Cybersecurity is entering a new era, where AI is both the attacker and the defender. With cyber threats evolving at machine speed and security teams struggling to keep up, organizations need to rethink their approach.

Alex Michaels, Senior Principal Analyst at Gartner, explains that security and risk management (SRM) leaders must strike a balance between enabling transformation and embedding resilience to ensure their organizations can innovate securely.

“Security and risk management (SRM) leaders face a mix of challenges and opportunities this year, with a goal to enable transformation and embed resilience. Their efforts in achieving both are crucial to support their organization’s aspirations to not only innovate but ensure their innovations are secure and sustainable in a fast-changing digital world.”

To help enterprises navigate this, Gartner has identified six key cybersecurity trends that will shape 2025. These trends, ranging from AI security and workforce resilience to risk governance and technology consolidation, will redefine how businesses approach cybersecurity in the year ahead.

AI’s Expanding Role in Cybersecurity

Artificial intelligence continues to drive fundamental shifts in cybersecurity, both in how organizations protect themselves and in how attackers exploit vulnerabilities.

The most immediate impact is on data security, with organizations shifting investment toward protecting unstructured data like text, images, and videos that power AI models.

“Many organizations have completely reoriented their investment strategies, which has significant implications for large language model (LLM) training, data deployment, and inference processes. Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programs.”

At the same time, security leaders are becoming more tactical in how they deploy AI within their cybersecurity strategies. While many organizations initially attempted broad AI-driven security transformations, they are now focusing on smaller, measurable improvements that align with existing workflows.

“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications, and improve cybersecurity with AI. By focusing on more tactical, demonstrably beneficial improvements, they can minimize the risks for their cybersecurity programs and can more easily demonstrate progress.”

The Expanding Attack Surface Managing Machine Identities

As cloud adoption, automation, and AI-driven workloads scale, enterprises are seeing an explosion of machine identities, accounts, and credentials tied to software applications, IoT devices, and cloud services rather than human users.

These identities are often poorly managed, creating new vulnerabilities for attackers to exploit.

Gartner’s research highlights a major oversight in IAM strategies: a recent survey found that IAM teams are responsible for just 44% of machine identities, meaning over half remain unmanaged.

For CISOs, addressing this challenge requires a coordinated effort across IT, security, and DevOps teams. If machine identities are left unchecked, they could become one of the most significant cybersecurity risks of 2025.

Technology Sprawl Time for Optimization

With enterprises using an average of 45 security tools and with over 3,000 cybersecurity vendors in the market, organizations are rethinking how they optimize their security technology stacks.

While expanding security investments might seem like the answer to emerging threats, too many overlapping tools can lead to inefficiencies, wasted resources, and gaps in protection. Gartner advises security leaders to focus on consolidating their security controls, aligning investments with business goals, and improving interoperability between security solutions.

This trend signals a shift away from buying more tools and toward maximizing the effectiveness of existing investments.

Building a Stronger Security Culture

One of the most significant shifts in cybersecurity strategy is a renewed focus on security behavior and culture programs (SBCPs). Organizations are increasingly embedding security awareness into workplace culture, recognizing that technology alone cannot eliminate risk.

A major driver of this change is GenAI-powered automation.

Gartner predicts that companies that integrate AI into security training programs will see 40% fewer employee-driven cybersecurity incidents by 2026. The widespread use of AI-powered security awareness tools is helping employees recognize threats more effectively and fostering a stronger sense of ownership over cybersecurity at all levels of the organization.

Cybersecurity Burnout

Beyond technology, cybersecurity leaders must also confront the human cost of maintaining security in an increasingly complex landscape. The cybersecurity talent shortage remains a serious challenge, and the unrelenting pace of security threats is taking a toll on security professionals.

Michaels emphasizes that addressing cybersecurity burnout is critical to maintaining effective security programs:

“Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure cybersecurity program effectiveness. The most effective SRM leaders are not only prioritizing their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”

As security threats grow more sophisticated, ensuring a sustainable, well-supported security workforce will be just as important as adopting the latest cybersecurity technology.

The Wrap

Cybersecurity in 2025 is evolving beyond traditional defense strategies. Gartner’s six key trends highlight the need for AI-driven security, a renewed focus on cyber resilience, and a shift toward optimizing security programs rather than simply expanding them.

CISOs and technology leaders should focus on three key actions:

• Evaluate how AI is shaping security risks and defenses — particularly around data protection and tactical AI deployment.

• Strengthen identity management by addressing machine identities, which are emerging as a critical attack vector.

• Reassess security investments, focusing on optimization rather than tool expansion, and prioritize workforce resilience to combat cybersecurity burnout.

Michaels advises that organizations take a structured approach to these challenges:

“CISOs should evaluate each cybersecurity trend and decide whether to embrace, monitor, or ignore it. If they choose to embrace a trend, they should integrate it into their strategic roadmap, ensuring that relevant projects are initiated to align with their long-term goals. For trends that are monitored, CISOs should keep a close watch on developments and be ready to act if necessary. Ignoring a trend should be a well-considered decision, as it might leave the organization vulnerable in the future.”

By aligning security strategies with these evolving trends, organizations can not only strengthen their defenses but also enable business transformation in an increasingly complex digital world.