CISOs will face growing challenges in 2025 and beyond

As artificial intelligence (AI) blurs the line between human and machine attackers, and quantum computing threatens to unravel encryption standards, the challenges facing CISOs in the coming years will be unlike anything we’ve seen before. Meanwhile, escalating geopolitical tensions are propelling us into a new era of warfare, where state-sponsored cyber attacks have become the weapon of choice for disruption, espionage, and dominance.

CISOs will need to safeguard against politically motivated cyber threats that can target critical infrastructure, intellectual property, and sensitive national data while also considering the increase of supply chain attacks and the issue of data sovereignty.

The growing complexity of global data privacy laws and the increasing reliance on cloud services will also contribute to the criticality of data sovereignty for CISOs. Countries are enforcing stricter regulations that mandate data be stored and processed within their borders, creating challenges for multinational organisations managing cross-border data flows.

So, what other pressing challenges will CISOs grapple with as we enter the latter half of the 2020s?

Breach fatigue, the desensitisation caused by the relentless volume of cyber attacks and data breaches, poses a growing challenge for CISOs. It can lead to stakeholder apathy, employee complacency, and reduced consumer trust, making it harder to prioritise critical threats and secure necessary funding. A UK government survey revealed that about half of businesses and a third of charities experienced cyber breaches or attacks in the past year. Notably, 11% of businesses faced attacks weekly or even daily. For security teams, the psychological toll of constant pressure can result in burnout and turnover, while organisations risk adopting a defeatist mindset, seeing breaches as inevitable. To combat this, CISOs must reframe cyber security as a strategic enabler, communicate effectively to maintain engagement, highlight successes, support team well-being, and leverage automation to reduce manual burdens and false positives.

AI and quantum computing additionally will present major challenges for CISOs by both increasing the complexity of cyber attacks and undermining the effectiveness of existing cyber security defences. AI enables more sophisticated and adaptive attacks, making them harder to detect and defend against, while quantum computing has the potential to break current encryption systems by solving the complex mathematical problems that protect modern cryptographic security. As AI and quantum enters the game for the bad guys because they have serious amounts of money to play with thanks to ransomware, they will ramp up their big game hunting efforts even further.

Increasing supply chain complexity and interconnection of third-party suppliers will continue to grow concern for CISOs. As seen in high-profile breaches like SolarWinds Sunburst, attackers can exploit vulnerabilities in trusted suppliers to gain access to organisations. Relating this back to geopolitical tensions, it’s possible that the nation state attack may get involved with that as well, because if you can find a soft underbelly to gain access to your target or enemy, it is far more efficient than attacking the front gate.

In addition to these core challenges, CISOs must also be prepared for the evolution of ransomware, zero-trust adoption (particularly in government and public sector with resource challenges), migration to cloud and the ongoing cyber security talent shortage. To stay ahead, CISOs will need to adopt proactive security strategies, invest in automation and advanced threat detection tools, and encourage a security-first culture across their organisations and departments.