Cybersecurity 2025: Qualys’ Predictions for Navigating the Evolving Threat Landscape
Table of Contents
- Prediction 1: The increasing use of AI will not alter the basics of cybersecurity strategies
- Prediction 2: Securing Agentic AI will be yet another key exposure occurrence.
- Prediction 3: CISOs will double down on risk management in 2025.
- Prediction 4: The drive for consolidating security capabilities will increase, with a view to leveraging unified security platforms.
- Prediction 5: The 2025 rollout of CISAs FOCAL Plan will focus on improved asset and vulnerability management, continuous threat prioritization and integrated remediation
- Prediction 6: Nation-state cyberattacks, long-term cloud compromises, and data leakage risks will increase, making recovery from breaches harder
- The Roadmap
Cybersecurity in 2024 was a year of contrasts—marked by rising threats and groundbreaking innovations. The surge in ransomware attacks and exploitation of vulnerabilities exposed weaknesses in core systems and software, while the rapid adoption of AI tools brought both risks and opportunities to the forefront. Amidst these challenges, progress emerged. The rise of new technologies like AI and LLM security and adoption of government-designed protection standards provided a glimpse of what’s possible when we work together to make the digital world safer for everyone.
As 2025 unfolds, the need for proactive, intelligence-driven strategies has never been more urgent. Nation-state attacks, AI misuse, and cloud security risks are poised to test the resilience of even the most prepared organizations. This blog draws on key predictions from the experts at Qualys to outline the cybersecurity trends expected to define the coming year.
Listen to the Qualys experts discuss their predictions at our webinar on January 23, 2025.
Prediction 1: The increasing use of AI will not alter the basics of cybersecurity strategies
“While several enterprises are looking for the next best AI solution in an effort to fight fire with fire, I am reminded of the famous Alphonse Karr quote, “The more things change, the more they stay the same.” As such, a better question is, “What do businesses stand to lose (i.e. what is the value at risk) from AI abuse and misuse?” And what portion of this risk can be addressed with current security capabilities? For example, is securing an AI agent from threats like spoofing, tampering, information disclosure, denial of service, escalation of privileges, actually novel? Does it require new investments to stand up a dedicated “AI” security stack? Similarly, consider that AI models consist of open source and first party code deployed on-premises, in the cloud, or both. Infrastructure, software pipeline, and supply chain security practices still apply. So again, the question is, do we really need a complete security rethink?
My recommendation is that security teams proactively address these evolving threats by developing robust threat models and establishing guardrails—essentially “secure by default” solutions. Ultimately, the key challenge lies in balancing the desire for rapid digital transformation with the imperative of safeguarding enterprise assets against potential AI-related abuses.”
–Richard Seiersen, Chief Risk Tech Officer, Qualys
Prediction 2: Securing Agentic AI will be yet another key exposure occurrence.
“Agentic AI, AI that can autonomously make decisions and take actions, will become more prevalent in organizations. This will require additional privileged access. Since this is still an emerging field, security and privacy professionals will need to upgrade themselves to secure agentic AI end-to-end and ensure data is AI-ready.”
-Mayuresh Dani, Manager, Security Research for Qualys Threat Research Unit (TRU)
Prediction 3: CISOs will double down on risk management in 2025.
“CISOs will double down on risk management in 2025. Adopting this approach will allow them to operationally focus on the biggest risks to their business while quantifying the financial implications. This will allow them to justify investments in the right controls and offset the residual risks with appropriate insurance premiums.
Additionally, the digital acceleration in every business is driving requirements for a more dynamic skills mix. Cloud security operations will continue to be a huge focus in the coming year to support this drive. Recruiting from adjacent departments to fill gaps will be a major focus to reduce the skills gaps seen in 2024.”
–Matt Middleton-Leal, Managing Director, EMEA North, Qualys
Prediction 4: The drive for consolidating security capabilities will increase, with a view to leveraging unified security platforms.
“Consolidation of security capabilities has been on the agenda of many organizations for a while, and this will only continue to increase in 2025. And now, organizations are increasingly moving towards a unified platform approach that can provide both a centralized view of risk across the organization, and mechanisms to remediate that risk when found. This has primarily been driven by a need to reduce complexity, increase operational efficiency, enhance detection and response capabilities, and reduce overall cost.
A unified platform is not a single solution that does everything but is one that provides a strong set of core capabilities, with a well-integrated partner ecosystem of additional capabilities that provide additional context. A well-integrated security platform that allows organizations to discover, prioritize and remediate critical business risk will serve to eliminate the challenges of complexity, inefficiency and increasing cost of ownership, while allowing businesses to focus on what matters most to them.”
–Richard Sorosina, CTSO and VP Solution Architecture EMEA & APAC, Qualys
Prediction 5: The 2025 rollout of CISA’s FOCAL Plan will focus on improved asset and vulnerability management, continuous threat prioritization and integrated remediation
“The 2025 rollout of CISA’s FOCAL Plan will emphasize improved asset management and vulnerability lifecycle management. Federal agencies will aim to adopt solutions that continuously identify assets and vulnerabilities, correlate asset contexts, and accurately prioritize risks using threat intelligence. Integrated patch remediation will be crucial in reducing both Mean Time to Detection (MTTD) and Mean Time to Remediation (MTTR), thereby enhancing overall cybersecurity resilience.”
-Jonathan Trull, Chief Information Security Officer, Qualys
Prediction 6: Nation-state cyberattacks, long-term cloud compromises, and data leakage risks will increase, making recovery from breaches harder
“Nation-state attacks and cloud-based compromises with extremely long dwell times will continue to emerge at an increasing rate with large scale impact as security catches up with post-Covid and digital transformation efforts from the last few years, where adversaries are increasingly able to maintain ‘stealth for survival’.
Beyond that, complex DevSecOps, API, and integrated cloud solutions will emerge as one of the leading threats as an attack vector for significant impact. We’re also going to see more accidental disclosure and insider threat risks for exfiltration, and challenges with preventing data leakage, due to how companies are still adopting technology without adequate security controls and architecture in place.
Recovery from incident and breach will become increasingly difficult and take longer for organizations as adversaries become efficient at destroying backups and other resiliency measures that are in place, in an attempt to improve extortion payouts.”
-Ken Dunham, Director, Cyber Threat for Qualys TRU
The Roadmap
In 2025, cybersecurity stands at the intersection of escalating threats and transformative technologies. The insights shared by our cybersecurity experts highlight a pivotal truth: the foundation of effective security lies in balancing innovation with robust risk management practices.
Register for the webinar on January 23, 2025, to hear two of our experts—CISO Jonathan Trull and CRTO Rich Seiersen—discuss their top cybersecurity predictions for the year.
