Editorial

Cybersecurity and Digital Identity Trends for 2025

It’s the time of the year once again when the tech industry tries to predict what we can expect in the coming 12 months. Here, five experts weigh in on cybersecurity and digital identity trends for 2025.

Posted 23 December 2024 by Christine Horton


  1. Back To Basics –Again

“With budgets being looked at more stringently, security teams will need to put a renewed focus on getting the basics right rather than investing in shiny new tools. Fundamental security steps such as managing endpoints, immediate patching, enforcing strict access management policies and employee training may seem boring but they can be hugely effective. After all, the fanciest new technology won’t make a difference if you don’t pay attention to basic cyber hygiene measures.” – Dan Lattimer, Area VP, Semperis

2. More M&A, More Collaboration

“With everything that’s happening in the world, we can expect investment into security and identity to increase next year. But it’s a crowded market. There’s a huge amount of genuine innovation in areas like AI, but also a lot of claims that aren’t necessarily backed up by reality.

 “In 2025 we’ll continue to see consolidation, both in terms of M&A, and also closer collaboration between partners and vendors to deliver the kinds of security offers that end-users are demanding.” – James Bradley, VP partners and alliances, Okta

3. The Shortage Of Cyber People Will Not Be Resolved

“The relationship and culture between senior management and cyber is flawed. The recent research is clearly highlighting a deep rift between organisations and their Cyber team. Almost 70 percent of cyber professionals are under pressure to justify their budgets against the actual risk, but the risk of cyber-attacks keeps increasing. There needs to be a shift in how companies view cyber risk and consider it a financial risk” – Morten Mjels, managing director, Green Raven Limited

4. The Great Deepfake Hiring Heist

“Remember earlier this year when KnowBe4 fell victim to a remote deepfake hiring scam using a synthetic identity? In 2025, a far larger synthetic identity operation will infiltrate organizations worldwide. A state adversary will combine deepfakes with fabricated credentials to create entirely new, convincing employee personas, bypassing security to gain access, steal data, and cause operational chaos with significant financial losses. This sophisticated scheme will exploit remote onboarding processes, manipulate employees, and even infiltrate payroll systems to divert funds and disrupt livelihoods. This incident will cause organizations to change how they approach identity verification and cybersecurity in the age of increasingly sophisticated synthetic identities.” – Andrew Bud, Founder and CEO of iProov 

5. The EU Will Bare Its Teeth To Enforce New Cybersecurity Regulations

“The escalating complexity and frequency of cyber threats meets with increasingly stringent cyber-insurance and compliance demands from directives such as DORA, NIS2, and CRA. These directives have the ultimate aim of protecting essential and important assets and services across key segments and with particular relevance to Operational Technology (OT). 2025 will see the EU bare its teeth to enforce cybersecurity regulations to raise cyber-resilience standards, with heavy fines for those failing to comply. Many businesses are facing significant challenges in translating the complex requirements of these directives into clear action plans for compliance.” – Patrick Scholl, head of OT, Infinigate Group

6. Identity Takes ZTA Main Stage

“In 2025 identity security technologies will become more and more core focus and standard practice for organisations, as it’s the core of the zero trust architecture – know who is accessing, controlling and governing what they can access, what they have accessed and for how long will drive more and more invaluable context and insights into the “normal” behaviours of each individual (essential for spotting abnormal behaviour, which is a key sign of compromise) and ensuring that access is governed and managed effectively.” – Lance Williams, CTO, Distology

7. Preparing for the AI Monster

“Everyone keeps asking “what will happen when attackers use AI?” Obviously, they already are in the realm of social engineering, but what about something more sophisticated? The unfortunate reality is we won’t know because, most likely, it’ll look exactly like a (very fast, very efficient) human attacker. We’ll only really understand adversarial AI use when attackers are caught and their tools are confiscated and/or exposed. Right now, it’s a bogeyman, but the defenders trying to optimise for a) hygiene and resilience, and b) “mean-time-to-everything” for detection and response are doing the right things to be ready when the monster strikes.” – Dave Merkel, CEO and co-founder, Expel

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now