization, the extension of security behavior, the value of culture programs, and the need to address cybersecurity burnout. Regarding burnout, Michaels stated, “Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure the effectiveness of cybersecurity programs. The most effective SRM leaders are not only prioritizing their own stress management but are also investing in team-wide wellbeing initiatives that demonstrably improve personal resilience.”
Experts weigh in
SmarterMSP.com reached out to various experts in the field to gather their insights on the emerging cybersecurity trends for the remainder of 2025:
Jeff Le, Founder of 100 Mile Strategies LLC and as a Visiting Fellow at GMU’s National Security Institute: “Ransomware attacks are on the rise, especially with the growth of ransomware-as-a-service, and critical infrastructure is increasingly in the crosshairs. At the same time, supply chain and third-party risks remain major weak spots for many organizations.
As more companies rely on cloud systems, connected devices, and edge technologies, the push toward zero trust security models is growing. North Korea continues targeting crypto exchanges to obtain illegal funds. AI-powered tools are making cyberattacks, such as deepfakes, phishing, and fake voice scams, more convincing than ever. With these changes, organizations will need to keep up with new rules like the EU AI Act and evolving U.S. privacy and security laws.”
Avoiding blind spots in your supply chain
Joe Saunders, CEO of RunSafe Security: “We are seeing nation-states – namely China – , adversaries, and APTs targeting Operational Technology, the software supply chain, and critical infrastructure to gather intel and even disrupt or manipulate operations in 2025. These attacks are growing increasingly destructive. From nation-states prepositioning assets for future disruption of basic services to bad actors seeking financial gain through ransomware attacks. It would not be a surprise to see a top-20 US city lose one of its critical services this year, whether telecommunications or water utilities, to a ransomware attack.”
Steve Tcherian, chief product officer at XPRO: “In 2025, the integrity of supply chains has become a critical focal point in cybersecurity. Recent high-profile breaches have exposed vulnerabilities within third-party vendors, highlighting the need for organizations to focus on their entire supply network. The interconnectedness of modern business ecosystems with legacy systems means that a single compromised supplier can jeopardize the security of an entire organization which can have massive effects downstream to consumers and the economy.”
The double-edge sword of AI and zero trust
Meanwhile, Danio Caviello, CEO Espresso Translations, shared these observations: “Cybersecurity in 2025 is certainly changing in meaningful ways, and that is something I am seeing firsthand in my work. Perhaps one of the biggest standout trends here is the increasing use of AI in both on the defensive side and attacking networks.
Yet, as AI tools become better, they are aiding security teams in detecting threats earlier than ever. They are also enabling cybercriminals to automate and scale up attacks. AI will account for 75 percent of cyberattacks by the close of 2025, a new Gartner estimate implies. It’s a constant cat-and-mouse game, with each side gaining an advantage to build faster. This dynamic is challenging us to be more proactive and agile than ever before.
At the same time, it seems companies are getting real about zero-trust security models — especially with the increase in remote work. According to recent studies, 80 percent of organizations are projected to adopt zero trust strategies by the end of 2025. This strategy makes sense in the current landscape, where you can’t afford to assume that anyone inside your network is secure by default. But the significant increase in attacks targeting third-party suppliers is also something
I have noticed more of breaches through supply chains have increased 30 percent this year alone. Moreover, businesses need to safeguard not only their networks, but also the broader ecosystem they depend upon.”
Navigating the evolving cybersecurity landscape
As we move deeper into 2025, it is evident that the cybersecurity landscape is shifting rapidly. The increasing use of Generative AI (GenAI) and the urgent need to manage machine identities are presenting new challenges for organizations. Simultaneously, rising threats targeting supply chains, critical infrastructure, and digital identities are complicating the cybersecurity environment.
Adapting to new AI regulations and addressing nation-state threats are critical priorities for organizations this year. Furthermore, reinforcing zero trust strategies is essential for maintaining robust cybersecurity in the face of evolving risks. Experts agree that staying ahead of cyber threats will require agility, vigilance, and a proactive mindset. As trends continue to develop, organizations must be prepared to evolve just as quickly as the threats they encounter.
Photo: panuwat phimpha / Shutterstock
This post originally appeared on Smarter MSP.