The AI experimentation era is ending - now it's time for action
Security professionals from SoftwareOne set out guidelines for staying safe as both businesses and threat actors step up AI deployment.
Over the past year, organisations of all sizes launched bold AI experiments and began to embed new technology across daily work processes. Unfortunately, so did the bad guys.
To understand the threats facing businesses and consumers in 2025, we spoke to two security leaders from SoftwareOne - Ravi Bindra, CISO and Martin Roskelly, Product Manager, Security - who said that companies have been looking for "instant gratification" from cost-savings and productivity boosts.
Both of SoftwareOne's security specialists agreed that we are now entering a new stage of AI evolution and deployment. Driven by the rapid growth in AI, data and cloud, the technology focus in 2025 will no longer lie in implementation and experimentation, they say, but action.
The execs predicted that business priorities will pivot as businesses focus on using tools safely and securely to deal with a "new wave" of sophisticated AI threats and cyber challenges, not to mention ever-changing regulatory standards.
Here's what Bindra and Roskelly told us about the year ahead.
A boom in quantum-enabled attacks
"Despite the benefits quantum computing will bring to businesses in 2025, it will also enable a wave of new attack vectors," Bindra argues. "Current cryptography methodology will inevitably be 'debunked' as quantum becomes available at scale and quantum-capable threats will start to rise as the technology becomes more accessible.
"We are already seeing evidence of nation-states and threat actors adopting 'store it now, crack it later' strategies, gathering sensitive encrypted data passed across the internet to be decrypted once quantum technology becomes viable in the next five to ten years.
"So, although quantum computing sounds like a problem for the future, it needs to be a security concern now. As such, organisations must make data ‘quantum-resistant’ and cloud providers have a big role to play here. Over the next one to two years cloud providers must begin offering post-quantum services to customers in high-security industries, future-proofing data today that will be difficult to crack in five years’ time.
"Organisations will need flexible, crypto-agile infrastructure for a system to adapt its mechanisms and algorithms in line with technology advancement as new post-quantum algorithms and protocols emerge. However, cloud organisations can’t help to protect industries alone. To combat the rise in actors using quantum computing to pose a threat themselves, we need to see greater collaboration between different industries across cloud and cyber as well as the involvement of government to share knowledge and deal with threats efficiently."
Fighting AI with AI
"The financial and reputational costs of a breach, attack or cyber incident can be enormous," Bindra warns. "Worldwide, cybercrime cost companies an estimated $8 trillion in 2023, a staggering number that is expected to rise to nearly $24 trillion by 2027. To prevent cyber threats, AI technology can have a significant impact in improving cyber security practices. From advanced threat detection and minimising human error to automated incident response, the return on investment for businesses looking to bolster their security efforts and ward off malicious activity using AI is undeniable.
"Threat actors are increasingly leveraging AI to cause harm on businesses. In fact, Gartner predicts that by 2028, 25% of enterprise breaches will be traced back to AI agent abuse from both external and malicious internal actors. To keep pace with sophisticated AI threats, businesses must fight fire with fire and arm their defences with AI tools to protect against malicious attacks. AI does this by using advanced algorithms which detect, predict and tackle threats in real time at much greater speed than traditional methods.
"As attacks on enterprises continue to grow in prevalence and sophistication, investing in AI to improve security processes, operations and defence will always be a worthy investment."
Minimising cyber risk via upskilling
"If 2023 was a year companies started to experiment with AI in earnest and 2024 the year it became embedded in the workplace, 2025 will be a year defined by using and implementing AI at speed but doing so safely and securely," Roskelly states.
"In addition, Agentic AI, a type of AI that is capable of autonomous action with little to no human involvement, is on the horizon and change seems set to remain a constant. This can only mean businesses need an approach that ensures digital transformation advances their goals securely. Data and infrastructure security can be both an enabler or a blocker, leaving companies exposed to real-world risk.
"Any approach must be underpinned by a business's biggest frontline defence tool: its people. To date, the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols for businesses to rollout. We’ve seen workers flock to unapproved GenAI tools in droves as a way to boost productivity. But in the process employees have, sometimes inadvertently, been feeding in sensitive corporate data including legal documentation, HR and privacy related data, having left IT and Security teams with a growing problem over which they have no direct control.
"With employees experimenting with AI, secure AI integration demands a structured approach that encompasses security protocols baked into all processes and clear direction on accepted AI use. To achieve this, companies need full oversight of AI use cases and an effective training plan, so employees understand their key role in keeping organisational data secure.
"In addition, companies need to make communications clear, simple, creative - in short, personalised. This needs to be updated often to ensure that employers and employees get the most from this emerging technology in the safest and most secure way. There is no one-size fits all approach and every business is different, but if businesses are to navigate digital transformation successfully, we need to have everyone on board for the journey."
Evolution of the CISO
"The role of the Chief Information Security Officer (CISO) has been rewritten in the past years," Binda states. "CISOs once worked in a siloed fashion without a seat at the boardroom table. Today, however, they are the bridge between the C-Suite and the entire company, charged with delivering cybersecurity resilience.
"In 2025, CISOS can expect their role and responsibilities to keep expanding as enterprise risks grow in both numbers and complexity. Next year, cybercrime is expected to cost $10.5 trillion a year globally, a staggering figure which explains why the CISO’s role has shifted from tactical to strategic with a need to firmly align cybersecurity solutions with business goals.
"Furthermore, with Gartner forecasts showing that by 2026, over 50% of C-Suite executives will have cyber risk performance requirements included in their contracts, it’s clear that the CISO’s role will shift again to accommodate new levels of collaboration to ensure accurate business wide reporting. In addition to hands-on security duties, regulatory changes such as those from the Securities and Exchange Commission in the US and others globally will occupy even more of the CISO’s time.
"Balancing daily security operational demands with heftier reporting requirements will be an added burden, meaning CISOs will need to think strategically in order to collaborate effectively with business leaders; while ensuring they have invested in the best detection and response capabilities to keep pace with threats. 2025 will see CISOs work even more strategically, to ensure their time, investments and effort are keeping pace with endless developments."
Have you got a story to share? Get in touch and let us know.
