As 2025 winds down, a look back from a cybersecurity standpoint reveals a clear and chilling trend of attacks getting more sophisticated, and attacks further down the chain into program libraries and repositories are on the rise. That sounds like security industry marketing boilerplate, but it is the reality enterprises face today.
There will also be further security challenges in the next year that enterprises need to be aware of. The rise of agentic AI – that is AI agents – represents a huge security issue. Identifying agents, securing them, and policing their actions is a non-trivial task. AI enthusiasts are, on one hand, saying that agentic AI is an absolute must and a game changer, while, on the other hand, outlining complicated structures and new security capabilities, including identity checks, that are necessary to use them. Agentic AI has barely taken off in production environments, and there will be more security incidents involving agentic AI. Enterprises need to consider that it is not currently known exactly how vulnerable and how much additional security is needed to keep agentic AI in check. The promised benefits seem great, but don’t mistake enthusiasm on the part of vendors to mean that security issues have been addressed.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
It’s still early days
To face the challenges of the next year, there needs to be an investment mindset. Security is often just looked at as a cost centre – but security is more like self-care, but for enterprises. Strategies that focus on taking care of people and investing in the right tools for security will produce solid, repeatable security for the enterprise.
Invest in people
One of the best enterprise cybersecurity strategies is to invest in the training and retention of cybersecurity professionals. Enterprises tend to have a ‘there are always fish in the sea’ but when it comes to cybersecurity professionals, there is clearly a shortage. Training always has risks – the employee may get a better job with the new credentials. However, providing training and keeping salaries competitive goes a long way when it comes to employee loyalty. Another good strategy is to train up within the organisation by doing cross-training or shadowing. There may be nascent interest in cybersecurity from other parts of the IT organisation – bringing up existing employees is often mutually beneficial.
Another aspect of retaining security staff is to offer a career path that isn’t simply the standard ‘move to management’ track. Many technical professionals only pursue management positions because they perceive that it is the only way to get ahead. A technical advancement track that offers more money and responsibility outside of managing others is a great way to keep seasoned people on staff and happy.
Invest in tools
Giving properly trained staff the latest tools (i.e. security software and services) is important. Cybersecurity changes rapidly, and that means that the tools are always evolving as well. Implementation of new tools to embrace AI-assisted workflows, detection, and resolution can bring the mean time to repair (MTTR) and mean time to detection (MTTD) rates down and ease the burden on staff. This means embracing the platformisation trend in security and moving to tools and workflows that use a single ‘pane of glass’ interface.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThere are costs to moving to these new tools and workflows. However, this should be considered with the same amount of seriousness that safety is considered in a factory environment. Skimping or ‘making do’ can lead to breaches – which can have a high monetary and reputational cost. Enterprises can get through rising cybersecurity risks if they can recommit to the people and the tools.
