s we approach 2025 , the cybersecurity landscape is changing in ways that aim to make the industry more humancentric , collaborative and perhaps counterintuitively – pessimistic .
Looking back on the year , one element that has not been highlighted enough is people . Professionals in the industry , particularly Chief Information Security Officers ( CISOs ), have been under immense strain . With cybercrime posing the greatest threat to the UK ’ s national security , cybersecurity professionals are commonly working in incredibly high-pressure environments . It can be no surprise that many CISOs are only staying in a post for 18 – 24 months , according to Gartner . Simply put , it ’ s not sustainable to continue in this way .
The industry currently treats CISOs like referees in football . They ’ re an integral part of operations running smoothly but , when situations get tricky , they can become scapegoats and attract a lot of heat . But that ’ s where the similarities end .
Despite cybersecurity professionals working with stringent and extensive regulations , cybercriminals definitely do not play by the rules . The crippling attacks this year targeted at the healthcare industry and highlighted that no business is off limits . Even when a breach is a matter of life and death .
We must make 2025 a turning point . New regulations , shifts in mindset and industry-wide initiatives are reshaping cybersecurity to make it not only smarter but also friendlier . This transformation is paving the way for resilience , collaboration and a more sustainable future for organisations and their security teams .
Shifting from blame to collaboration
Following an incident , playing the ‘ blame game ’ does little to recover from the attack and suitably prepare for the next . When breaches occur , CISOs are often in the spotlight , bearing the brunt of organisational frustration . Yet , breaches are no longer a question of if but when . This inevitability calls for a fundamental shift in how organisations handle cyber incidents .
Inspired by the airline industry ’ s ‘ just culture ,’ the cybersecurity industry in 2025 must look to prioritise transparency and learning over blame . Airlines encourage employees to report issues without fear of reprisal , fostering a culture where safety is the ultimate priority . This prevents honest mistakes from turning into a larger issue .
Similarly , cybersecurity needs an open dialogue about breaches , such as how they occurred , what was exploited and how to prevent recurrence . This cultural shift doesn ’ t need to be brand new . We can learn from other fields and change our mindsets .
This approach is also gaining traction thanks to new regulations like the NIS2 and DORA directives , which require incident reporting within 24 hours of detection , but also require organisations to collaborate and share incident data . These rules not only enforce accountability but also encourage organisations to share insights . A collaborative ecosystem , where knowledge is exchanged freely , will empower businesses to outmanoeuvre cybercriminals and build a more secure digital future .
The assumed breach mindset
For too long , organisations have focused primarily on preventing breaches , often at the expense of preparedness when the worst inevitably happens . Cybersecurity has typically been an art of ladders and fences , but what happens when the assailants vault over the battlements or blast through the portcullis ? To properly prepare for cybersecurity incidents in 2025 , assume your organisation will be breached .
While prevention remains essential , it ’ s no longer sufficient against sophisticated attackers who can bypass even the most robust defences . This is not being overly dramatic and pessimistic , just realistic .
By assuming that a breach will occur , organisations can balance their resources toward mitigation
The industry currently treats CISOs like referees in football . They ’ re an integral part of operations running smoothly but , when situations get tricky , they can become scapegoats and attract a lot of heat .
Richard Meeus , Director of Security Technology and Strategy EMEA at Akamai
WWW . INTELLIGENTCISO . COM 49