Thesis: The CISO in 2025 will continue to deal with the central issues of 2024 in 2025. Will there be something new in 2025?
In my January 2024 post on the CISO, I tried to make a prediction about the role of the CISO in 2024. I am convinced that the trend of the role will continue in 2025, see:
What else is happening?
AI will continue to be a strong driver of improvements and risks, but the focus will be on its productive integration and application.
In addition, the environment is critical, as politicians will be busy with the new government in the USA and Germany. The situation of the EU and the war in Ukraine and the Middle East, the refugee issues, etc. will still require attention. And unresolved legacy issues (see NIS2), clean-ups (e.g. LkSG) and the introduction of the rules that have already been adopted (DORA, CRA, Machinery Ordinance, Product Liability) will tie up capacities.
Cybercrime will continue to exist at a high level, and Bitkom will again report high losses of over €200 billion in 2025. Whereby politicians have to put up with the question of whether they have done their own homework (NIS2, more security for the public sector from municipalities to the federal government) and really have done everything against Russia, North Korea, China and the other actors.
And it is pitiful that gaps have been left in the regulation of payment transactions. The advent of modern means of payment such as Bitcoin and other cryptocurrencies has so far contributed to ransomware attacks. Because Bitcoin is the clearly preferred means of payment in ransomware cases! If "follow the money" is made more difficult, this will bring advantages above all to unscrupulous circles such as cybercrime and tax evaders. Or who else benefits from these means of payment? The simple and irreproachable citizen and his small amount of savings?
It is high time that increasing regulation and improved tracing methods reduce these advantages for criminals. It is to be expected that ransomware gangs are already looking for alternative forms of payment that will help them cover their tracks. Faster and better action must be taken here.
The international process for more data protection and information security will continue in the light of hyperscalers in the cloud, market-dominating companies such as META, Microsoft, Google, etc. with more awareness in other countries and with a view to the EU's pioneering role. The NIS2 will have an indirect impact, and other countries are also working on the same solutions (UK: The Cyber Security and Resilience Bill). The AI Act will also prevail at the international level.
Furthermore, the market situation of many companies is not rosy, austerity measures, layoffs, insolvencies have to be processed. And there are plenty of startups that have to readjust themselves financially and in terms of content. The necessary increase in the budget for security quickly fades into the background. Security, on the other hand, is not "negotiable" because it is part of the technical and organizational basis for survival and operation.
The labour market is Janus-faced, on the one hand skilled workers are sought after (hand on heart, is that really the case or an excuse for "doing nothing"), but elsewhere they are being cut back or have to be qualified through educational offers. It will take some time for this to shake down. Here, too, AI will be a help.
On the positive side, there is a lot of capital available looking for investment opportunities. The US capital market is dominant here, and initiatives in the EU and Germany must be promoted.
And in conclusion, it has never been boring, there have always been incidents, risks, crises, changes of government, technological leaps, there has always been a dynamic and it has often been time-consuming to get out of the "valleys". So the CISO will have enough to do!
Only humans are a bit strange, consciously suppresses facts, does not want to know something exactly, believes in what he wants or is suggested, lives in his bubble, simplifies or has memory gaps. Our brain has large capacities, but is often merciful and lets negative memories fade, evolution had its reasons and saves energy. So what exactly was it like with the other crises of the last 50 years, do we remember that?
Depending on the point of view, the past is glorified or seen as critical, the future pink or with dark clouds. And we often find it difficult to look into the future for 10 years, see:
But it went on and on and the next 52 weeks will also challenge us all, including the CISO! Perhaps we will see more women in the role in 2025? Time will tell.
Anyway, it will certainly remain exciting.
Comments