Cybersecurity in 2025 and beyond

Cybersecurity isn’t just about protecting business value anymore – it’s now a fundamental driver. Cyber should be integrated into organizational governance and policy creation, especially with the rise of technologies like GenAI. In 2025, I fully expect that Chief Information Security Officers (CISOs), Chief Security Officers (CSOs), Chief Privacy Officers (CPOs) and other security leaders will be even more crucial in spearheading this integration of security across their organizations.

Adnan Amjad, US Cyber Leader, Partner, Deloitte & Touche LLP

I expect the sophistication and intensity of cyber threats will continue to increase, as they have year over year. The ever-expanding tech landscape and rise of Adversarial AI, which powers more effective threats at scale, will further accentuate these challenges. Cyber AI will help to combat these trends, with the use of private Large Language Models (LLMs), more targeted Small Language Models (SLMs), and Agentic AI architectures expected to grow in their cybersecurity applications, essentially fighting fire with fire. Cyber as a Service (CaaS) enhanced by AI is expected to reach maturity, with increasing adoption by organizations looking for specialized expertise and cost-effective solutions. AI will help enhance CaaS threat detection, response, predictive analytics, and operational hygiene.

Kieran Norton, US Cyber AI & Automation Leader, Principal, Deloitte & Touche LLP

Organizations should stay ahead of cyber threats using advanced security technologies such as AI-driven threat detection and Zero Trust architectures, to help protect customer data and comply with regulatory standards. Employee, contractor, and other third-party training on the latest security practices will be crucial to mitigate risks associated with human error. Additionally, implementing dynamic consent management systems will empower customers to control their data, fostering transparency and trust. By prioritizing these elements, organizations can build stronger customer relationships and help ensure long-term success in an increasingly digital world.

Sharon Chand, US Cyber Cross-Business Integrations Leader, Principal, Deloitte & Touche LLP

GenAI and other forms of automation will transform traditional identity and access management (IAM) programs, enabling organizations to realize cost efficiency and capability advancements. Additionally, IAM is enabling the secure and effective use of GenAI across the organization. IAM helps address regulatory compliance, data security and privacy, and operational efficiency through role-based access control and strong authentication. Organizations can protect sensitive information by regularly reviewing access rights, defining clear access policies, and educating users.

Anthony Berg, US Cyber Identity Leader, Principal, Deloitte & Touche LLP

Trust-By-Design is an approach to embed safety, security, compliance, and resilience early in the product development process, rather than applied as an afterthought. By anticipating threats and safeguarding data, Trust-By-Design strengthens ethical integrity, trust, and resilience, particularly for AI applications increasingly being utilized by organizations. The approach helps AI systems better address organizational compliance with regulatory standards and withstand evolving risks, while protecting sensitive information.

Vikram Kunchala, US Cyber Platforms and Solutions Leader, Principal, Deloitte & Touche LLP

CISOs are increasingly getting a seat at the broader C-suite table, with more responsibility for organizational resilience. Current approaches to resilience are outdated and insufficient for the modern enterprise, with the greatest risk being stagnation. Convergence across domains is required to facilitate well-orchestrated response and recovery from high-impact events. Start by asking exploratory questions around readiness, prevention, monitoring, and response to those holding resilience roles to get a pulse check on current resilience capabilities. The next step is to align on an integrated governance and engagement model to connect capabilities into a holistic resilience program. To mitigate contemporary risks, what’s needed is a focus on strategically designing and positioning assets and information to improve capacity to withstand and recover quickly from disruptions.

Keri Calagna, US Crisis & Resilience Leader, Principal, Deloitte & Touche LLP