New dogs will combine old dogs’ wisdom with new tricks in response to AI and quantum threats
Organisations will start future-proofing their security control environment over the next 12 months in response to the never-before-seen dangers of AI and quantum computing, which are tearing up the cybersecurity rule book. Whilst it’s never too late for an old dog to learn new tricks, these threats will materialise over a long time period and today’s junior team members will be tasked with defending us against these unprecedented dangers in the future. Organisations need to prepare for tomorrow now, training new recruits with the accumulated knowledge cybersecurity leaders have built up over years of industry experience, alongside learning about emerging threats and responding to changes as they occur. Security leaders that understand just one or the other will leave organisations wide open to attacks in the future.
Complex regulations will push cybersecurity to step out of IT’s shadow and professionalise
The cybersecurity industry will become more professionalised in response to the increasingly complex regulatory landscape in the coming year. There have been a number of cyberattacks that have had a long tail this year. In response, regulators are maturing in their understanding of cybersecurity and enforcing a number of new legislations, such as the government’s Cybersecurity and Resilience Bill, DORA in the EU and the successors to the NIS directive. The cybersecurity industry must mature and take steps towards professionalisation in kind, finally stepping out of the shadow of the IT department to tackle the technical nuances of regulation and focus on business and operational resilience. The specialised skills needed to truly defend organisations, handle incidents and demonstrate compliance must become more standardised across the cyber sector. Cybersecurity teams that truly understand regulations will also find them to be a valuable ally in driving security investment, but to make a compelling case they must have the professional skills and understanding of legislations and how they impact businesses.
Diverse hiring will relieve the cybersecurity ‘pressure cooker’ in 2025
Diverse hiring practices will start to alleviate the ‘pressure cooker’ facing cybersecurity teams in 2025 as organisations recognise the value of diverse teams and the unique perspectives they bring to the table. The security landscape is growing at pace – new threats, more sophisticated adversaries, fresh regulations. Recruitment simply can’t keep up, and the skills gap is widening. Companies will start to look outside of the box to meet demand. In some cases, this will mean looking beyond the ‘male, pale, stale’ typical security professional, diversifying the workforce to be more inclusive of women, ethnic minorities and those from neuro-diverse backgrounds. Beyond demographics, companies will increasingly seek candidates with transferable skills from within their own organisation, or from sectors like finance, turning a banker’s risk management skills to compliance. This will require a shift in mindset— looking beyond purely technical qualifications, badges and sector-specific experience, instead focusing on the critical skills that are in short supply.