Skip to main content
close search
site logo

4 cybersecurity trends to watch in 2025

Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

Published Jan. 9, 2025
David Jones's headshot
Reporter
Matt Kapko's headshot
Senior Reporter
Group of people working in a modern board room with augmented reality interface, all objects in the scene are 3D
piranka via Getty Images

The cybersecurity industry is bursting with momentous and often debilitating incidents, and 2024 gave that in spades. The ingrained challenges that cause pitfalls and put defense at a disadvantage are persistent and don’t change all that much.

Widespread attacks on U.S. telecom networks continue to vex authorities, regulations are ramping up stress on CISOs as their roles and responsibilities expand, and single points of failure are proliferating in critical IT systems.

These are the four trends Cybersecurity Dive identified as the most prominent and perplexing heading into 2025.

Single points of failure proliferate

Last year brought multiple high-profile examples illustrating what can go wrong when IT systems fail.

These single points of failure — as evidenced by CrowdStrike’s faulty software update, a devastating ransomware attack on Change Healthcare, and a spree of attacks targeting Snowflake customers — will continue to hit other pockets of technology and systems in 2025, cybersecurity experts warn.

Attackers know weak points and target critical points of dependency across systems because they can impact many companies at once and inflict greater damage on their victims.

“The sad reality is that, even though resilience-based thinking would shine the light on these single points of failure and concentration risk, they barely register,” said Katell Thielemann, VP distinguished analyst at Gartner.

Analysts contend the onus for offsetting risk and maintaining resilient operations rests with businesses and their vendors.

“The pressure to do more with less leads to incomplete risk assessments and underestimated blast radius calculations,” said Mauricio Sanchez, senior director of enterprise security and networking research at Dell’Oro Group. “Many businesses either don't recognize single points of failure or don't accurately gauge their potential impact.”

When these black swan events occur, the aftermath is clear.

These incidents expose and test gaps in the cloud’s shared-responsibility model, and change the dynamics of vendors’ relationships with customers.

“The long-term fallout from these events is increased scrutiny and focus on ensuring the availability of the services customers leverage, especially in mission-critical times,” said Allie Mellen, principal analyst at Forrester.

Recent high-profile events have also shattered what Sanchez describes as “the illusion of vendor invulnerability,” triggering a fundamental change in what customers expect from their tech suppliers.

“Organizations must break free from their false sense of security and acknowledge that catastrophic failures can and will occur. The incidents of 2024 have shown that even trusted vendors can experience devastating failures,” Sanchez said.

Regulatory environment, tense threat landscape create new landscape for CISOs

Top cybersecurity officers at U.S. companies are gaining influence in the boardroom, but feeling greater pressures than ever before.

The heightened threat of malicious cyber activity has had a profound impact on the corporate regulatory environment.

Federal and state oversight have increased dramatically in recent years as officials look to gain real-time intelligence and insight into the threat landscape. The goal is to make sure private sector companies and critical infrastructure providers are taking steps to better manage risk and promptly disclosing threat information to key stakeholders.

While well intentioned, the stricter landscape has led to considerable pushback from the private sector. Companies have complained of redundant disclosure requests from government agencies that have placed a heightened burden on CISOs and other top security executives.

An October report from Trellix shows CISOs are looking to split the role of the CISO to include a business CISO role, citing the rising number of compliance requirements of federal and state regulators.

National Cyber Director Harry Coker Jr. said federal authorities were working diligently to streamline the regulatory burden on companies, recognizing the requests were harming the ability of security leaders to focus on defending their respective corporate networks, during a conference on cyber regulation at Columbia University’s School of International and Public Affairs.

“Not every cyber problem demands a regulatory solution,” Coker said, according to a readout of the speech. “And not every regulatory solution is tailored to maximize efficacy when weighed against compliance costs.”

The Securities and Exchange Commission in late 2023 began enforcing rules for publicly traded companies to report material cyberattacks and breaches to the agency.

A December report by Paul Hastings showed that cyber disclosures by publicly traded companies rose by 60% since the SEC rule went into effect. However, less than 10% of those disclosures included a description of an incident with a material impact.

More than three-quarters of incident disclosures were made within eight days of the actual incident, according to the report. About 2 in 5 companies made additional disclosures to update the 8-K with more information.

Telecom attacks will fester into 2025

Federal cyber authorities ended 2024 struggling to contain and determine the scope of a sweeping series of attacks on U.S. telecom networks. The potential for further damage remains and will rankle officials into the new year.

Salt Typhoon, a threat group sponsored by China’s government, infiltrated at least 9 U.S. telecom companies and officials warn the attackers still have access to the networks.

The wave of attacks is the “most significant attack on critical infrastructure we’ve seen to date, to date,” said Anthony Ferrante, senior managing director and global head of cybersecurity at FTI Consulting.

“Our entire lives are interconnected — everything that we do — and essentially what we’ve discovered is that an adversary has infiltrated that interconnectivity and they’re able to do with it as they wish,” Ferrante said.

Cybersecurity professionals are warning about further damage from the attacks due to a confluence of factors, including the far-reaching compromise of such critical infrastructure, the malicious activity went undetected for months (perhaps years) and defenders haven’t booted the attackers embedded in telecom networks.

“We should all be very bothered by that,” HackerOne CEO Kara Sprague said.

The attacks are active, ongoing and officials still don’t know the full extent of what Salt Typhoon has done, what it plans to do or what remains at risk.

Federal authorities believe espionage is the primary objective, but a senior administration official last month said the telecom attacks could potentially evolve into a mode for disruption at a time of crisis or conflict.

“It’s very severe and officials conceded they don’t know when the hackers might be eradicated from the telecom infrastructure,” said Stéphane Téral, founder and chief analyst at Téral Research.

“There is no end in sight.”

Evolution of the CISO

The changes in the regulatory environment has led to massive evolution in the role of the CISO, particularly at publicly traded companies.

Internally, the role of the CISO has gained considerable importance within the governance structure of modern companies. The executives also have more influence in the boardroom and C-suite.

But they are also being held to a much higher standard in terms of disclosure of cyber risks and enforcement of risk mitigation strategies.

“CISOs now face increased internal scrutiny and a larger stakeholder audience due to the SEC ruling,” Harold Rivas, CISO at cybersecurity firm Trellix, told Cybersecurity Dive via email. “The ruling has also added pressure to the role, as the frequency of reporting to the board has increased.”

Research released in December from Trellix showed about 2 in 5 CISOs feel the SEC rules have distracted them from other responsibilities and 3 in 5 have increased headcount to help deal with the added regulatory burden.

Research released by IANS and Artico Search in November showed CISOs are increasingly focused on adding specialized roles to their security teams, as they look to add specialists in data privacy, product security and other key risk concerns.

Derek Vadala, chief risk officer at BitSight, said CISOs are increasingly gathering more responsibility and influence over business and technology decisions at many companies.

“These security leaders have become peers with CIOs  with clear access to the board of directors and considerable sway on wider technology strategy,” Vadala said via email.

Editors' picks

Company Announcements

View all | Post a press release
Medusind Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
American Trust Retirement Data Breach Investigation
From Migliaccio and Rathod LLP
January 07, 2025
Excelsior Orthopaedics Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.