Cybersecurity Insights from Q1 2025

Hey there,

Hope you are doing well.

Here are some key Cybersecurity insights from Q1 2025 related to:

• ✍️ Cybersecurity M&As, fundings, and Start-ups.

• ‼️ Cyber Incidents, Ransomware Attacks & Data breaches.

• 📘 Notable Updates - Guidance, Standards & Regulations!.

• 📘 Artificial Intelligence (AI), Guidance & Regulations.

• ↪️ How CISO’s role is evolving in 2025.

• ↪️ Personal growth Tip - How to speak🎙so that people want to listen.

Why read this? Lots have happened in Q1 2025.

If you're seeking insights on any of the above topics, you'll find valuable information that can shorten your search quest.

But before we begin, do me a favour and make sure you “Subscribe” to let me know that you care and keep me motivated to publish more. Thanks!

Ready? let’s dig in.

Yours truly.

— Yousuf.

Together with (Sponsor):

Streamline IT management with 'The World at Work 2024: Deel IT

Discover how you can transform your IT operations, enhancing operational efficiency & compliance across borders. Our guide has essential strategies for managing a global workforce.

Download free guide

Cybersecurity M&As, fundings, and Start-ups

According to pinpoint search group and security week:

there’s increased Funding Rounds & Stable investments levels; despite a slight decline in total funding raised, the cybersecurity sector remains attractive.

Q1 2025 saw a 12% rise in cybersecurity funding rounds compared to Q1 2024, with 103 total funding and M&A transactions, $2.2 Billion raised over 85 rounds, 17 total M&A events showing strong valuation multiples, and 1 IPO recorded, indicating stability in the investment landscape.

Early-Stage Funding Dominance: Seed and Series-A start-ups led the funding landscape, accounting for 62% of all funding rounds in Q1 2025.

Based on pinpoint search group, below are the key IT/OT acquisitions in Q1 2025:

Previously I’ve covered, the Biggest Cybersecurity Deal ever in Q1 2025 for Wiz - a cybersecurity Multi-Cloud Security Solutions Provider.

Also, based on pinpoint search group, below are the key investments in Q1 2025:

According to SecurityWeek; Q1 2025 saw significant M&A activities with 45 deals only Jan 2025, 28 deals only Feb 2025, and 23 deals only Mar 2025.

Key Takeaways

• Market Sentiment: The overall M&A market sentiment at the start of the year 2025 was bullish, saw a significant rise in cybersecurity M&A deals, as evident from the list above with 45 announced in January alone, reflecting a trend of strategic growth and innovation, driven by factors like declining interest rates and increased corporate confidence, suggesting a promising trajectory for future M&A activities. However, ended with slight uncertainty due to geopolitical changes and in particular announcements around Tariffs.

• Service Integration and Expansion: Many acquisitions aimed to enhance service offerings, expand market presence, and improve client value propositions. For example, 1Password acquired Trelica to enhance its access management platform.

• Geographical Expansion: Companies like Quorum Cyber expanded their global incident response capabilities through strategic acquisitions, such as Kivu Consulting.

• Talent Acquisition: Acquisitions were also driven by the need to address skill shortages in technical domains, ensuring companies have the expertise needed to innovate and compete.

• Technological Advancements: Deals focused on integrating advanced technologies like AI, cloud security, and endpoint management. For instance, Citrix acquired Unicon to enhance endpoint security.

• Enhanced Cybersecurity Capabilities: Acquisitions aimed to strengthen cybersecurity capabilities, particularly in areas like threat detection and response. Darktrace’s acquisition of Cado Security is a notable example.

These takeaways highlight the strategic importance of M&A in the cybersecurity sector, driven by the need for innovation, market expansion, and enhanced security capabilities.

Cyber Incidents, Ransomware Attacks & Data breaches 

The trend of significant data breaches continued throughout the quarter, emphasizing the ongoing cybersecurity challenges faced by organizations.

Here are few of the major companies that experienced incidents and or data breaches from Q1 2025:

Other notable data breaches are:

• TalkTalk: A hacker claimed to have stolen data from approximately 18.8 million current and former customers, including names, emails, and phone numbers. The breach targeted a third-party supplier's system.

• Gravy Analytics: Suffered a breach potentially exposing precise location data of millions of individuals through unauthorized access to their AWS cloud storage.

• Unacast: Experienced a breach involving its data broker subsidiary, Gravy Analytics, with stolen files possibly containing personal data.

• PowerSchool: A data breach affected schools across the U.S. and Canada, exposing sensitive student and staff information.

• Medusind: A medical billing firm disclosed a breach affecting 360,000 individuals, exposing personal and health information.

• BayMark Health Services: Notified patients of a data breach that stole personal and health information3.

• Rosreestr: Hackers claimed to have breached the Russian property agency, leaking personal data, though Rosreestr denied the breach3.

• Avery Products Corporation: Suffered a data breach after its website was hacked to steal credit cards and personal information3.

• Wolf Haldenstein: Exposed personal information of nearly 3.5 million individuals in a data breach3.

• Otelier: Experienced a breach exposing hotel reservations and personal information of millions of guests3.

• Meta (WhatsApp): Confirmed a sophisticated spyware attack affecting WhatsApp users, including journalists and civil society members2.

• DOD and Defense Contractors: Credentials were stolen in a breach impacting the U.S. Department of Defense and its contractors2.

• IoT Data Breach: Exposed 2.7 billion records in a massive IoT-related data breach2.

• HCRG Care Group: Suffered a ransomware attack2.

• DISA Global: A data breach impacted over 3 million people2.

• Palo Alto Networks: Confirmed exploitation of their firewalls2.

• GrubHub: Disclosed a third-party data breach affecting customer, driver, and merchant data24.

• Investment Research Firm: Data of 12 million customers was compromised.

Here’s some stats on ransomware attacks targeting different industries and sectors:

• According to State of Ransomware 2025 report by black fog: The year 2025 started with a record-breaking 92 disclosed ransomware attacks in January, a 21% increase over last year and the highest we’ve recorded since we began tracking ransomware back in 2020. With 32 different ransomware groups behind the attacks, with RansomHub leading the way.

• Record Crypto Theft: Hackers stole over $1.67 billion in cryptocurrencies in Q1 2025, a 303% increase from the previous quarter, with the Bybit hack being the largest.

• Ransomware Surge: Q1 2025 saw a record number of ransomware attacks, with a 45% increase compared to Q1 2024.

• Healthcare Targeted: Healthcare was the most targeted sector with 57 ransomware attacks in Q1 2025.

• Data Exfiltration Rise: 95% of publicly disclosed ransomware attacks involved data exfiltration.

• Ransomware Groups: RansomHub, Qilin, and Akira were among the most active ransomware groups in Q1 2025.

• Malware Dominance: Malware remains the primary attack method, used in 66% of successful attacks against organizations.

• Spyware Increase: Spyware use in attacks on organizations increased by 4 percentage points in Q4 2024.

• Financial Motivation: 48% of successful attacks on individuals were financially motivated, up 18 percentage points from the previous year6.

• Phishing Threats: Phishing attacks, including those using corrupted files and archive formats, remain a significant threat.

• Cybersecurity Awareness: The need for heightened cybersecurity awareness among organizations and individuals continues to grow.

2024 Flashback - Going down the memory Lane

In case you missed and or want to know key insights from 2024, checkout the series here → Q1 2024; Q2 2024; Q3 2024; and Q4 2024.

Other great must reads are; The State of the Cybersecurity Market in 2024 - an in-depth look at the cybersecurity market in 2024, focusing on AI's role, funding shifts, and investment trends shaping the industry.

Together with (Sponsor):

Learn how to make AI work for you

AI won’t take your job, but a person using AI might. That’s why 1,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.

Sign up to start learning.

Updates - Guidance, Standards & Regulations!

Here are some of the updates on regulations and standards in the cybersecurity field from Q1 2025:

• Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance: Gazetted in March 2025, this law is set to take effect on January 1, 2026, but preparations began in Q1 2025 to enhance cybersecurity standards for essential services providers.

• China’s Cybersecurity Law Amendments: The second draft of amendments to China's Cybersecurity Law was released in March 2025, introducing stricter penalties, clearer enforcement mechanisms, and alignment with existing data protection laws.

• Regulations on Network Data Security Management: These regulations took effect on January 1, 2025, in China, further refining the country's data compliance system.

• Cyber Resilience Act (CRA): Adopted in 2024 but gaining attention in Q1 2025, the CRA aims to strengthen the EU's cybersecurity framework by setting standards for the security of connected products.

• NIS 2 Directive: While technically in effect since October 2024, organizations were still implementing necessary changes in Q1 2025 to comply with its enhanced cybersecurity resilience requirements for critical infrastructure and key services across the EU.

• Digital Operational Resilience Act (DORA): Set to take effect on January 17, 2025, DORA focuses on improving operational resilience in critical financial sectors within the EU.

• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is working on finalizing rules for this act, which mandates incident reporting for critical infrastructure entities.

• EU Cybersecurity Standards: Ongoing efforts to enhance EU cybersecurity standards continued in Q1 2025, with a focus on improving digital resilience across various sectors.

• Global Cybersecurity Initiatives: Various global initiatives, such as those by the World Economic Forum, emphasized the importance of training government staff in cybersecurity and establishing new data protection offices.

• Cybersecurity Integration: Rapid integration of AI and cybersecurity, particularly in threat detection, was observed in Q1 2025.

• Critical Infrastructure Focus: Renewed interest in critical infrastructure M&A due to global logistics stress.

• Maritime Conflict Impact: Maritime conflict and infrastructure vulnerabilities prompted increased focus on critical infrastructure security.

• Regulatory Updates: Ongoing regulatory updates aim to address emerging cybersecurity threats and vulnerabilities.

• Standards Evolution: Cybersecurity standards continue to evolve to address new technologies and threats.

• Global Cooperation: International cooperation on cybersecurity regulations and standards is increasingly important.

These updates reflect a global trend towards strengthening cybersecurity regulations and standards to address emerging threats and enhance digital resilience.

References:

• Hong Kong’s new cybersecurity law gazetted.

• China’s Cybersecurity Law Amendments: Key Changes in Second Draft.

• Cybersecurity threatscape: Q4 2024 – Q1 2025.

• Q1 2025 M&A Market Update from The McLean Group.

• EU Cybersecurity & Data Protection Update Q1-2025.

• 5 Big Cybersecurity Laws You Need to Know About Ahead of 2025.

Artificial Intelligence (AI), Guidance & Regulations

AI-related cybersecurity investments in Q1 2025 showed significant trends and developments:

• Increased Investment in AI Cybersecurity: AI integration in cybersecurity advanced rapidly, particularly in threat detection and response. Organizations continued to invest heavily in AI-driven cybersecurity solutions to enhance threat detection and response capabilities. This trend reflects growing concerns over sophisticated AI-powered attacks and the need for advanced defenses.

• Agentic AI Adoption: There was a notable rise in discussions around agentic AI, which operates autonomously to achieve specific goals. This technology is expected to transform how businesses operate and defend against cyber threats.

• Generative AI Integration: The integration of generative AI models into cybersecurity strategies became more prominent. These models can help predict threats and automate vulnerability assessments, but also pose risks if misused.
  

• CEO Prioritization: CEOs increasingly emphasized AI as a critical area for investment, with AI discussions being the second most common topic in earnings calls during Q1 2025.

• Budget Allocation: UK organizations planned to increase cybersecurity budgets by an average of 31% in 2025, reflecting a broader trend of heightened investment in AI-enhanced security solutions.

• AI-Driven Threats: The use of AI by threat actors to launch sophisticated attacks was a major concern. This necessitates the development of AI-driven defense strategies to counter such threats.

• Regulatory Focus: There was a growing emphasis on ensuring the secure deployment of AI technologies, with many organizations lacking adequate safeguards for AI infrastructure.

• Leadership in AI Initiatives: Chief Information Officers (CIOs) took a leading role in AI initiatives, indicating a shift towards more technical leadership in AI adoption.

• ROI Pressure: Despite increased investment, there was pressure to demonstrate the return on investment (ROI) for AI initiatives, particularly in the context of cybersecurity.

• Global Outlook: The World Economic Forum emphasized AI and machine learning as crucial to next year's cybersecurity, advocating for a balanced approach that integrates AI safely into organizations while managing risks and opportunities.

• Generative AI Applications: U.S. Cyber Command saw significant benefits from generative AI in threat detection.

• AI-Driven Threats: AI-powered attacks are becoming more sophisticated, requiring advanced defenses.

• Regulatory Frameworks: Developing regulatory frameworks for AI in cybersecurity is a growing priority.

• Ethical AI Use: Ensuring ethical use of AI in cybersecurity is crucial to prevent misuse.

• AI-Enhanced Phishing: AI can enhance phishing attacks, making them more sophisticated and targeted.

• AI for Incident Response: AI is increasingly used to improve incident response times and effectiveness.

• AI Training Challenges: Training AI models for cybersecurity requires large, diverse datasets.

Legislative and Regulatory Developments

• U.S. Federal AI Legislation: Congress introduced several AI bills on national security, workforce skills, AI supply chain resilience, and fraud prevention. The Senate passed the "TAKE IT DOWN" Act to ban nonconsensual AI-generated deepfake imagery. The House reintroduced the "CREATE AI" Act to establish the National AI Research Resource for advancing innovation.

• California AI Advisories: California’s Attorney General clarified that consumer protection, civil rights, competition, and privacy laws apply to AI, stressing compliance to prevent bias. A separate advisory mandates AI in healthcare to adhere to patient privacy and autonomy laws.

• EU Artificial Intelligence Act Rollout: In February 2025, the EU started enforcing its AI Act, categorizing AI systems by risk and banning high-risk practices like social scoring and unauthorized biometric ID. The Act mandates AI literacy for providers and deployers and enforces strict data protection in line with GDPR.

• U.S. Executive Order on AI: In January 2025, a U.S. executive order emphasized maintaining global AI leadership with a focus on innovation free from ideological bias, promoting AI infrastructure development and international pro-innovation policies.

• AI Literacy and Governance: The EU AI Act and related reports stress the need for AI literacy among developers and users and the implementation of cybersecurity measures such as data minimization and privacy by design to comply with GDPR and AI regulations.

Emerging AI Cybersecurity Threats and Defense

• AI-Powered Cyberattacks Surge: In Q1 2025, sophisticated AI-driven attacks like deepfake phishing, adaptive autonomous malware, and AI-enhanced social engineering increased. Organizations are advised to use AI-powered threat detection, train employees on AI threats, and implement strong authentication to reduce risks.

• DeepSeek R1 Impact: DeepSeek's open-source AI model R1, released in January 2025, gained popularity for its high performance and low cost but exposed major cybersecurity vulnerabilities, including jailbreak attack susceptibility. Its widespread use led to an 1800% increase in related security platform traffic, highlighting risks of shadow AI and unauthorized data access.

• Adaptive Attack Strategies: DeepSeek R1 and similar models allow attackers to combine multiple attack vectors and adapt tactics based on target responses, challenging defensive cybersecurity technologies.

• AI Security Integration: Leading tech companies like Microsoft, Amazon Web Services, and Cerebras swiftly integrated DeepSeek R1, highlighting the importance of securing AI leadership through reliability and trust, beyond just accessibility.

AI is transforming cybersecurity in Q1 2025 by driving new laws, increasing threat sophistication, and pushing organizations to adopt advanced AI defenses and governance.

References:

• WEF Global Cybersecurity Outlook 2025.

• What CEOs talked about in Q1 2025: Tariffs, rising uncertainty, and agentic AI.

• Cyber Security 2025 Predictions: Trends and Challenges to Watch by aztech.

• Cybersecurity threatscape: Q4 2024 – Q1 2025.

• Q1 2025 M&A Market Update from The McLean Group.

• KPMG AI Quarterly Pulse Survey: What executives are saying now.

• Quarterly AI Update | Q1 2025 by Arnontl.

• U.S. Tech Legislative & Regulatory Update – First Quarter 2025.

How CISO’s role is evolving in 2025

The role of the Chief Information Security Officer (CISO) in 2025 and beyond is evolving rapidly from a primarily technical function to a strategic, multifaceted leadership position that integrates cybersecurity deeply with business objectives and risk management. Key aspects of this evolution include:

Strategic Business Leadership - CISOs are now strategic business partners, aligning cybersecurity with business goals to enhance resilience and value. They collaborate with C-suite leaders to secure budgets and promote a security-focused culture.

Expanded Accountability and Personal Liability - Regulatory scrutiny is increasing, and CISOs are more accountable for cybersecurity outcomes, facing legal, financial, and reputational risks. They need to clearly understand and mitigate cyber risks, often with responsibility but limited authority, navigating complex governance and compliance challenges.

Mastering Communication and Influence - Effective communication is crucial for CISOs, who must translate technical risks into business terms for executives, align security goals with organizational priorities, and secure investments. They also serve as the public face of security, fostering customer trust and managing third-party and supply chain risks.

Adoption of Advanced Technologies - CISOs are tasked with adopting AI and machine learning for improved threat detection, automated responses, and managing expanding attack surfaces like cloud and IoT. Zero Trust Architecture and AI-driven security platforms are now key to their cybersecurity strategies.

Navigating a Complex Threat Landscape - CISOs must adapt to sophisticated threats like AI-powered attacks and ransomware by consolidating security tools into unified platforms, reducing complexity, and enhancing operational efficiency.

Focus on Regulatory and Compliance Expertise - CISOs must keep up with global regulations, ensuring compliance and integrating cybersecurity with GRC frameworks, while managing challenges like shadow AI and AI-related data privacy concerns.

Talent Management and Upskilling - Addressing the cybersecurity skills gap is a priority, with CISOs investing in upskilling, cross-training, and automation to focus teams on strategic tasks.

Summary

In 2025, the CISO role is a high-profile, high-accountability position that blends technical expertise with strategic business leadership, regulatory savvy, and advanced technology adoption. CISOs are pivotal in securing digital trust, driving organizational resilience, and enabling business growth amid an increasingly complex and dynamic cyber threat landscape.

References:

• How CISOs Will Navigate The Threat Landscape Differently In 2025.

• Six ways CISO role is changing in 2025 (And what to do about it).

• CISO Outlook for 2025 by SecurityWeek.

• CISOs in 2025: Evolution of a High-Profile Role.

Securing Things Academy: (coming soon)

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.

Checkout a brief overview below:

Post from Past - My notes from a Ted Talk

I posted on LinkedIn on 10 Aug 2024 on 🚀 Motivational Snippet 🚀 

👉 Saw a great Ted Talk titled: How to speak🎙so that people want to listen 📢 (by Julian Treasure | TED TALKS) (41M+ views) and wanted to share with all.

Many of us (myself most definitely) especially in #Cybersecurity / #Technology community, struggles with clear speech and need to learn from and adopt techniques for a better speech capability.

👉Here are the key takeaways as powerful tips 📔 to consider and remember.

➡ Habits to move away from --> Problem with most speech today:

The 7 Deadly Sins:

-> Gossip | Judging | Negativity | Complaining | Excuses | Lying | Dogmatism.

• 👉All above to be avoided.

• 👉Results in -> most not listening.

• 👉Creates -> Noise | bad acoustics.

To deliver really powerful speech:

➡ Adapt HAIL (to greet or acclaim enthusiastically):

• 👉H = Honesty - be clear and straight

• 👉 A = Authenticity - be yourself

• 👉 I = Integrity - be your word

• 👉 L = Love - wish them well.

➡ Toolbox that very few of us have opened on the subject of -> How to speak:

• 👉 Register = speak through the chest (instead of nose and or throat) - with power & authority

• 👉 Timbre = way your voice feels - can be trained - through voice coach.

• 👉Prosody = break habits for being monotone and avoid repetitive questioning prosody.

• 👉 Pace = finding the balance of how fast and slow you want to be and where.

• 👉 Pitch = goes along with Pace. May change the meaning in delivery with change of pitch.

• 👉 Volume = choice the right levels for the right emotions.

Whether presenting a talk, pitching a proposal (professional or marriage) and or asking for raise etc.

➡ Few warm up exercises before speaking: (watch the video for exact illustration - starting at 7:55 mins)

1. deep breath in - arms up - open wide and say - huhhhh - breathing out and arms going down

2. warming lips - Baah baah baah baah…

3. burrrrhhhhhhhh

4. exaggerated la la la la…

5. rolling r -> crrrhhh…

6. we (high) oh (low)..

What it would be like if we are:

-> Speaking 💪 powerfully and people are listening consciously in environments that are actually fit for purpose -> Creates -> designed | soundscapes

Make it more larger - what it would be like if we are: -> Creating and Consuming sound Consciously -> Results in Designing our environment consciously

👉That's where the WORLD does sound beautiful and where our understanding be the Norm.

➡ An idea worth spreading so that it may change the world 🌍

🚀 Have a great week ahead.

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

• 📰 [ST # 61] ✅My list of IT-OT & Cybersecurity, Leadership, Productivity, Personal Development, and Money/Business books - must read for Cyber Leaders and Practitioners. Few updates on OT Security conference, & more.🚀 [Securing Things by M. Yousuf Faisal] 📰

• 📢 [ST #60] All Series Index - Securing Things 📢✅IT, OT & AI Cybersecurity – Program, Digital Factory, Guides, Standards, Crash Courses, Quarterly Insights & more.🚀 [Securing Things by M. Yousuf Faisal] 🗞️🗞️🗞️

• Cybersecurity and AI Across the Industrial Automation Stack - Monthly Digest # 1 - ✅ Industry Trends, Market Insights on cybersecurity and AI across the layers of industrial automation stack (Cloud, ERP, DMZ, MES, SCADA, HMI, PLC/Edge), physical devices & more.🚀 [Securing Things by M. Yousuf Faisal].

• ISA/IEC 62443 Standards - Part 5 - Security Program Elements (SPEs) for 62443-2-1:2024, Upcoming Asset Owner ACS Security Assurance (ACSSA) Certification Scheme to ISA/IEC 62443-2-1, 2-4, 3-2, 3-3 by ISCI, CISO's role, other interesting reads.

• The Digital Factory (Data Flow) - Part 2 Industry 4.0 data/event driven data flows and security considerations and how's CISO's role is evolved in OT security.

• Cybersecurity & Data Privacy for Hong Kong - HK Cybersecurity Market, upcoming Critical Infrastructure Bill 2024 regulations, Data Privacy Program Core elements, HK markets and more.

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.