The safety panorama continues to evolve, as does international uncertainty, leaving CISOs to arrange for turbulence forward. Our newest report, Prime Suggestions For Your Safety Program, 2025, offers well timed steerage for safety leaders as they navigate one other precarious yr for his or her roles, packages, and organizations.
We’ve included 4 of our 12 suggestions on this weblog as a starter pack for what CISOs will cope with in 2025 and, most significantly, what they need to do about it. Our suggestions for 2025 fall into 4 predominant themes:
The altering penalties of the CISO function
Altering expertise throughout the enterprise and in cybersecurity
Ever-present but altering threats
Securing rising tech
We design our insights to assist expertise leaders, chief info officers, and chief info safety officers (CISOs) and their groups keep forward of the curve and extra successfully advocate for his or her packages.
Deal With Altering Penalties: Cowl Stakeholders, Scale back Threat
For the previous 4 years, we’ve been advising CISOs to hyperlink three teams of exterior stakeholders to their packages and budgets. Clients, cyberinsurance carriers, and regulators signify income received or misplaced, tie safety to the price of doing enterprise, and must be an integral a part of program planning in 2025 and past.
Advice: Conduct a materiality tabletop train. With the SEC’s Merchandise 1.05 of Kind 8-Ok requiring firms to reveal the fabric influence of cybersecurity incidents, it’s essential for CISOs to arrange. Conducting a materiality tabletop train with senior executives and counsel helps type an understanding of the processes and determination factors wanted to find out incident materiality. This proactive method ensures that your workforce is able to disclose incidents appropriately, avoiding civil penalties.
Deal With Altering Expertise: Make Plans For (Or In opposition to) Platformization
As instruments, applied sciences, merchandise, and providers consolidate and compete for the largest share of your safety tech stack and the market hurtles towards behemoth proactive and reactive safety platform gamers — in some circumstances, each — CISOs shouldn’t essentially match the frenetic tempo of the market with platform adoption. Not all platforms make sense on your program and group, however some could present advantages exceeding these of level options.
Advice: Scale back your SIEM invoice with knowledge pipeline administration. Information pipeline administration (DPM) instruments assist scale back knowledge ingest prices and facilitate simpler migration to new platforms. By adopting DPM instruments, safety groups can handle knowledge extra effectively, decreasing prices and bettering their total knowledge administration technique.
Deal With Altering Threats: Deal with Geopolitical Points
The present geopolitical local weather leaves CISOs with the responsibility and accountability to guard their organizations or threat turning into collateral — or direct — injury as governments posture towards each other. With commerce breakdowns fraying already fragile provide chains and nations vying for AI dominance, focus your defensive efforts to remain nimble and able to meet new calls for positioned in your program.
Advice: Put together for cryptoagility as a prerequisite for post-quantum safety. Quantum computing poses a big menace to conventional cryptography. CISOs should begin making ready for post-quantum safety by assessing the influence of quantum computing and making certain that their methods are cryptoagile. This entails discovering and prioritizing knowledge, keys, and algorithms that must be up to date to quantum-safe cryptography.
Deal With Rising Expertise: Preserve Your Eyes On The Horizon
These applied sciences must be on the radar of your rising expertise workforce and safety architects, as a result of issues will occur rapidly as soon as they arrive. Put together now for what occurs as 2025 progresses and we transfer into 2026.
Advice: Develop machine id governance. Machine identities are proliferating, and securing them is essential. CISOs ought to construct a listing of machine identities and implement a purpose-built machine id administration resolution. It will assist stop unauthorized entry and scale back the chance of information breaches.
For a deeper dive into these insights and extra, learn the complete report, Prime Suggestions For Your Safety Program, 2025, and register for our webinar on Wednesday, April 16 at 11 a.m. ET. Forrester purchasers may schedule an inquiry or steerage session to debate our suggestions and the way they apply to your group.
