Skip to main content
close search
site logo
Sponsored

The double-edged sword of AI in cybersecurity: driving efficiency gains, meeting compliance requirements and navigating greater risk

Published Jan. 13, 2025
By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber
Software, coding hologram and woman on tablet thinking of data analytics, digital technology and night overlay. Programmer or IT person in glasses on 3d screen, programming and cybersecurity research

stock.adobe.com/Malambo C/peopleimages.com

The cyber threat landscape is constantly evolving, but one thing remains consistent — cyber threats are rising, and so is their price tag. Industry analysts predicted cybercrime damage to cost $9.5 trillion in 2024, more than triple what it was less than a decade ago. The rise of artificial intelligence precipitated much of this current threat environment by helping threat actors evade detection and identify vulnerabilities while scaling their methods. In this shifting landscape, businesses must adopt more comprehensive compliance management systems, integrating AI and automation to meet the evolving requirements. As we enter the new year, it is an ideal time to take stock of external compliance standards, their direction, and whether your security strategy is keeping up.

Prepare for evolving global standards

Cyber compliance is an increasingly globalized frontier with regulations affecting cross-border data practices. In 2025, leaders must prepare organizations for stricter — and increasingly converging — rules on data privacy and cybersecurity. While the US prepares for a second Trump administration, the compliance landscape remains particularly volatile after Project 2025 called for significant changes to the Cybersecurity and Infrastructure Security Agency (CISA) — an agency created under Trump in 2018. Even if the Trump administration takes a largely deregulatory approach to technology, organizations should still be ready to adapt to federal mandates on security measures, breach notification timelines, and adoption of data minimization principles. The US National Institute of Standards and Technology (NIST) continues to set the standard in cybersecurity best practices with the NIST Cybersecurity Framework (CSF). NIST released CSF 2.0 in 2024 — the first major update since the framework’s creation in 2014. The key updates reflect the growing need for digital resilience, including stronger guidance for supply chain risk management and vulnerability monitoring.

Meanwhile, across the globe, China’s Personal Information Protection Law is expected to be adapted in 2025 to include more stringent rules for cross-border data transfers and cloud computing. As we saw with the establishment of the General Data Protection Regulation in the European Union, such global standards drive heightened compliance worldwide — even if organizations predominantly operate domestically. 

In step with the trending convergence of privacy and security, organizations can significantly improve their compliance posture by weaving more integrated security and privacy protection into their policies and practices, especially around  third-party access.  Integrating third-party vendors into your security and privacy strategy is an essential first step when assessing your security posture and mitigating future risks.

Strengthen your security posture with the rise of AI and cloud risks

Between the complexity of new regulations and rising cyber threats, organizations are increasingly turning to AI and automation to keep up. However, while AI helps businesses strengthen their security, it also presents new opportunities for bad actors to exploit and steal sensitive data. Gartner predicts that by 2027, 17 percent of total cyberattacks will leverage generative AI.

Meanwhile, increasing business operations and properties within the cloud presents its own unique security challenges. In fact, Gartner predicts that 90 percent of organizations will adopt a hybrid cloud approach through 2027. As businesses increasingly leverage cloud-based applications and manage third-party vendors, compliance frameworks such as SOC 2 (System and Organization Controls) will become vital to maintaining agile security practices. Such frameworks require organizations to incorporate more robust measures around security monitoring, third-party vendor risks, and data integrity. Adopting AI and cloud technologies is critical for bolstering security strategies in today’s threat landscape and requires more stringent security and compliance benchmarks. 

Healthcare and critical infrastructure industries take note of heightened standards

Protecting personal data should be a top priority for any organization, but especially those handling sensitive data. While HIPAA compliance always aims to better protect patient privacy, healthcare remains one of the most vulnerable industries to cyberattacks. According to a 2024 IBM report, the industry saw an average cost of $9.77 million per breach — the highest cost of any industry. In response, healthcare and critical infrastructure can expect heightened standards, particularly in areas like data encryption, incident reporting, and third-party vendor security. For example, the Department of Health and Human Services recently released new Healthcare and Public Health (HPH) Cybersecurity Performance Goals (CPGs) to improve cyber resiliency across the sector.

Given the highly sensitive nature of health data, healthcare organizations that still need to adopt zero-trust security models will enter 2025 at even greater risk. Without a zero-trust strategy, the unmitigated attack surface is vast. A 500-bed hospital could have as many as 10,000 connected Internet-of-Things devices storing and transmitting patient data on top of the full IT infrastructure. A breach of one of these access points puts the entire system at risk. Without real-time vulnerability monitoring and remediation, attackers can access patient data from countless entry points and jeopardize not only patient privacy, but critical care operations.

As threat actors increasingly leverage AI to execute larger, more sophisticated attacks, security and compliance standards are necessary for protecting critical systems and sensitive data. Given the evolving threat landscape, a more sophisticated regulatory framework has become essential. While compliance standards and cybersecurity frameworks offer roadmaps for keeping up with threats, the real goal is to stay ahead. Optimizing security strategies with AI, zero-trust, and automation is non-negotiable at this point. Anticipating compliance trends and adapting your organization's cybersecurity capabilities accordingly will enable you to identify vulnerabilities before a breach occurs and quickly remedy them — saving valuable time, money, and data.

 

Filed Under: Strategy

Editors' picks

Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.