Ecosystm research shows that cybersecurity is the most discussed technology at the Board and Management level, driven by the increasing sophistication of cyber threats and the rapid adoption of AI. While AI enhances security, it also introduces new vulnerabilities. As organisations face an evolving threat landscape, they are adopting a more holistic approach to cybersecurity, covering prevention, detection, response, and recovery.
In 2025, cybersecurity leaders will continue to navigate a complex mix of technological advancements, regulatory pressures, and changing business needs. To stay ahead, organisations will prioritise robust security solutions, skilled professionals, and strategic partnerships.
Ecosystm analysts Darian Bird, Sash Mukherjee, and Simona Dimovski present the key cybersecurity trends for 2025.
Click here to download ‘Securing the AI Frontier: Top 5 Cyber Trends for 2025’ as a PDF
1. Cybersecurity Will Be a Critical Differentiator in Corporate Strategy
The convergence of geopolitical instability, cyber weaponisation, and an interconnected digital economy will make cybersecurity a cornerstone of corporate strategy. State-sponsored cyberattacks targeting critical infrastructure, supply chains, and sensitive data have turned cyber warfare into an operational reality, forcing businesses to prioritise security.
Regulatory pressures are driving this shift, mandating breach reporting, data sovereignty, and significant penalties, while international cybersecurity norms compel companies to align with evolving standards to remain competitive.
The stakes are high. Stakeholders now see cybersecurity as a proxy for trust and resilience, scrutinising both internal measures and ecosystem vulnerabilities.
2. Zero Trust Architectures Will Anchor AI-Driven Environments
The future of cybersecurity lies in never trusting, always verifying – especially where AI is involved.
In 2025, the rise of AI-driven systems will make Zero Trust architectures vital for cybersecurity. Unlike traditional networks with implicit trust, AI environments demand stricter scrutiny due to their reliance on sensitive data, autonomous decisions, and interconnected systems. The growing threat of adversarial attacks – data poisoning, model inversion, and algorithmic manipulation – highlights the urgency of continuous verification.
Global forces are driving this shift. Regulatory mandates like the EU’s DORA, the US Cybersecurity Executive Order, and the NIST Zero Trust framework call for robust safeguards for critical systems. These measures align with the growing reliance on AI in high-stakes sectors like Finance, Healthcare, and National Security.
3. Organisations Will Proactively Focus on AI Governance & Data Privacy
Organisations are caught between excitement and uncertainty regarding AI. While the benefits are immense, businesses struggle with the complexities of governing AI. The EU AI Act looms large, pushing global organisations to brace for stricter regulations, while a rise in shadow IT sees business units bypassing traditional IT to deploy AI independently.
In this environment of regulatory ambiguity and organisational flux, CISOs and CIOs will prioritise data privacy and governance, proactively securing organisations with strong data frameworks and advanced security solutions to stay ahead of emerging regulations.
Recognising that AI will be multi-modal, multi-vendor, and hybrid, organisations will invest in model orchestration and integration platforms to simplify management and ensure smoother compliance.
4. Network & Security Stacks Will Streamline Through Converged Platforms
This shift stems from the need for unified management, cost efficiency, and the recognition that standardisation enhances security posture.
Tech providers are racing to deliver comprehensive network and security platforms.
Recent M&A moves by HPE (Juniper), Palo Alto Networks (QRadar SaaS), Fortinet (Lacework), and LogRhythm (Exabeam) highlight this trend. Rising player Cato Networks is capitalising on mid-market demand for single-provider solutions, with many customers planning to consolidate vendors in their favour. Meanwhile, telecoms are expanding their SASE offerings to support organisations adapting to remote work and growing cloud adoption.
5. AI Will Be Widely Used to Combat AI-Powered Threats in Real-time
By 2025, the rise of AI-powered cyber threats will demand equally advanced AI-driven defences.
Threat actors are using AI to launch adaptive attacks like deepfake fraud, automated phishing, and adversarial machine learning, operating at a speed and scale beyond traditional defences.
Real-time AI solutions will be essential for detection and response.
Nation-state-backed advanced persistent threat (APT) groups and GenAI misuse are intensifying these challenges, exploiting vulnerabilities in critical infrastructure and supply chains. Mandatory reporting and threat intelligence sharing will strengthen AI defences, enabling real-time adaptation to emerging threats.
2024 was a year marked by intense AI-driven innovation. While the hype surrounding AI may have reached a fever pitch, the technology’s transformative potential is undeniable.
The growing interest in AI can be attributed to several factors: the democratisation of AI, with tools and platforms now accessible to businesses of all sizes; AI’s appeal to business leaders, offering actionable insights and process automation; and aggressive marketing by major tech companies, which has amplified the excitement and hype surrounding AI.
2025 will be a year defined by AI, with its transformative impact rippling across industries. However, other geopolitical and social factors will also significantly shape the tech landscape.
Ecosystm analysts Achim Granzen, Alan Hesketh, Audrey William, Clay Miller, Darian Bird, Manish Goenka, Richard Wilkins, Sash Mukherjee, Simona Dimovski, and Tim Sheedy present the key trends and disruptors shaping the tech market in 2025.
Click here to download ‘Key Tech Trends & Disruptors in 2025’ as a PDF
1. Quantum Computing Will Drive Major Transformation in the Tech Industry
Advancements in qubit technology, quantum error correction, and hybrid quantum-classical systems will accelerate breakthroughs in complex problem-solving and machine learning. Quantum communications will revolutionise data security with quantum key distribution, providing nearly unbreakable communication channels. As quantum encryption becomes more widespread, it will replace current cryptographic methods, protecting sensitive data from future quantum-enabled attacks.
With quantum computing threatening encryption standards like RSA and ECC, post-quantum encryption will be critical for data security.
While the full impact of quantum computers is expected within the next few years, 2025 will be pivotal in the transition toward quantum-resistant security measures and infrastructure.
2. Many Will Try, But Few Will Succeed as Platform Companies
Hypergrowth occurs when companies shift from selling products to becoming platform providers. Unlike traditional businesses, platforms don’t own inventory; their value lies in proprietary data and software that connect buyers, sellers, and consumers. Platforms disrupt industries and often outperform legacy businesses, with examples like Uber, Amazon, and Meta, and disruptors like Lemonade in insurance and Wise in international funds transfer.
In 2025, many companies will aim to become platform businesses, with AI seen as a key driver.
They will begin creating platforms and building ecosystems around them – some within existing brands, others launching new ones or even new subsidiaries to seize this opportunity.
3. A Trans-Atlantic Divide Will Emerge in AI Regulation
The EU is poised to continue its rigorous approach to AI regulation, emphasisng ethical considerations and robust governance. This is evident in the recent AI Act, which imposes stringent guidelines and penalties for violations. The EU’s commitment to responsible AI development is likely to lead to a more cautious and controlled innovation landscape.
In contrast, the US, under a new administration, may adopt a more lenient regulatory stance towards AI. This shift could accelerate innovation and foster a more permissive environment for AI development. However, it may also raise concerns about potential risks and unintended consequences.
This divergence in regulatory frameworks could create significant challenges for multinational companies operating in both regions.
4. The Rise of AI-Driven Ecosystem Platforms Will Shape Tech Investments
By 2025, AI-driven ecosystem platforms will dominate tech investments, fueled by technological convergence, market efficiency demands, and evolving regulations. These platforms will integrate AI, IoT, cloud, and data analytics to create seamless, predictive ecosystems that transcend traditional industry boundaries.
Key drivers include advancements in AI, global supply chain disruptions, and rising ESG expectations. Regulatory shifts, such as the EU’s AI Act, will further push for compliant, ethical platforms emphasising transparency and accountability.
For businesses, this shift redefines technology as interconnected ecosystems driving efficiency, innovation, and customer value.
5. AI-Powered Data Fabrics Will be the Foundation for Data-Driven Success
In 2025, AI-powered data fabrics will become a core technology for large organisations.
They will transition from basic data management tools to intelligent systems that deliver value across the entire data lifecycle. Organisations will finally be able to get control of their data governance.
AI’s enhanced role will automate essential data functions, including intelligent data integration and autonomous connection to diverse data sources. AI will also enable proactive data quality management, predicting and preventing errors for improved reliability. AI-driven data fabrics will also offer automated data discovery and mapping, dynamic data quality and governance, intelligent data integration, and enhanced data access and delivery.
6. Focus Will Shift From AI Models to Intelligence Gaps & Performance
While many organisations are investing in AI, only those that started their transformation in 2024 are truly AI-led. Most have become AI-driven through embedded AI in enterprise systems as tech providers continue to evolve their offerings. However, these multi-vendor environments often lack synergy, creating gaps and blind spots.
In 2025, organisations will pause their investments to assess AI capabilities and identify these gaps.
Once they pinpoint the blind spots, investments will refocus not on new AI models, but on areas like model orchestration to manage workflows and ensure peak performance; vendor management to establish unified governance frameworks for flexibility and compliance; and eventually automated AI lifecycle management, with centralised inventories and monitoring to track performance and detect issues like model drift.
7. Specialised Small Language Models Will Gain Traction
GenAI, driven by LLMs, has dominated the spotlight, fueling both excitement and concerns about AI. However, LLM-based GenAI is entering a phase of diminishing returns, both in terms of individual model capabilities and the number of available models. Only a few providers will have the resources to develop LLMs, focusing on a limited number of models.
This will see the increased popularity of small language models (SLMs), that are tailored for a specific purpose, use case, or environment. These models will be developed by startups, organisations, and enterprises with deep domain knowledge and data. They will be fully commercialised driving narrow but distinct ROI.
There will be an increased demand for GPU-as-a-service and SLM-as-a-service, and the platforms which can support these.
8. Multi-agent AI Systems Will Help Manage Complexity and Collaboration
Isolated AI tools that can perform narrow tasks lack the adaptability and coordination required for real-time decision-making. Multi-agent systems, in contrast, consist of decentralised agents that collaborate, share information, and make independent decisions while working toward a common goal. This approach not only improves efficiency but also enhances resilience in rapidly changing conditions.
Early use cases will be in complex environments that require cooperation between multiple stakeholders.
Multi-agent systems will optimise logistics by continuously analysing disruptions and dynamically balancing supply and demand in energy grids. These multi-agent systems will also operate in competitive modes, such as algorithmic trading, ad auctions, and ecommerce recommender systems.
9. Super Apps Will Expand into Rural & Underserved Markets in Asia Pacific
Super apps are set to reshape rural economies, fueled by increased internet access, affordable tech, and heavy government investment in digital infrastructure. Their localised, all-in-one services unlock untapped potential in underserved regions, fostering inclusivity and innovation.
By 2025, super apps will deepen their reach across Asia, integrating communication, payments, and logistics into seamless platforms.
Leveraging affordable mobile devices, cloud-native technologies, and localised services, they will penetrate rural and underserved areas with tailored solutions like agricultural marketplaces, local logistics, and expanded government services. Enterprises investing in agile cloud infrastructure will drive this evolution, bridging the digital divide, boosting economic growth, and enhancing user experiences for millions.
10. Intense Debates Over Remote vs. In-Office Work Will Persist in Asia Pacific
Employers in Asia Pacific will enforce stricter return-to-office policies, linking them to performance metrics and benefits to justify investments in physical spaces and enhance workforce productivity.
However, remote collaboration will remain integral, even for in-office teams.
The push for human-centred tech will grow, focusing on employee well-being and flexibility through AI-powered tools and hybrid platforms. Companies will prioritise enhancing employee experiences with personalised, adaptable workspaces, while office designs will increasingly incorporate biophilic elements, blending nature and technology to support seamless collaboration and remote integration.
The White House has mandated federal agencies to conduct risk assessments on AI tools and appoint officers, including Chief Artificial Intelligence Officers (CAIOs), for oversight. This directive, led by the Office of Management and Budget (OMB), aims to modernise government AI adoption and promote responsible use. Agencies must integrate AI oversight into their core functions, ensuring safety, security, and ethical use. CAIOs will be tasked with assessing AI’s impact on civil rights and market competition. Agencies have until December 1, 2024, to address non-compliant AI uses, emphasising swift implementation.
How will this impact global AI adoption? Ecosystm analysts share their views.
Click here to download ‘Ensuring Ethical AI: US Federal Agencies’ New Mandate’ as a PDF.
The Larger Impact: Setting a Global Benchmark
This sets a potential global benchmark for AI governance, with the U.S. leading the way in responsible AI use, inspiring other nations to follow suit. The emphasis on transparency and accountability could boost public trust in AI applications worldwide.
The appointment of CAIOs across U.S. federal agencies marks a significant shift towards ethical AI development and application. Through mandated risk management practices, such as independent evaluations and real-world testing, the government recognises AI’s profound impact on rights, safety, and societal norms.
This isn’t merely a regulatory action; it’s a foundational shift towards embedding ethical and responsible AI at the heart of government operations. The balance struck between fostering innovation and ensuring public safety and rights protection is particularly noteworthy.
This initiative reflects a deep understanding of AI’s dual-edged nature – the potential to significantly benefit society, countered by its risks.
The Larger Impact: Blueprint for Risk Management
In what is likely a world first, AI brings together technology, legal, and policy leaders in a concerted effort to put guardrails around a new technology before a major disaster materialises. These efforts span from technology firms providing a form of legal assurance for use of their products (for example Microsoft’s Customer Copyright Commitment) to parliaments ratifying AI regulatory laws (such as the EU AI Act) to the current directive of installing AI accountability in US federal agencies just in the past few months.
It is universally accepted that AI needs risk management to be responsible and acceptable – installing an accountable C-suite role is another major step of AI risk mitigation.
This is an interesting move for three reasons:
- The balance of innovation versus governance and risk management.
- Accountability mandates for each agency’s use of AI in a public and transparent manner.
- Transparency mandates regarding AI use cases and technologies, including those that may impact safety or rights.
Impact on the Private Sector: Greater Accountability
AI Governance is one of the rare occasions where government action moves faster than private sector. While the immediate pressure is now on US federal agencies (and there are 438 of them) to identify and appoint CAIOs, the announcement sends a clear signal to the private sector.
Following hot on the heels of recent AI legislation steps, it puts AI governance straight into the Boardroom. The air is getting very thin for enterprises still in denial that AI governance has advanced to strategic importance. And unlike the CFC ban in the Eighties (the Montreal protocol likely set the record for concerted global action) this time the technology providers are fully onboard.
There’s no excuse for delaying the acceleration of AI governance and establishing accountability for AI within organisations.
Impact on Tech Providers: More Engagement Opportunities
Technology vendors are poised to benefit from the medium to long-term acceleration of AI investment, especially those based in the U.S., given government agencies’ preferences for local sourcing.
In the short term, our advice to technology vendors and service partners is to actively engage with CAIOs in client agencies to identify existing AI usage in their tools and platforms, as well as algorithms implemented by consultants and service partners.
Once AI guardrails are established within agencies, tech providers and service partners can expedite investments by determining which of their platforms, tools, or capabilities comply with specific guardrails and which do not.
Impact on SE Asia: Promoting a Digital Innovation Hub
By 2030, Southeast Asia is poised to emerge as the world’s fourth-largest economy – much of that growth will be propelled by the adoption of AI and other emerging technologies.
The projected economic growth presents both challenges and opportunities, emphasizing the urgency for regional nations to enhance their AI governance frameworks and stay competitive with international standards. This initiative highlights the critical role of AI integration for private sector businesses in Southeast Asia, urging organizations to proactively address AI’s regulatory and ethical complexities. Furthermore, it has the potential to stimulate cross-border collaborations in AI governance and innovation, bridging the U.S., Southeast Asian nations, and the private sector.
It underscores the global interconnectedness of AI policy and its impact on regional economies and business practices.
By leading with a strategic approach to AI, the U.S. sets an example for Southeast Asia and the global business community to reevaluate their AI strategies, fostering a more unified and responsible global AI ecosystem.
The Risks
U.S. government agencies face the challenge of sourcing experts in technology, legal frameworks, risk management, privacy regulations, civil rights, and security, while also identifying ongoing AI initiatives. Establishing a unified definition of AI and cataloguing processes involving ML, algorithms, or GenAI is essential, given AI’s integral role in organisational processes over the past two decades.
However, there’s a risk that focusing on AI governance may hinder adoption.
The role should prioritise establishing AI guardrails to expedite compliant initiatives while flagging those needing oversight. While these guardrails will facilitate “safe AI” investments, the documentation process could potentially delay progress.
The initiative also echoes a 20th-century mindset for a 21st-century dilemma. Hiring leaders and forming teams feel like a traditional approach. Today, organisations can increase productivity by considering AI and automation as initial solutions. Investing more time upfront to discover initiatives, set guardrails, and implement AI decision-making processes could significantly improve CAIO effectiveness from the outset.
In the Ecosystm Predicts: Building an Agile & Resilient Organisation: Top 5 Trends in 2024, Principal Advisor Darian Bird said, “The emergence of Generative AI combined with the maturing of deepfake technology will make it possible for malicious agents to create personalised voice and video attacks.” Darian highlighted that this democratisation of phishing, facilitated by professional-sounding prose in various languages and tones, poses a significant threat to potential victims who rely on misspellings or oddly worded appeals to detect fraud. As we see more of these attacks and social engineering attempts, it is important to improve defence mechanisms and increase awareness.
Understanding Deepfake Technology
The term Deepfake is a combination of the words ‘deep learning’ and ‘fake’. Deepfakes are AI-generated media, typically in the form of images, videos, or audio recordings. These synthetic content pieces are designed to appear genuine, often leading to the manipulation of faces and voices in a highly realistic manner. Deepfake technology has gained spotlight due to its potential for creating convincing yet fraudulent content that blurs the line of reality.
Deepfake algorithms are powered by Generative Adversarial Networks (GANs) and continuously enhance synthetic content to closely resemble real data. Through iterative training on extensive datasets, these algorithms refine features such as facial expressions and voice inflections, ensuring a seamless emulation of authentic characteristics.
Deepfakes Becoming Increasingly Convincing
Hyper-realistic deepfakes, undetectable to the human eye and ear, have become a huge threat to the financial and technology sectors. Deepfake technology has become highly convincing, blurring the line between real and fake content. One of the early examples of a successful deepfake fraud was when a UK-based energy company lost USD 243k through a deepfake audio scam in 2019, where scammers mimicked the voice of their CEO to authorise an illegal fund transfer.
Deepfakes have evolved from audio simulations to highly convincing video manipulations where faces and expressions are altered in real-time, making it hard to distinguish between real and fake content. In 2022, for instance, a deepfake video of Elon Musk was used in a crypto scam that resulted in a loss of about USD 2 million for US consumers. This year, a multinational company in Hong Kong lost over USD 25 million when an employee was tricked into sending money to fraudulent accounts after a deepfake video call by what appeared to be his colleagues.
Regulatory Responses to Deepfakes
Countries worldwide are responding to the challenges posed by deepfake technology through regulations and awareness campaigns.
- Singapore’s Online Criminal Harms Act, that will come into effect in 2024, will empower authorities to order individuals and Internet service providers to remove or block criminal content, including deepfakes used for malicious purposes.
- The UAE National Programme for Artificial Intelligence released a deepfake guide to educate the public about both harmful and beneficial applications of this technology. The guide categorises fake content into shallow and deep fakes, providing methods to detect deepfakes using AI-based tools, with a focus on promoting positive uses of advanced technologies.
- The proposed EU AI Act aims to regulate them by imposing transparency requirements on creators, mandating them to disclose when content has been artificially generated or manipulated.
- South Korea passed a law in 2020 banning the distribution of harmful deepfakes. Offenders could be sentenced to up to five years in prison or fined up to USD 43k.
- In the US, states like California and Virginia have passed laws against deepfake pornography, while federal bills like the DEEP FAKES Accountability Act aim to mandate disclosure and counter malicious use, highlighting the diverse global efforts to address the multifaceted challenges of deepfake regulation.
Detecting and Protecting Against Deepfakes
Detecting deepfake becomes increasingly challenging as technology advances. Several methods are needed – sometimes in conjunction – to be able to detect a convincing deepfake. These include visual inspection that focuses on anomalies, metadata analysis to examine clues about authenticity, forensic analysis for pattern and audio examination, and machine learning that uses algorithms trained on real and fake video datasets to classify new videos.
However, identifying deepfakes requires sophisticated technology that many organisations may not have access to. This heightens the need for robust cybersecurity measures. Deepfakes have seen an increase in convincing and successful phishing – and spear phishing – attacks and cyber leaders need to double down on cyber practices.
Defences can no longer depend on spotting these attacks. It requires a multi-pronged approach which combines cyber technologies, incidence response, and user education.
Preventing access to users. By employing anti-spoofing measures organisations can safeguard their email addresses from exploitation by fraudulent actors. Simultaneously, minimising access to readily available information, particularly on websites and social media, reduces the chance of spear-phishing attempts. This includes educating employees about the implications of sharing personal information and clear digital footprint policies. Implementing email filtering mechanisms, whether at the server or device level, helps intercept suspicious emails; and the filtering rules need to be constantly evaluated using techniques such as IP filtering and attachment analysis.
Employee awareness and reporting. There are many ways that organisations can increase awareness in employees starting from regular training sessions to attack simulations. The usefulness of these sessions is often questioned as sometimes they are merely aimed at ticking off a compliance box. Security leaders should aim to make it easier for employees to recognise these attacks by familiarising them with standard processes and implementing verification measures for important email requests. This should be strengthened by a culture of reporting without any individual blame.
Securing against malware. Malware is often distributed through these attacks, making it crucial to ensure devices are well-configured and equipped with effective endpoint defences to prevent malware installation, even if users inadvertently click on suspicious links. Specific defences may include disabling macros and limiting administrator privileges to prevent accidental malware installation. Strengthening authentication and authorisation processes is also important, with measures such as multi-factor authentication, password managers, and alternative authentication methods like biometrics or smart cards. Zero trust and least privilege policies help protect organisation data and assets.
Detection and Response. A robust security logging system is crucial, either through off-the shelf monitoring tools, managed services, or dedicated teams for monitoring. What is more important is that the monitoring capabilities are regularly updated. Additionally, having a well-defined incident response can swiftly mitigate post-incident harm post-incident. This requires clear procedures for various incident types and designated personnel for executing them, such as initiating password resets or removing malware. Organisations should ensure that users are informed about reporting procedures, considering potential communication challenges in the event of device compromise.
Conclusion
The rise of deepfakes has brought forward the need for a collaborative approach. Policymakers, technology companies, and the public must work together to address the challenges posed by deepfakes. This collaboration is crucial for making better detection technologies, establishing stronger laws, and raising awareness on media literacy.
