2025 Unlocked: What Shaped the Security Conversation

Cybersecurity in 2025 brought increased attention to the limits of current defenses.

Attackers used automation and software vulnerabilities to gain access to enterprise systems. Leaders had to manage threats while continuing to support operations. Several companies faced public incidents, and key decisions during the year influenced how businesses planned for future protection.

To recap, we’ve put together some of the major themes that impacted cybersecurity this year and how the industry has responded.

AI and Malware Development

Artificial intelligence played a larger role in cyberattacks this year. Malware that adjusted its behavior during execution became more common, making detection more difficult. These tools were often used to bypass traditional defenses by rewriting code or avoiding patterns that older systems were trained to recognize. Financial firms and healthcare providers reported several breaches tied to these tactics.

To manage these threats, vendors introduced AI-based detection and containment features.

Palo Alto Networks added autonomous response capabilities to its Cortex platform, which helped identify and isolate threats without requiring human input. Microsoft expanded Defender to flag and contain abnormal activity. These changes gave security teams faster response options, although proper setup remained essential.

Vulnerabilities in Software and Third-Party Dependencies

Attackers also focused on well-known software flaws. Microsoft SharePoint was affected by a vulnerability that remained open in many organizations even after a patch was issued. Delays in applying the fix allowed intrusions across several industries.

The incident highlighted how overlooked systems can become entry points.

Third-party risk also led to significant breaches.

Several major airlines were exposed after attackers gained access to vendors. Compromises raised concerns about how external providers handle sensitive data and network access. As a result, more companies began reviewing their supplier relationships and tracking software components more closely.

Infrastructure and Public-Sector Risks

Government-connected systems continued to face threats tied to aging infrastructure.

A breach at the Kansas City National Security Campus, operated by Honeywell, showed how attackers can move through systems using known vulnerabilities.

Though valuable data remained secure, the incident revealed how business networks and protected systems can still be linked in ways that increase risk.

In response, federal partners focused on access controls and software maintenance across contractor networks. These efforts pointed to the need for stronger separation between administrative systems and those handling sensitive operations.

The events also led to renewed attention on how software decisions affect security at a national level.

Testing and Vendor Behavior

Security vendors took different approaches to product validation in 2025.

Microsoft, SentinelOne, and Palo Alto Networks chose not to participate in the year’s MITRE ATT&CK Evaluations.

The decision led to discussions about how tests are structured and whether they match what organizations experience in real-world conditions.

Some buyers began asking for tailored evaluations or external audits before selecting new tools. Others looked to vendors that remained part of public testing programs.

This shift placed more focus on how security products are assessed and what value those results provide to decision-makers.

Cloud Use and Configuration Gaps

Many organizations increased their use of cloud services, which led to more incidents tied to configuration mistakes.

Companies reported unauthorized access or data exposure due to settings in platforms like AWS and Azure.

To address these problems, teams used tools that monitored cloud environments for access issues and security gaps.

Solutions from companies like Wiz and Zscaler helped identify and correct misconfigured resources. Some firms added automated checks into their deployment processes to prevent similar mistakes.

Security Investment and Financial Activity

Investment in cybersecurity remained strong throughout the year.

Netskope completed a major public offering, raising more than $900 million. The company gained attention for its focus on cloud-based access control and data protection. This event showed continued interest in tools that support remote work and decentralized infrastructure.

Many organizations expanded their budgets to support projects that improved user access management, encrypted data inspection, and cloud visibility. As businesses moved more systems online, they looked for tools that matched that shift in workload.

Leadership, Governance, and Internal Alignment

Cybersecurity decisions extended beyond IT departments.

A new U.S. National Cyber Director took office in 2025 and supported efforts to coordinate across government and private sectors. This role will help guide responses to large-scale incidents and shape future planning.

Within companies, CISOs and CIOs worked together to manage how new technologies were introduced.

With artificial intelligence and SaaS platforms growing, organizations added reviews to check if new tools met security standards. Teams focused on building awareness and improving how information flowed between departments during investigations.

The Wrap

This year showed how attackers continue to rely on tools that work.

• Malware took on new forms through AI, but old vulnerabilities still allowed access where systems were not updated.

• Software used across many organizations remained a top concern, especially when tied to external providers.

• Security vendors took new positions on how their tools should be tested, which led buyers to rethink how they evaluate options.

• Cloud growth continued to expose errors in configuration and access settings.

• Government systems showed that oversight and maintenance are still imperative for long-term protection.

• Leaders who emphasized monitoring, communication, and vendor control made progress in reducing their risk.

The events of 2025 will likely influence how businesses plan for the next year, especially when balancing innovation with safety.