As 2024 comes to a close, we reflect on a year with hacks, outages, legislation, and rapidly emerging trends that shifted the cybersecurity landscape.
Artificial intelligence (AI) continues to evolve at breakneck speed, with generative and agentic AI pushing organizations to consider its role across every aspect of the business. Meanwhile, new categories emerge to help organizations better manage their data amidst the cloud’s continued expansion and increasingly sophisticated cyber threats. Finally, we’re seeing legislation enacted worldwide to help organizations mitigate risk and maintain cyber resilience.
So what will this lead to in 2025? Read on for six cybersecurity trends Rubrik expects to unfold next year.
1. Data Security will be at the heart of Generative AI adoption
As we look towards 2025, one critical element stands out in the discourse around the adoption and evolution of generative AI: data security. As generative AI models require vast amounts of data to learn and generate content, ensuring this data’s privacy, confidentiality, and integrity becomes paramount. Companies that can offer robust data security measures will gain a competitive edge, fostering greater trust among users and partners. This trust translates into market share, as businesses and consumers are more likely to engage with AI solutions that prioritize data protection, aligning with stringent regulations like the EU AI Act, GDPR, or CCPA.
Data security, therefore, isn’t just a hurdle for generative AI; it’s becoming its driving force. As businesses and consumers alike demand more from AI in terms of capability and security, generative AI’s future looks increasingly intertwined with advancements in data protection. By 2025, we predict that data security will not only be a benchmark for success in the AI industry but a deciding factor for trust and broad-scale AI adoption by industry and consumers.
2. DORA will extend beyond financial services, promoting cyber resilience across industries.
The Digital Operational Resilience Act (DORA) was initially enacted to bolster IT security for European financial service institutions. But in 2025, DORA will become more of an operational resilience tool due to its array of processes for risk management, incident reporting, third-party risk management and business continuity management. These processes will help organizations respond to cyber threats, geopolitical tensions, and natural disasters. Indeed, DORA’s broader adoption will redefine how all businesses approach operational resilience and continuity in an increasingly unpredictable world, underscoring the urgency of preparation.
AI will become a vital ally in meeting DORA’s requirements, revealing new use cases as companies innovate ways to incorporate AI-driven resilience measures in areas like threat detection, response automation, and compliance monitoring. In a landscape that now requires real-time responses, AI will empower organizations to respond to incidents and adapt as situations evolve dynamically.
3. IT and security leaders must fortify their data in the cloud.
Data is the crown jewel of the business—and the cloud is increasingly becoming its castle. But what good is a castle if you leave the drawbridge down? Organizations must prepare for cloud intrusions from increasingly sophisticated cyber threats: the 2024 CrowdStrike Global Threat Report found cloud intrusions have surged by 75% since 2023.
With the cloud’s continued expansion comes an even greater responsibility for organizations to combat vulnerabilities—otherwise, this surge is only the beginning. In 2025, organizations must focus on protecting data in the cloud, monitoring risk, and building confidence that they can recover data and applications in the event of an attack.
This means going above and beyond app-native security tools and finding tailor-made solutions that not only prevent threats from reaching data in the cloud but also recover swiftly against any threats that sneak across the moat.
4. Data Security Posture Management becomes an essential element of cyber resilience.
Data security posture management—DSPM—aims to solve one of the most complex issues in modern cloud environments: knowing where all your data is and how it is secured.
According to Research and Markets, the DSPM market is undergoing significant growth, driven mainly by AI adoption. As more (and larger) data sets become available for AI models to consume, the likelihood of sensitive data being exposed to unauthorized users increases significantly.
Cloud, AI, and DSPM will go hand in hand because traditional security methods like DLP (Data Loss Prevention) and CNAPP (Cloud-Native Application Protection Platforms) alone don’t adequately address an organization’s overall data-related cyber resilience.
5. A wave of AI agents will increase cyber resilience—and introduce new risks.
The emerging agentic AI market shows endless potential, especially for organizations that use the cloud to scale computing power and storage capacity to train and deploy complex AI models. CISOs focusing on cloud-first architectures will reap the benefits of increased productivity, better customer experiences, and more. Agentic AI also has the potential to help businesses keep their data and cloud apps more secure; imagine a future where AI agents automate threat detection while enhancing the speed of response and resilience.
However, if not implemented cautiously, agentic AI will also risk sensitive data in the cloud. As AI agents become more sophisticated and interconnected, they will likely lead to more security vulnerabilities and accidental data leaks. Savvy business and IT leaders will not let this hold them back from adopting agentic AI but rather drive them to establish guardrails, set up stringent data access policies, and clearly communicate organizational best practices.
6. Ransomware will continue to evolve and create havoc.
If 2024 taught us anything, ransomware isn’t going anywhere—and will continue to be a favorite of bad actors. With the evolution of AI and more data moving to cloud and SaaS-based platforms, attackers can automate and refine their attack strategies, making ransomware even more effective in 2025.
But it gets worse. We expect Ransomware-as-a-Service (RaaS) to expand beyond malware, offering initial access brokering, data exfiltration, and negotiation services. RaaS platforms will also continue to lower the technical threshold for launching ransomware attacks, which means more individuals or less technically skilled groups can engage in ransomware activities, increasing the volume of attacks. Organizations will need to develop new strategies to contend with this reality.
These six predictions highlight why 2025 promises to be a dynamic year in cybersecurity. Now is the time for IT and security leaders to prepare.
