Sector voices on what the coming year holds.
Mario Ciabarra, CEO, Quantum Metric
If we are going to see AI become a foundational technology, then two things have to happen in 2025. First, we need to see more products that change the way business is done, rather than one-off, small increases in productivity. Changing the way consumers interact with your brand has lasting effects and helps exemplify the impact GenAI can have on the rest of the organisation. For example, we’ve already seen the way tools like Gemini and ChatGPT have rapidly evolved their use cases and impact. To keep up with user expectations, other organisations will quickly have to follow suit.
“Second, investments in staff training will need to grow. Unlike other technologies, GenAI is unique in that you can give it the same input multiple times and receive different outputs. The way GenAI processes data requires skilled human assistance to navigate the nuances of its response, along with specific training in prompt engineering. Every member of an organisation will need AI training, and many can expect to see that in 2025. Organisations that exclude training to only specific roles or teams will struggle when it comes to AI adoption, scalability and ROI.”
Matt Neiderman, Chief Strategy Officer, SonicWall
A recent study of 3,000 global firms by Accenture found that Accenture analysis found that the share of cybersecurity-related AI patents increased 2.7X between January 2017 and October 2022. The growing number of cyberattacks, the growing number of attack vectors due to remote work and IoT, the increase in cybersecurity tools and telemetry and the resulting number of alerts generated by cybersecurity tools will require more SOC services and other security as a service, which will in turn drive the need for significantly increased automation to manage alerts, block attempted intrusions, respond to successful intrusions and investigate incidents at a daunting scale. Both cybersecurity skills shortages and simple economics will require a human + machine approach to cybersecurity.
Craig Sanderson, Vice President of Security Products, Infoblox
In the fight against cybercrime, governments will compel national security agencies and other public sector entities to play an active role in cyber defence. Legislation will drive action to protect national economic, social and security interests. Examples of this are already in place with the recent amendments to the Australian Cyber Security Act. The growth of governmental and national Protective DNS services such as those provided by CISA in the US, NCSC in the UK, and ACSC in Australia, highlights the governmental agency’s role.
Scott Harrell, CEO, Infoblox
Every engineering leader knows about Conway’s Law and strives not to ship their org chart – however, as an industry we have instead been shipping our customers org charts. This has resulted in platforms that work in isolation for NetOps, CloudOps, and SecOps. But this inevitably creates delays in workflows as teams pass tickets via ITSM systems between one another to accomplish tasks on a daily basis. To address this, enterprises will begin to rethink their platform strategy.
Increasingly demanding horizontally integrated platforms in addition to the vertically integrated platforms we have seen traditional vendors pursue. In fact, many leading-edge customers have already started to converge their orgs to reflect this need, with NetOps and SecOps members rotating into CloudOps teams. You can see this happening in some areas of the market like the move from SSE to SASE, where a NetOps function (branch routing) is converging with SecOps or the addition of DEM capabilities to SecOps platforms. Building for this future, we will need to unite and automate workflows across cloud, security, and networking so customers can move fast with confidence at scale.
Mark Bowling, Chief Information Security and Risk Officer, ExtraHop
With more aggressive nation-state hacking, advanced persistent threats and coordinated infrastructure attacks, it’s clear that cyberattacks are more often disrupting our economy, and more industries are recognizing that they have targets on their backs. In 2025, we will see the private sector start to continually work to get involved in efforts to boost information sharing to help industries get ahead of attacks amid rising geopolitical tensions. With more industry participation in ISACs (Information Sharing and Analysis Systems), we’ll see a bigger effort in fostering a proactive cybersecurity culture, further enabling organizations to share information, resources and ultimately stronger defenses.
Rajesh Ganesan, President, ManageEngine.
Outcome-driven IT
Modern-day enterprises are powered by IT, which now occupies a place at the top of the management table, not as a back-office function. Any failure that results in services being unavailable or disrupted can result in huge business implications. Yet, in some quarters, IT is still considered a cost centre rather than a contributor to business profits.
To change this perception, IT leaders must clearly articulate the value IT brings to the business or risk shrinking budgets. While dashboards provide metrics that point to the operational performance of a technology, they don’t always present a clear case for the business benefits derived. That clarity can be gained by aligning IT with operational efficiency, business velocity, and opportunity costs.
“In 2025, CIOs need to focus on KPIs and metrics that provide a direct link to the business outcomes that depend on them. For instance, in the healthcare industry where there is constant focus on safeguarding data and compliance management, metrics that track user behaviour and anomalies are most vital since they all affect business operations.
Cybersecurity: Everyone’s job
Managing cyber risk at all levels of the workforce – not restricting it to just the top organisational level -should be a priority for security leaders in 2025. This involves the democratisation of cybersecurity, making everyone in an organisation responsible for its defence. The benefits go beyond stronger security and increased resilience; they can lead to cost savings, better efficiency, and even innovation in security practices.
To make this work, organisations must move beyond traditional once-a-year training sessions. Continuous security engagement programs are essential, along with giving employees access to the right self-service tools and resources. This is crucial because the biggest challenge to democratising security is poorly equipped employees and ill-defined processes.
