Artificial Intelligence continues to lead the way and generate new trends in both the technological and business landscape. But it is not the only trend for next year. Commvault has revealed the trends it sees for next year, which will change the way organizations face cyber resilience.

  1. New threats to cybersecurity with accessible GenAI models. In 2025, GenAI models could open the doors to new attack vectors, especially in social engineering and data manipulation. Data analytics with Artificial Intelligence has not received much attention, but it has great potential for cybercriminals. Data we share, data stolen, data sold by intermediaries, are examples of data that with analysis would create attack vectors that appear legitimate. Surveillance and strong defenses will be crucial to protecting against these sophisticated AI-enabled threats.
  1. Teams of threat detection agents will be formed. In 2025, we will see a trend towards models based on AI agents that specialize in a specific skill. These agents will receive training in specific areas that address the challenge being solved. When it comes to threat protection, rather than relying on one agent and LLM to manage the many facets of detection and protection, IT and security teams will bring together a series of specialized agents to create their own circle of experts on security issues.
  1. New jobs related to ethics in AI. By 2025, jobs could evolve significantly, with responsibilities around AI oversight and ethical decision-making. Positions such as “AI compliance officer” or “digital ethicist” could emerge to ensure transparency and fairness in AI-driven decisions. Additionally, with new data privacy and security regulations, the demand for regulatory compliance experts will become essential.
  1. Cybersecurity threats will continue to grow in volume and severity. To combat these attacks, there are many aspects of cybersecurity that must be taken into account: it is not only about defense and protection, but also about monitoring anomalies to detect infiltrations in time before they cause havoc, and very important ability to recover quickly if the worst happens. Cyberattacks have only grown in complexity as attackers exploit six “megatrends” in technology: artificial intelligence (AI), cloud computing, social media, software supply chains, the emergence of teleworking, and the Internet. of things (IoT). These trends collectively accelerate the scale and impact of attacks, making a purely preventative approach redundant.
  1. CISO Advocacy Posture. In 2025, CISOs will need to adopt a more autonomous defense posture to protect against increasingly sophisticated AI-powered cyberattacks. These attacks will range from manipulating social media data in real time to launching personalized, hard-to-detect phishing attempts that can easily fool employees and ultimately penetrate company defenses. To combat these threats, organizations must improve employee training and begin leveraging Artificial Intelligence to counter AI-driven tactics. CISOs can lead the charge by fostering a strong security culture, continually educating employees, and implementing rapid anomaly and threat detection capabilities to mature their cyber resilience strategies. This type of proactive approach will help organizations transform potential disruptions into small setbacks rather than prolonged crises.
  1. CIO/CISO/CAIO collaboration. Next year will usher in an era of mandatory collaboration between the CISO, CIO and emerging CAIO to ensure organizations balance AI innovation, security and compliance. This emerging team will need to develop frameworks that align rapid advances in AI with cybersecurity and privacy standards, to ensure their companies can safely and responsibly adopt AI innovation, to serve their customers and remain competitive.
  1. “Right of bang” approach. A shift towards ‘right of bang’ thinking is needed in 2025, shifting the focus to what happens after an inevitable breach (the ‘bang’), with the aim of building resilience at the heart of business operations. This change recognizes that cyber threats are not an exclusive problem for IT departments, but for the entire company. The goal is to achieve cyber maturity, defined by a robust recovery plan, awareness at all levels of the organization, and a strategic emphasis on resilience.
  1. Avalanche of regulations. The deadline for the implementation of NIS2 ended in October, although, so far, only a handful of countries have complied with it. The main challenge organizations face is the persistent lack of clarity and detail. On the other hand, the January DORA deadline is approaching, but organizations find themselves in a similar position of lacking the guidance they need to prepare as the implementing regulatory technical standard documents are still in process. of elaboration. Finally, in 2025 we should see a new certification scheme for cloud services, which is a big step. Although work on this system began some time ago, it is expected to accelerate in the next 12 months. The main issue has been related to data localization requirements, and whether additional requirements should be imposed on non-EU organisations.
  1. Strategic partnerships and security and resilience ecosystem development. Partnerships between cybersecurity and data resilience companies will create a robust ecosystem that promotes seamless interoperability and accelerated response capability. Strategic alliances in 2025 will focus on creating cross-platform security solutions that meet the diverse needs of users in hybrid and multicloud environments. With shared data standards and integrated security frameworks, these alliances can help companies address gaps in their cybersecurity architecture, improving overall resilience.
  1. Cyber ​​resilience, essential. Looking ahead to 2025, the shift toward a cybersecurity strategy that prioritizes resilience is likely to define the success of businesses around the world. As cyber threats grow in scale and complexity, emphasis on rapid and effective recovery is no longer optional, but essential. Organizations must adapt to the new normal of inevitable cyber incidents and take proactive measures to ensure they can withstand and recover from potential breaches.