Ecosystm research shows that cybersecurity is the most discussed technology at the Board and Management level, driven by the increasing sophistication of cyber threats and the rapid adoption of AI. While AI enhances security, it also introduces new vulnerabilities. As organisations face an evolving threat landscape, they are adopting a more holistic approach to cybersecurity, covering prevention, detection, response, and recovery.
In 2025, cybersecurity leaders will continue to navigate a complex mix of technological advancements, regulatory pressures, and changing business needs. To stay ahead, organisations will prioritise robust security solutions, skilled professionals, and strategic partnerships.
Ecosystm analysts Darian Bird, Sash Mukherjee, and Simona Dimovski present the key cybersecurity trends for 2025.
Click here to download ‘Securing the AI Frontier: Top 5 Cyber Trends for 2025’ as a PDF
1. Cybersecurity Will Be a Critical Differentiator in Corporate Strategy
The convergence of geopolitical instability, cyber weaponisation, and an interconnected digital economy will make cybersecurity a cornerstone of corporate strategy. State-sponsored cyberattacks targeting critical infrastructure, supply chains, and sensitive data have turned cyber warfare into an operational reality, forcing businesses to prioritise security.
Regulatory pressures are driving this shift, mandating breach reporting, data sovereignty, and significant penalties, while international cybersecurity norms compel companies to align with evolving standards to remain competitive.
The stakes are high. Stakeholders now see cybersecurity as a proxy for trust and resilience, scrutinising both internal measures and ecosystem vulnerabilities.
2. Zero Trust Architectures Will Anchor AI-Driven Environments
The future of cybersecurity lies in never trusting, always verifying – especially where AI is involved.
In 2025, the rise of AI-driven systems will make Zero Trust architectures vital for cybersecurity. Unlike traditional networks with implicit trust, AI environments demand stricter scrutiny due to their reliance on sensitive data, autonomous decisions, and interconnected systems. The growing threat of adversarial attacks – data poisoning, model inversion, and algorithmic manipulation – highlights the urgency of continuous verification.
Global forces are driving this shift. Regulatory mandates like the EU’s DORA, the US Cybersecurity Executive Order, and the NIST Zero Trust framework call for robust safeguards for critical systems. These measures align with the growing reliance on AI in high-stakes sectors like Finance, Healthcare, and National Security.
3. Organisations Will Proactively Focus on AI Governance & Data Privacy
Organisations are caught between excitement and uncertainty regarding AI. While the benefits are immense, businesses struggle with the complexities of governing AI. The EU AI Act looms large, pushing global organisations to brace for stricter regulations, while a rise in shadow IT sees business units bypassing traditional IT to deploy AI independently.
In this environment of regulatory ambiguity and organisational flux, CISOs and CIOs will prioritise data privacy and governance, proactively securing organisations with strong data frameworks and advanced security solutions to stay ahead of emerging regulations.
Recognising that AI will be multi-modal, multi-vendor, and hybrid, organisations will invest in model orchestration and integration platforms to simplify management and ensure smoother compliance.
4. Network & Security Stacks Will Streamline Through Converged Platforms
This shift stems from the need for unified management, cost efficiency, and the recognition that standardisation enhances security posture.
Tech providers are racing to deliver comprehensive network and security platforms.
Recent M&A moves by HPE (Juniper), Palo Alto Networks (QRadar SaaS), Fortinet (Lacework), and LogRhythm (Exabeam) highlight this trend. Rising player Cato Networks is capitalising on mid-market demand for single-provider solutions, with many customers planning to consolidate vendors in their favour. Meanwhile, telecoms are expanding their SASE offerings to support organisations adapting to remote work and growing cloud adoption.
5. AI Will Be Widely Used to Combat AI-Powered Threats in Real-time
By 2025, the rise of AI-powered cyber threats will demand equally advanced AI-driven defences.
Threat actors are using AI to launch adaptive attacks like deepfake fraud, automated phishing, and adversarial machine learning, operating at a speed and scale beyond traditional defences.
Real-time AI solutions will be essential for detection and response.
Nation-state-backed advanced persistent threat (APT) groups and GenAI misuse are intensifying these challenges, exploiting vulnerabilities in critical infrastructure and supply chains. Mandatory reporting and threat intelligence sharing will strengthen AI defences, enabling real-time adaptation to emerging threats.
2024 and 2025 are looking good for IT services providers – particularly in Asia Pacific. All types of providers – from IT consultants to managed services VARs and systems integrators – will benefit from a few converging events.
However, amidst increasing demand, service providers are also challenged with cost control measures imposed in organisations – and this is heightened by the challenge of finding and retaining their best people as competition for skills intensifies. Providers that service mid-market clients might find it hard to compete and grow without significant process automation to compensate for the higher employee costs.
Why Organisations are Opting for IT Service
- Organisations are seeking further cost reductions. Managed services providers will see more opportunities to take cost and complexity out of organisation’s IT functions. The focus in 2024 will be less on “managing” services and more on “transforming” them using ML, AI, and automation to reduce cost and improve value.
- Big app upgrades are back on the agenda. SAP is going above and beyond to incentivise their customers and partners to migrate their on-premises and hyperscale hosted instances to true cloud ERP. Initiatives such as Rise with SAP have been further expanded and improved to accelerate the transition. Salesforce customers are also looking to streamline their deployments while also taking advantage of the new AI and data capabilities. But many of these projects will still be complex and time-consuming.
- Cloud deployments are getting more complex. For many organisations, the simple cloud migrations are done. This is the stage of replatforming, retiring, and refactoring applications to take advantage of public and hybrid cloud capabilities. These are not simple lift and shift – or switch to SaaS – engagements.
- AI will drive a greater need for process improvement and transformation. This will happen along with associated change management and training programs. While it is still early days for GenAI, before the end of 2024, many organisations will move beyond experimentation to department or enterprise wide GenAI initiatives.
- Increasing cybersecurity and data governance demands will prolong the security skill shortage. More organisations will turn to managed security services providers and cybersecurity consultants to help them develop their strategy and response to the rising threat levels.
Choosing the Right Cost Model for IT Services
Buyers of IT services must implement strict cost-control measures and consider various approaches to align costs with business and customer outcomes, including different cost models:
Fixed-Price Contracts. These contracts set a firm price for the entire project or specific deliverables. Ideal when project scope is clear, they offer budget certainty upfront but demand detailed specifications, potentially leading to higher initial quotes due to the provider assuming more risk.
Time and Materials (T&M) Contracts with Caps. Payment is based on actual time and materials used, with negotiated caps to prevent budget overruns. Combining flexibility with cost predictability, this model offers some control over total expenses.
Performance-Based Pricing. Fees are tied to service provider performance, incentivising achievement of specific KPIs or milestones. This aligns provider interests with client goals, potentially resulting in cost savings and improved service quality.
Retainer Agreements with Scope Limits. Recurring fees are paid for ongoing services, with defined limits on work scope or hours within a given period. This arrangement ensures resource availability while containing expenses, particularly suitable for ongoing support services.
Other Strategies for Cost Efficiency and Effective Management
Technology leaders should also consider implementing some of the following strategies:
Phased Payments. Structuring payments in phases, tied to the completion of project milestones, helps manage cash flow and provides a financial incentive for the service provider to meet deadlines and deliverables. It also allows for regular financial reviews and adjustments if the project scope changes.
Cost Transparency and Itemisation. Detailed billing that itemises the costs of labour, materials, and other expenses provides transparency to verify charges, track spending against the budget, and identify areas for potential savings.
Volume Discounts and Negotiated Rates. Negotiating volume discounts or preferential rates for long-term or large-scale engagements, makes providers to offer reduced rates for a commitment to a certain volume of work or an extended contract duration.
Utilisation of Shared Services or Cloud Solutions. Opting for shared or cloud-based solutions where feasible, offers economies of scale and reduces the need for expensive, dedicated infrastructure and resources.
Regular Review and Adjustment. Conducting regular reviews of the services and expenses with the provider to ensure alignment with the budget and objectives, prepares organisations to adjust the scope, renegotiate terms, or implement cost-saving measures as needed.
Exit Strategy. Planning an exit strategy that include provisions for contract termination, transition services, protects an organisation in case the partnership needs to be dissolved.
Conclusion
Many businesses swing between insourcing and outsourcing technology capabilities – with the recent trend moving towards insourcing development and outsourcing infrastructure to the public cloud. But 2024 will see demand for all types of IT services across nearly every geography and industry. Tech services providers can bring significant value to your business – but improved management, monitoring, and governance will ensure that this value is delivered at a fair cost.
The tech industry tends to move in waves, driven by the significant, disruptive changes in technology, such as cloud and smartphones. Sometimes, it is driven by external events that bring tech buyers into sync – such as Y2K and the more recent pandemic. Some tech providers, such as SAP and Microsoft, are big enough to create their own industry waves. The two primary factors shaping the current tech landscape are AI and the consequential layoffs triggered by AI advancements.
While many of the AI startups have been around for over five years, this will be the year they emerge as legitimate solutions providers to organisations. Amidst the acceleration of AI-driven layoffs, individuals from these startups will go on to start new companies, creating the next round of startups that will add value to businesses in the future.
Tech Sourcing Strategies Need to Change
The increase in startups implies a change in the way businesses manage and source their tech solutions. Many organisations are trying to reduce tech debt, by typically consolidating the number of providers and tech platforms. However, leveraging the numerous AI capabilities may mean looking beyond current providers towards some of the many AI startups that are emerging in the region and globally.
The ripple effect of these decisions is significant. If organisations opt to enhance the complexity of their technology architecture and increase the number of vendors under management, the business case must be watertight. There will be less of the trial-and-error approach towards AI from 2023, with a heightened emphasis on clear and measurable value.
AI Startups Worth Monitoring
Here is a selection of AI startups that are already starting to make waves across Asia Pacific and the globe.
- ADVANCE.AI provides digital transformation, fraud prevention, and process automation solutions for enterprise clients. The company offers services in security and compliance, digital identity verification, and biometric solutions. They partner with over 1,000 enterprise clients across Southeast Asia and India across sectors, such as Banking, Fintech, Retail, and eCommerce.
- Megvii is a technology company based in China that specialises in AI, particularly deep learning. The company offers full-stack solutions integrating algorithms, software, hardware, and AI-empowered IoT devices. Products include facial recognition software, image recognition, and deep learning technology for applications such as consumer IoT, city IoT, and supply chain IoT.
- I’mCloud is based in South Korea and specialises in AI, big data, and cloud storage solutions. The company has become a significant player in the AI and big data industry in South Korea. They offer high-quality AI-powered chatbots, including for call centres and interactive educational services.
- H2O.ai provides an AI platform, the H2O AI Cloud, to help businesses, government entities, non-profits, and academic institutions create, deploy, monitor, and share data models or AI applications for various use cases. The platform offers automated machine learning capabilities powered by H2O-3, H2O Hydrogen Torch, and Driverless AI, and is designed to help organisations work more efficiently on their AI projects.
- Frame AI provides an AI-powered customer intelligence platform. The software analyses human interactions and uses AI to understand the driving factors of business outcomes within customer service. It aims to assist executives in making real-time decisions about the customer experience by combining data about customer interactions across various platforms, such as helpdesks, contact centres, and CRM transcripts.
- Uizard offers a rapid, AI-powered UI design tool for designing wireframes, mockups, and prototypes in minutes. The company’s mission is to democratise design and empower non-designers to build digital, interactive products. Uizard’s AI features allow users to generate UI designs from text prompts, convert hand-drawn sketches into wireframes, and transform screenshots into editable designs.
- Moveworks provides an AI platform that is designed to automate employee support. The platform helps employees to automate tasks, find information, query data, receive notifications, and create content across multiple business applications.
- Tome develops a storytelling tool designed to reduce the time required for creating slides. The company’s online platform creates or emphasises points with narration or adds interactive embeds with live data or content from anywhere on the web, 3D renderings, and prototypes.
- Jasper is an AI writing tool designed to assist in generating marketing copy, such as blog posts, product descriptions, company bios, ad copy, and social media captions. It offers features such as text and image AI generation, integration with Grammarly and other Chrome extensions, revision history, auto-save, document sharing, multi-user login, and a plagiarism checker.
- Eightfold AI provides an AI-powered Talent Intelligence Platform to help organisations recruit, retain, and grow a diverse global workforce. The platform uses AI to match the right people to the right projects, based on their skills, potential, and learning ability, enabling organisations to make informed talent decisions. They also offer solutions for diversity, equity, and inclusion (DEI), skills intelligence, and governance, among others.
- Arthur provides a centralised platform for model monitoring. The company’s platform is model and platform agnostic, and monitors machine learning models to ensure they deliver accurate, transparent, and fair results. They also offer services for explainability and bias mitigation.
- DNSFilter is a cloud-based, AI-driven content filtering and threat protection service, that can be deployed and configured within minutes, requiring no software installation.
- Spot AI specialises in building a modern AI Camera System to create safer workplaces and smarter operations for every organisation. The company’s AI Camera System combines cloud and edge computing to make video footage actionable, allowing customers to instantly surface and resolve problems. They offer intelligent video recorders, IP cameras, cloud dashboards, and advanced AI alerts to proactively deliver insights without the need to manually review video footage.
- People.ai is an AI-powered revenue intelligence platform that helps customers win more revenue by providing sales, RevOps, marketing, enablement, and customer success teams with valuable insights. The company’s platform is designed to speed up complex enterprise sales cycles by engaging the right people in the right accounts, ultimately helping teams to sell more and faster with the same headcount.
These examples highlight a few startups worth considering, but the landscape is rich with innovative options for organisations to explore. Similar to other emerging tech sectors, the AI startup market will undergo consolidation over time, and incumbent providers will continue to improve and innovate their own AI capabilities. Till then, these startups will continue to influence enterprise technology adoption and challenge established providers in the market.
