Sector voices on what they expect for the coming year.
Tarun Desikan, Executive Vice President of Product Strategy, SonicWall
2024 saw some great concept security demos using GenAI models by ChatGPT, Anthropic, Google, etc. We saw AI SOC agents, AI policy generators, AI security admins and more. If you were expecting to see these demos make production-ready security products, think again. In 2025, we expect the rubber to meet the road – while the focus will switch from making exciting demos to making AI work in real-world scenarios, operationalizing GenAI to consistently improve security outcomes will turn out to be a very challenging problem. Turning hype to production will take significantly more time and, in 2025, the industry will acknowledge that reality.
Sandeep Raithatha, Head of Strategy, Innovation & 5G IoT Products, Virgin Media O2 Business
Private network adoption will significantly accelerate in 2025, with the market projected to reach $6.4bn by 2026. Standalone private 5G networks are expected to capture 40% ($2.8bn) of investments, while the Shared Rural Network extends 4G coverage to 95% of UK landmass.
As a result, we will see businesses increasingly adopt private 5G networks for secure, high-performance communication, specifically in industries like manufacturing, healthcare, education, and smart cities, which will leverage private 5G networks for secure automation and real-time operations.
When it comes to private networks, we will also see the emergence of network slicing as the next evolution of private networks, enabled by 5G standalone architecture. This technology will allow for the creation of multiple virtual networks on a shared physical infrastructure, each tailored to specific business needs. This will provide high-quality connectivity and empowers organisations to continue delivering exceptional service, while ensuring their connectivity solutions are both scalable and cost-efficient.
Raghu Mandakumara, Head of Industry Solutions, Illumio
2025 will demand security investments are accountable not fashionable.
Security budgets will continue to rise in 2025, but we’ll see less investment in fashionable technologies like NDR and SOAR, and more on technologies that can minimise the impact of attacks and protect critical assets.
Organisations have come to the realisation that it’s impossible to eliminate the probability of an attack and security strategies will shift to a perspective that, while prevention is essential and should be deployed where logical, it must rest on a foundation of breach containment.
We’ve seen a steady increase in cyber awareness in the boardroom over the past couple years, however, 2025 will be the year when we finally see this shift from awareness to accountability.
Business leaders will follow in the footsteps of high-profile leaders like Satya Nadella at Microsoft, taking ownership of cybersecurity and preventing security leaders from shouldering all the blame from cyber incidents. Improving operational resilience will become the priority and this will drive a focus on substance over optics when it comes to cybersecurity investments.
“The nuanced and specialised role of the CISO will be phased out to make way for Chief Security Officers (CSOs) in 2025, driven by increased interconnectivity and the convergence of IT and OT systems. Organisations recognise that threats are no longer siloed in separate areas of the business; and require a leader to unify all risks and provide comprehensive oversight of security.
The CSO will also sit on the executive team and board, ensuring that the top of the organisation is not only aware of cybersecurity issues but is also accountable for security-related decisions and strategies.”
Trevor Dearing, Director of Critical Infrastructure, Illumio
The world continues to hang by a thread when it comes to combatting cyberattacks. However, next year we will reach breaking point – and the consequences will be severe.
Likely driven by a state actor, I expect we’ll see a major attack on CNI like energy that will cripple essential services and halt basic operations for days. The impact could lead to unprecedented public disruptions such as power outages and massive hospital evacuations, forcing a much-needed rethink by government and industry in cyber resilience and how we protect and operate essential services. A new approach, similar to a “DORA for Energy” may emerge, calling for a coordinated secure-by-design model.
As operational technology (OT) systems become increasingly become smarter and more connected, we’ll see a rapid shift in the security strategies and technologies that organisations deploy. OT environments will begin to look a lot more like IT environments and traditional security architectures, such as the Purdue Enterprise Reference Architecture, will become obsolete in favour of modern approaches like Zero Trust that promise greater gains in operational and cyber resilience.
The focus in 2025 will finally shift from preventing attacks to mitigating their impact. Organisations are spending increasing time, money and resources on prevention and detection technologies like EDR and are still getting breached, so the focus will move toward a breach containment strategy that emphasises resilience and continuity.
Organisations will begin rigorously assessing minimum viable operations to maintain essential services, mapping out detailed rebuild protocols, and establishing recovery measures to minimise downtime. This will not only protect critical services but also reduce the fallout of any single attack, shifting the security dialogue towards “how fast can we recover” rather than “how do we prevent this?”
Dan Berte, director of IoT security, Bitdefender
2025 will be a pivotal year for Internet of Things (IoT) security driven by multiple certification programs including the US Cyber Trust Mark, CSA Verified and EU RED addendum. These initiatives aim to help secure billions of IoT devices along with associated apps and platforms targeted by threat actors across homes, businesses, and critical infrastructure. A recent report found that 99% of exploitation attempts on IoT devices use previously known and fixed vulnerabilities (CVEs).
While these initial efforts to establish security guidelines and basic requirements for IoT manufacturers are a significant step forward, it will take years – and multiple revisions – before they evolve into standards capable of addressing the full scale of today’s security challenges.
The private sector will play a critical role in this journey through policy workshops, collaboration with governments, and ongoing research, helping to set industry benchmarks that will complement formal security frameworks and standards.