As 2024 comes to a close, IT security and business leaders will be braced for another challenging year ahead. In the long-term, economic uncertainty and geopolitical instability seem set to continue, creating the conditions in which threat actors thrive. They will increasingly have the tools at their disposal to launch more impactful cyber-attacks in greater numbers. In the meantime, boards will want to push ahead with important digital transformation initiatives—potentially expanding their attack surfaces in the process.
At the center of it all sits corporate data: the critical driver of competitive advantage, operational efficiency and improved decision making. And the enterprise asset that most threat actors want to get their hands on. With this in mind, here are five tips to help inform data security strategy over the coming year.
It’s been a big year for new regulatory rules, and 2025 will be no different. We’ll see the compliance deadline for the EU’s Digital Operational Resilience Act (DORA) land in January, while many organizations will still be rolling out their NIS 2 plans, and tweaking their PCI DSS 4.0 strategies. The most important point to remember throughout, is that compliance should never be a one-off exercise. Plans are most effective when they follow a circular process of risk assessment, implementation, auditing and review. By focusing on data-centric security, organizations may find that they can actually reduce the cost and scope of some compliance programs.
The number of breached US organizations impacted by supply chain attacks has risen an astonishing 2,600 percentage points since 2018. Last year alone there were over 2,700 entities affected, victimizing more than 54 million individuals. As digital and traditional supply chains continue to grow in 2025, organizations need to get better at mapping their dependencies and data flows, and auditing their suppliers. By protecting what’s most important, the data itself, many potential supply chain risks can be mitigated.
AI has been the tech story of the past two years. And with the technology predicted to generate up to $23 trillion globally by 2040, ambitious enterprises will be keen to exploit new business opportunities this coming year. But the data on which value-enhancing projects are built will increasingly become a target in its own right—for outright information theft or possible data poisoning attacks designed to alter and/or sabotage AI output.
That’s why the data used in such projects must be protected from the outset, but in a manner that means it can still be used. Tokenization, for example, preserves utility so that data can be fed into cloud-based analytics tools, without compromising on security.
Zero Trust should be on everyone’s radar by now. According to Gartner, 63% of global organizations now have a fully or partially implemented strategy. However, for most, this represents less than half of their environment. There’s no denying the fact that Zero Trust requires significant time, money and effort. But when it comes to data security—a foundational part of any Zero Trust approach—there are new resources to hand. A US Federal Zero Trust Data Security Guide could provide a blueprint for success in 2025.
Cloud adoption will continue to grow in 2025. Gartner predicts annual growth of over 20% to reach worldwide spending of nearly $825bn next year. But too often, these environments are a black box. That’s bad news when threat actors are circling and misconfigurations often leave data stores exposed. Put simply, organizations can’t protect what they can’t see. So enterprise IT security leaders must search out data protection platforms capable of shining a light on all parts of the organization, including third-party cloud environments, so they are able to continually discover, classify and secure sensitive data, wherever it is.