Brian Sims
Editor
Brian Sims
Editor
ISACA, THE global professional association deeply involved in the tech and cyber environments when it comes to IT governance, has now turned its attentions towards the key trends expected to play out in the tech and cyber worlds across 2025.
Trend 1: AI-powered attacks
ISACA is expecting to witness a significant increase in the sophistication of cyber attacks through the use of Artificial Intelligence (AI) by adversaries. Phishing attacks, for example, were previously easier to detect as human errors in language and content were noticeable. AI can perfectly recreate convincing behaviour on behalf of cyber-criminal groups ISACA is forecasting AI to be used more regularly in attacks.
What’s more, ISACA also expects to see the continued use of AI in looking for vulnerabilities within a digital ecosystem and writing code to exploit these weaknesses. No business is immune from attacks: small or large, especially considering supply chain complexities. Being prepared, though, will be key when it comes to deflecting as many attacks as possible and responding in a timely manner to minimise the impact.
Trend 2: Cyber security skills gap becomes a growing threat
The cyber security skills gap will become an even more critical threat within the coming years. With 61% of cyber security professionals reporting that their organisation is understaffed in the cyber domain, addressing this gap must be a top priority for European organisations if they’re to keep pace with emerging technologies and the cyber criminals.
The threat landscape is rapidly developing. As such, businesses must ensure that their teams receive adequate training to protect the host organisation from more sophisticated attacks.
Without immediate action to plug the skills gap, organisations will find themselves dangerously unprepared for the next wave of cyber threats.
Trend 3: More demands from regulation
Regulation is crucial for establishing effective frameworks and enforcing organisations to put greater emphasis on cyber security. From NIS2, DORA and CRA in the European Union through to new initiatives taken in the UK and other jurisdictions in Europe, they will encourage digital resilience to be viewed as a business issue, not just a technical one by embedding it in daily operations.
While this is an important step, ISACA predicts that we will see more demand placed upon professionals, many of whom are already under incredible pressure, working towards compliance.
For legislative frameworks to deliver real impact, organisations must invest in their cyber security teams. Failing to do so means that even the strongest regulations are powerless as there will be no-one equipped to enforce them.
Trend 4: Digital pandemic
In 2025, ISACA is expecting to see the continued impact of supply chain weaknesses across businesses and the public sector internationally. When a single service within the chain fails, either accidentally or as the result of a cyber attack, millions may be impacted. In the case of critical infrastructure, human life could be placed in jeopardy.
Otherwise known as a ‘digital pandemic’, its consequences will worsen if swift action isn’t taken. It’s not enough for one organisation to protect itself. It requires robust cyber resilience throughout the supply chain.
As geopolitical tensions rise and nation state cyber attacks increase in number, it’s crucial that Governments invest in – and work closely with – cyber security experts in order to ensure strong cyber protection that will shield critical infrastructure and bolster national security.
