Hackuity on cyber security challenges & trends for 2025

Pierre Samson, Co-Founder and Chief Revenue Officer of Hackuity, has shared his insights and predictions on the challenges and trends that organisations are likely to face in 2025 regarding cyber security.

Samson highlights that balancing the cost of cyber security compliance will be crucial in the coming year. "Hitting the big cyber security compliance deadlines – NIS2 and DORA - was top of the agenda for many organisations in 2024 (and still will be in 2025). This meant devoting significant budgets where it was most needed to meet the requirements." He cautions that the major challenge will be balancing cybersecurity spending by meeting compliance requirements and addressing the more critical security gaps for individual organisations. "Compliance demands, whilst absolutely necessary, shouldn't distract security leaders from focussing on these more strategic issues," he added.

There has been a backlog of vulnerabilities awaiting analysis by the National Institute of Standards and Technology (NIST) in 2024, which presented significant challenges for organisations reliant on the National Vulnerability Database (NVD). "NIST has pledged to address the resource and processing issues to get this back on track," Samson noted. He suggests that alternative intelligence sources are necessary to prevent organisations from missing vulnerabilities that could be most damaging to their environment. "Risk scores only give part of the picture: organisations need context around the data to make real sense of CVEs," he explained.

Cloud computing trends have also been at a crossroads, prompting a rethink of current IT strategies. "Cloud computing costs have risen over the past year and we're seeing more companies moving away from cloud-only environments and back to on-premises or hybrid networks," Samson observed. As this shift occurs, Chief Information Security Officers (CISOs) will face new security challenges with evolving attack surfaces. "No matter which route they decide to take, from hybrid, multi-cloud or on-premises, they will need full visibility of their estate and to prioritise identifying and managing vulnerabilities to secure these more complex environments," he stated.

The job market in the cyber security sector is also undergoing changes amid a global skills shortage. Samson mentioned that there is an emerging shift in the job market. "We're seeing signs of the balance shifting and job seekers in an increasingly uncertain job market," he said. Samson predicts that companies may opt for temporary or freelance employees due to cuts in spending and the drive for efficiency. Moreover, the integration of AI and automation in the industry may alter workforce dynamics, although high demand for skilled oversight will persist, particularly for senior level and specialised roles.

Samson emphasised the importance of providing solutions that offer immediate assistance to organisations amid the complex cyber security landscape. "The cyber security market is complex and it's our role as vendors to make sure we're providing solutions which are straightforward and bring immediate pain relief to our customers," he stated. He noted that it is essential to work with Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to deliver foundational cyber security solutions.

In addition, there is a noticeable trend towards diversification in selecting cyber security vendors, with a shift towards European providers. "We're seeing a move towards diversification and that organisations are willing to look beyond the tech giants. Geography can also play a part here as decision makers realise the upsides of working with vendors that are based in Europe and which can align closely with their security, privacy and regulatory requirements," Samson concluded.