With Cyber Security Awareness Month officially wrapped up, it’s time once again for reflection and predictions.
2024 has once again been punctuated by cyber incidents. We saw substantial, more ‘traditional’ breaches at AT&T and MOVEit (no real surprises there). And then we saw more surreal incidents, including an ill-intentioned insider who scared UK commuters with a terror-related message served up on personal device screens via Network Rail’s Wi-Fi (it’s giving BBC’s Nightsleeper). Meanwhile, there has been a lot of speculation around the role of emerging tech, such as AI, in the cyber security landscape.
With all this in mind, what will shape discussions in the industry next year?
1. The Rise of ‘Coopetition’
This year, we saw increasing cooperation (or perhaps more accurately, ‘coopetition’) among cyber security vendors. This will continue long into 2025. Despite being competitors, firms have long recognised the value of sharing security knowledge, especially threat intelligence and useful open-source tools. In fact, research has shown that cyber companies’ innovation levels are positively associated with the number of threat-sharing relationships they have.
Moreover, the last few years have seen significant consolidation in the cyber security industry, with M&A and partnerships aplenty. The trend reflects a growing understanding amongst the industry and its customers that a multi-layered security approach is crucial for combatting cyber threats effectively.
However, different security tools also need to be properly consolidated at the individual company level. Expect to see more noise about consolidation as a central theme in cyber security messaging next year, especially among channel partners and MSSPs looking to sell pre-packaged security stacks that remove the heavy IT lift of integrating tools for customers.
2. The Role of AI in Cyber security
No current discussion about technology seems complete without mentioning artificial intelligence (AI) and I’d hate to disappoint. However, the truth is AI has been a part of cyber security for years – from automating attacks to putting the X in XDR, AI plays a pivotal role on both sides of the cybercrime fence.
When it comes to predicting AI’s effects on cyber security, it’s worth putting the technology squarely back in the context of the industry.
The history of cyber security dates back to the 1970s, when the first computer virus was created by a programmer named Bob Thomas —not out of malice but as a demonstration of software mobility through a network. Although his intention was non-malicious, Bob had unwittingly paved the way for the modern, mobile and self-replicating computer virus.
The internet (and its precursor ARPANET) then offered a way for computer networks to communicate with each other – and so opened the door for viruses to jump between networks.
All of this is to say that AI is simply one of the newest technologies in a chronically evolving arms race between cyber criminals and security professionals. In 2025, expect to see the barrage of messaging centered around AI that we’ve seen this year die down a bit as companies recognise a certain level of fatigue around this topic from customers and journalists alike. With this in mind, vendors should start properly interrogating where and how to mention AI in their external communications based on more substantive discussions about its practical applications and limitations.
3. IT and OT Convergence
Another trend to watch is the continued convergence of information technology (IT) and operational technology (OT). Industries that still use legacy systems are now thoroughly embracing digital transformation, but this is simultaneously opening more doors for hackers.
Nowhere is it more important to shore up the cyber security of legacy systems than with critical national infrastructure (CNI) such as energy grids, healthcare and transport. The legacy systems governing CNI are prime targets for attack because of their outdated architecture and the national disruption that can be caused by a breach. Meanwhile, the UK is the third most targeted country in the world for cyber-attacks, after the US and Ukraine.
It’s been heartening to see the government collaborate with cyber vendors through various organisations and accelerators in recent years, promoting the sharing of private sector innovation with the public sector. For example, our very own client Goldilock secured a place on the UK government’s Defence and Security Accelerator (DASA) and with the NATO DIANA programme to help get its critical physical disconnection and segmentation solution where it’s needed most within transatlantic security.
I’d expect conversation and collaboration between sectors to continue next year. For example, the newly announced ‘Cross-Government Review of Technology Adoption for Growth, Innovation and Productivity’ will focus on the adoption barriers facing innovative and transformative technologies focusing on sectors such as advanced manufacturing, clean energy, creative industries and defence.
Consolidating your cyber messaging
Companies are focused on determining how to prioritise cyber security alongside their digital transformation efforts. Many businesses find themselves at a crossroads right now—most know they need to evolve their security strategies to keep pace with technology innovation but are unsure exactly how to do so.
Meanwhile, there is so much messaging around cyber security that it can be hard for organisations to sort the marketing speak from genuine, practical advice. When the only thing they’re sure of is being targeted, how can individual businesses identify the right security solution or stack combination for them?
Security vendors can cut through this noise next year by looking at the bigger picture. Organisations will be looking to create a cohesive digital transformation framework that allows them to react to change and pivot as a single entity. Truly effective cyber approaches will mean embedding security into every digital transformation initiative by integrating it with their cloud and network infrastructure from the ground-up. Security vendors must adopt a very customer-centric mindset to work out their place in this more platformised future, collaborate with others where needed and then invest in telling a simple yet cohesive story.
