Unstructured Data, Tactical AI, Burnout Avoidance: Gartner’s Top 6 Cybersecurity Trends

1. Shifting security focus to unstructured data

Because generative AI is transforming data security programs, the focus on protections will shift from structured datasets to unstructured data such as text, images, and videos. It’s a change that has significant implications on large language model training, data deployment, and inference processes, said Michaels.

“Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programs.”

2. Building an enterprise-wide strategy for machine identities and access

Several digital transformation tools, including generative AI, cloud technology, and automation, have required increased use of machine accounts and security credentials to protect devices and software. However, if left unchecked, these machine identities can leave companies vulnerable. As a result, companies will need to enact enterprise-wide strategies for machine identity and access management. 

A Gartner survey of 335 machine identity and access management (IAM) leaders globally from 2024 found that IAM teams are only currently responsible for 44% of an organization’s machine identities.

Also read: Tips & Strategies for Fortifying CPG IT Systems

3. Focusing on tactical use cases for AI adoption

While casting a wide net was the approach for many companies when it came to AI, 2025 will likely see a reprioritization of investments with a focus on more tactical use cases with direct, measurable impacts. Gartner said the strategy will look at aligning AI practices and tools with existing metrics to enhance the visibility of value.

“SRM leaders now have clear responsibilities to secure third-party AI consumption, protect enterprise AI applications, and improve cybersecurity with AI,” said Michaels. “By focusing on more tactical, demonstrably beneficial improvements, they can minimize the risks for their cybersecurity programs and can more easily demonstrate progress.”

4. Consolidating security tools to enhance “data portability”

In the threat landscape, it’s typically a game of “too little” or “too much.” Large enterprises, according to a Gartner survey, on average used 45 cybersecurity tools in 2024. With an abundance of vendors out there (over 3,000), it can overcomplicate processes. Instead, the company recommends achieving balance with security architects, security engineers, and other stakeholders to work off a consolidated approach that enhances the portability of data.

5. Embedding security into the organization’s culture

Both good and bad human behavior are key components of cybersecurity, said Gartner, and thus a culture- and behavior-based approach to cybersecurity is critical. It’s what often drives strategies that combine technology with an integrated platform-based architecture, such as with GenAI which is leading to 40% fewer employee-driven cybersecurity incidents by 2026.

Also read: Hershey’s CTO Details IT Transformation Roadmap

6. Implementing burnout-avoidance strategies

It’s no surprise that the cybersecurity space is often at risk for employee burnout, particularly as companies face labor shortages while being challenged with the growing complexity in regulatory and business landscapes. 

“Cybersecurity burnout and its organizational impact must be recognized and addressed to ensure cybersecurity program effectiveness,” said Michaels. “The most effective SRM leaders are not only prioritizing their own stress management, they are investing in teamwide wellbeing initiatives that demonstrably improve personal resilience.”