Predictions 2025: Security And Risk Pros Will Brace For Regulations And Resilience

1 month ago 16
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

In 2024, regulators around the globe introduced a myriad of proposed cybersecurity- and privacy-focused policies and legislation to better manage emerging risks relating to emerging technologies such as generative AI (genAI), as well as those related to managing third-party relationships. Security and risk leaders sprinted to secure genAI, even as its use cases were still evolving; almost every industry experienced critical IT disruptions due to lack of resilience planning; and despite downplaying third-party risks, organizations globally saw an increase in software supply chain breaches.

With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organizations pivot to adopt more proactive security measures to limit material impacts. This year’s cybersecurity, risk, and privacy predictions from Forrester for 2025 reflect how organizations need to evolve to address these emerging risk domains. Here are three of those predictions:

  • CISOs will deprioritize genAI use by 10% due to lack of quantifiable value. According to Forrester’s 2024 data, 35% of global CISOs and CIOs consider exploring and deploying use cases for genAI to improve employee productivity as a top priority. The security product market has been quick to hype genAI’s expected productivity benefits, but a lack of practical outcomes is fostering disillusionment. The thought of an autonomous security operations center using genAI generated a lot of hype, but it couldn’t be further from reality. In 2025, the trend will continue, and security practitioners will sink deeper into disenchantment as challenges such as inadequate budgets and unrealized AI benefits reduce the number of security-focused genAI deployments.
  • Breach-related class-action costs will surpass regulatory fines by 50%. Breach-related spending is no longer limited to regulatory fines and remediation costs. Historically, cyber regulations have not gone far enough to protect customers and employees — causing these same people to pursue class-action lawsuits and seek damages. Class-action costs are enormous in data breach litigations. And with the percentage of companies facing class actions at a 13-year high, CISOs will be asked to contribute toward the company’s class-action defense fund in 2025, making costs from class actions greatly exceed fines imposed by regulators.
  • A Western government will bar specific third-party or open-source software. Software supply chain attacks are a top culprit for data breaches in organizations globally. Growing pressure from Western governments to require private companies to produce software bills of materials (SBOMs) has been a boon for software component transparency, but these SBOMs highlight the role of third-party and open-source software in the products that governments purchase. In 2025, a government armed with this information will restrict an open-source component on the grounds of national security. To comply, software suppliers will need to remove the offending component and replace the functionality.

Forrester clients can read the full Predictions 2025: Cybersecurity, Risk, And Privacy report to get more detail about these predictions as well as two additional predictions related to the EU AI Act and internet-of-things device security. You can also register for the upcoming client webinar.

If you aren’t a client, sign up here to receive our complimentary Predictions guide, which covers our top predictions for 2025, when it becomes available later this month. Get additional complimentary resources, including webinars, on the Predictions 2025 hub.

Related Forrester Content

Blog

Gone Are The Days Of Networking Infrastructure Choice

Choice Is A Mirage Well, sort of. Customers still want choice, and networking vendors claim to offer it. But this isn’t my first rodeo. When I see “choice” claims from vendors, I see it as just marketing’s way of saying that it’s a messy product portfolio. I’m not innocent. When I worked at Cisco and […]

Blog

Apply For The 2024 Forrester Security & Risk Summit Scholarship Today

Forrester is once again partnering with Women in Security and Privacy to provide free admission to our Security & Risk Summit for four women looking to break into cybersecurity. Learn the details and find out how to apply for the scholarship here.

Get The Insights At Work Newsletter

Email Address*

Yes, I’d like to receive Forrester’s Insights At Work newsletter and receive occasional survey invitations and marketing communications.

Thanks for signing up.

Stay tuned for updates from the Forrester blogs.

Read Entire Article