Cybersecurity and Related Trends for 2025
As we move toward 2025, five key factors will influence the cybersecurity market: budgets, security priorities, software supply chain attacks, malware defense strategies, and the adoption of AI-driven and automated solutions. The following provides further detail on these points:
IT Spending Trends: Total IT budgets are projected to increase by 10% in 2025, according to several leading IT industry analysts. This growth is driven primarily by significant investments in AI and cybersecurity. AI spending is expected to grow by 35-40%, reflecting its integration across various tools and enterprise functions. Cybersecurity spending is anticipated to rise by 15%, with security now comprising 10-20% of overall IT budgets. IT services also show a positive outlook, with an expected growth rate of 8%. In contrast, traditional areas like marketing technology (MarTech) are experiencing slower growth compared to AI-driven initiatives.
Cybersecurity Priorities: Cybersecurity remains a top priority due to increasing cyber threats, remote work, and regulatory demands. Key spending areas include identity management, SIEM log aggregation, and compliance monitoring. Rising security pricing and vendor consolidation are notable trends, favoring larger, established security vendors. AI plays a growing role in automating security functions and addressing vulnerabilities related to generative AI. However, the market faces challenges with a tight labor market for security and AI professionals, prompting increased reliance on Managed Security Service Providers (MSSPs).
Malware Will Trump Vulnerabilities: In 2025, malware is expected to take center stage in cybersecurity. While vulnerabilities remain critical, many are low-risk and unlikely to be exploited. Organizations will shift their attention to more immediate and high-impact threats posed by malware. Modern malware is highly targeted, adaptive, and capable of causing significant disruption, including software supply chain attacks, ransomware, and espionage. As attackers use advanced techniques like automation and AI to evade defenses and deploy malware at scale, organizations will need to prioritize malware detection and response over addressing an endless list of minor vulnerabilities.
Software Supply Chain Attacks: Hackers will expand their attacks on commercial software via the software supply chain. While the recent attack on XZ reinforced the need to secure open-source software, incidents involving Snowflake, Okta, 3CX, CodeCov, and Ivanti, among others, indicate the increasingly sophisticated exploitation of commercial software. These types of attacks, which gained widespread attention with the SolarWinds breach in 2020, have accelerated, impacting both software vendors and their customers. Increased scrutiny and fines from the SEC, along with new guidelines and regulations from the EU, will push companies to close software supply chain vulnerabilities.
AI and Automation Impact: AI will reshape enterprise software, IT services, and automation, creating both opportunities and challenges for traditional Robotic Process Automation (RPA) vendors. While AI agents and autonomous systems pose threats to traditional low-code/no-code platforms, they also drive productivity gains. The adoption of AI solutions in IT services, cybersecurity, and enterprise functions is robust, with firms like Microsoft (Copilot) and Workday benefiting from these trends. However, AI-related disruptions are prompting strategic shifts, such as pivoting to AI-led services and consolidating technology vendors to manage complexity more effectively.
Cybersecurity (AI-driven) Market Growth: We can anticipate a strong finish to 2024 for cybersecurity, with security budgets projected to grow by 15% in 2025 – now accounting for 10-20% of IT budgets (up from 5-7% in recent years). Pricing remains stable, with mid-single-digit year-over-year increases. AI-driven disruption and deregulation will create significant opportunities for advanced technology vendors, particularly in areas such as AI-driven bot detection and protection, AI-enhanced security, blockchain security, compliance assessments, cryptographic protection (with a focus on post-quantum readiness), fraud prevention and identity management.