The future of cybersecurity will be marked by proactivity and the need to anticipate threats, instead of just reacting to them. With new dangers emerging daily, what is at stake is not just data protection, but the survival of entire businesses. This is the conclusion of the cybersecurity expert from dataRain, Leonardo Baiardi, which points to the three main trends in cybersecurity for 2025: AI integration, cloud security and cybersecurity as a commodity.
For the specialist, these are just some of the facets of a rapidly changing scenario. Companies that anticipate these trends will be in a better position to face the challenges of the future, because 2025 will be a year of great changes and cybersecurity needs to be at the center of the priorities of any organization that wants to survive in the digital environment
Baiardi's message is clear: protecting oneself in the digital world has become increasingly complex, and companies that do not keep up with trends run the risk of falling behind. "We are experiencing an evolution of the already saturated discussions of 2024", that now gain a new depth, demanding a more active stance from companies.”
AI Integration
Artificial intelligence is no longer a distant promise and is increasingly present in cybersecurity solutions. For Baiardi, the great leap in 2025 will be the shift from a reactive model to a preventive one. "It is no longer just about detecting and responding to attacks". Cyberattacks nowadays have become increasingly sophisticated. There are many zero-day vulnerabilities – those that would not be detected in a "protected" system –to be discovered and that will cause great disruption. That's why the respondents' toolbox also needs to become more powerful, and the integration of AI helps a lot with that.”
A practical example is the integration of AI in firewalls, that today already allows automatic optimizations based on natural language, in addition to suggestions for new security rules based on the logs generated by the tool itself. Baiardi emphasizes that the integration of machine learning in security solutions can identify anomalies and "zero-day" attacks, that are known for being devastating and unpredictable. These attacks tend to be silent, and depending on the group behind it that executes it, the intention can vary, as extortion, cyberwarfare, industrial espionage or even between nations. Between 2021 and 2024, we literally had millions of cases where the damage is irreversible. With tools that integrate AI, "Nowadays it is possible to have a greater chance of mitigating the threat before the worst happens", explain
Cloud Security
The popularization of public cloud and SaaS (Software as a Service) solutions requires an adaptation in the cybersecurity defense strategy. "Even companies that do not directly use public cloud infrastructure", are, somehow, dependents on software based on it. This type of situation opens the door for an attack called "Supply-chain attack", where security ends up being outsourced, because it totally depends on the company that provides the SaaS. Therefore, the cloud, in addition to its undeniable advantages, also brings significant challenges, "how the need for additional layers of security and the adaptation of new governance strategies"
Baiardi emphasizes that the protection of these environments should be a priority for any business that operates digitally. "The adoption of native cloud application protection platforms (CNAPP) is already and will continue to be essential to ensure security in multicloud environments", say him. The need for constant monitoring and automation of security processes is even more critical for smaller or less specialized teams. "It is no longer possible to ignore this trend". The cloud is here to stay, but it is necessary to know how to protect it properly.”
Cybersecurity as a Commodity
Another trend that is expected to intensify in 2025 is the perception of cybersecurity as a commodity. This means that, for many companies, managed cybersecurity services have become standardized products, offered in catalogs of similar options, such as the offer of SOC (Security Operations Center). "We are seeing an increasingly competitive market", where the difference between the offers is minimal. Possibly, we will see scenarios where what will determine the choice will often be the price, and not necessarily the scope of services. We see a shortage of qualified professionals available in the market, we need to invest in the training of the teams. We also need differentiated offers for their innovation and efficiency.”
The specialist warns that caution is needed when choosing security service providers, and points out the risks of opting for non-customized solutions. Choosing the cheapest solution may seem appealing, but it may not ensure adequate protection. Each business needs to assess its specific needs and seek partners that offer the best combination of price and security.”
Finally, besides these three major trends, Baiardi highlights a point that is often overlooked: the role of the human being in cybersecurity. "We cannot forget that the weakest link remains the user", alert.
For him, amid technological evolution, training employees and educating them about safe practices remains one of the most important investments companies can make. Regular training, "phishing simulations and the creation of an internal cybersecurity culture are essential", concludes
