Cybersecurity Insights from Q1 2025

[ST # 62] โœ… IT, OT, AI Cybersecurity Market Insights, M&As, Incidents, breaches, ransomware, threats and changing regulatory landscape - Things are moving crazy fast.๐Ÿš€ [Securing Things by M. Yousuf Faisal]

Disclaimer: All views presented here, in this newsletter, are my own.

Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.

M. Yousuf Faisal

Hey there,

Hope you are doing well.

Here are some key Cybersecurity insights from Q1 2025 related to:

  • โœ๏ธ Cybersecurity M&As, fundings, and Start-ups.

  • โ€ผ๏ธ Cyber Incidents, Ransomware Attacks & Data breaches.

  • ๐Ÿ“˜ Notable Updates - Guidance, Standards & Regulations!.

  • ๐Ÿ“˜ Artificial Intelligence (AI), Guidance & Regulations.

  • โ†ช๏ธ How CISOโ€™s role is evolving in 2025.

  • โ†ช๏ธ Personal growth Tip - How to speak๐ŸŽ™so that people want to listen.

Why read this? Lots have happened in Q1 2025.

If you're seeking insights on any of the above topics, you'll find valuable information that can shorten your search quest.

But before we begin, do me a favour and make sure you โ€œSubscribeโ€ to let me know that you care and keep me motivated to publish more. Thanks!

Ready? letโ€™s dig in.

Yours truly.

โ€” Yousuf.

Together with (Sponsor):

Streamline IT management with 'The World at Work 2024: Deel IT

Discover how you can transform your IT operations, enhancing operational efficiency & compliance across borders. Our guide has essential strategies for managing a global workforce.

Cybersecurity M&As, fundings, and Start-ups

According to pinpoint search group and security week:

thereโ€™s increased Funding Rounds & Stable investments levels; despite a slight decline in total funding raised, the cybersecurity sector remains attractive.

Q1 2025 saw a 12% rise in cybersecurity funding rounds compared to Q1 2024, with 103 total funding and M&A transactions, $2.2 Billion raised over 85 rounds, 17 total M&A events showing strong valuation multiples, and 1 IPO recorded, indicating stability in the investment landscape.

Early-Stage Funding Dominance: Seed and Series-A start-ups led the funding landscape, accounting for 62% of all funding rounds in Q1 2025.

Based on pinpoint search group, below are the key IT/OT acquisitions in Q1 2025:

Vendor

Activity Type

Acquiring Company

Financials

Market Segment

Phylum

Acquisition

Veracode

Undisclosed

AppSec

Trelica

Acquisition

1Password

Undisclosed

SaaS Security

Cado Security

Acquisition

Darktrace

Undisclosed

Forensics

Alterya

Acquisition

Chainalysis

Undisclosed

Fraud

Kivu

Acquisition

Quorum

Undisclosed

Security Services

Vulcan Cyber

Acquisition

Tenable

$150,000,000

Vulnerability

vArmour

Acquisition

Fenix24

Undisclosed

Identity

Stack Identity

Acquisition

JumpCloud

Undisclosed

Identity

SafeBase

Acquisition

Drata

$250,000,000

Ratings

Zilla Security

Acquisition

CyberArk

$165,000,000

Identity

Votiro

Acquisition

Menlo Security

Undisclosed

Detection/Response

Dassana

Acquisition

Deepwatch

Undisclosed

Ratings

Identity Automation

Acquisition

Jamf

$215,000,000

Identity

Otorio

Acquisition

Armis

$120,000,000

OT/ICS

Wiz

Acquisition

Google

$32,000,000,000

Cloud

Cyral

Acquisition

Varonis

Undisclosed

Data

Previously Iโ€™ve covered, the Biggest Cybersecurity Deal ever in Q1 2025 for Wiz - a cybersecurity Multi-Cloud Security Solutions Provider.

Also, based on pinpoint search group, below are the key investments in Q1 2025:

Vendor

Activity Type

Financials

Investor

Market Segment

Orchid Security

Seed

$36,000,000

Team8

Identity

Wultra

Seed

$3,000,000

Tensor Ventures

Quantum

AI or Not

Seed

$5,000,000

Foundation Capital

Fraud

Spikerz

Seed

$7,000,000

Disruptive AI

Fraud

DryRun Security

Seed

$8,700,000

LiveOak Ventures

AppSec

Axoflow

Seed

$7,000,000

EBRD Venture Capital

Detection/Response

Kymatio

Seed

$1,900,000

Decelera

Training

TrustLogix

Seed

$13,000,000

Westwave Capital

Data

Frenos

Seed

$3,880,000

DataTribe

OT/ICS

Backline

Seed

$9,000,000

StageOne Ventures

Vulnerability

Staris

Seed

$5,700,000

Freestyle VC

AppSec

Freeze

Seed

$2,600,000

Undisclosed

Vulnerability

Dune Security

Seed

$6,000,000

Alumni Ventures

Training

ThreatMark

Funding

$23,000,000

Octopus Ventures

Fraud

Zynap

Funding

$5,700,000

Kibo Ventures

Threat Intel

Fudo Security

Funding

$9,400,000

bValue Growth Fund

Identity

Almanax

Funding

$1,000,000

Blockchain Builders Fund

Crypto

Conifers.AI

Funding

$25,000,000

SYN Ventures

Detection/Response

SignPath

Funding, A

$5,100,000

TIN Capital

AppSec

Dataships

Funding, A

$7,000,000

Osage Venture Partners

GRC

Passbolt

Funding, A

$8,000,000

Airbridge Equity Partners

Identity

Token Security

Funding, A

$20,000,000

Notable Capital

Identity

Clutch

Funding, A

$20,000,000

SignalFire

Identity

Seraphic

Funding, A

$29,000,000

GreatPoint Ventures

Browser

BforeAI

Funding, B

$10,000,000

Titanium Ventures

Threat Intel

Mitiga

Funding, B

$30,000,000

SYN Ventures

Detection/Response

Hypori

Funding, B

$12,000,000

UBS

Endpoint

Oligo

Funding, B

$50,000,000

Greenfield Partners

AppSec

Eclypsium

Funding, C

$45,000,000

Pavilion Capital

Firmware Security

Knostic

Seed

$11,000,000

Bright Pixel

AI/LLM

Aryon Security

Seed

$9,000,000

Viola Ventures

Vulnerability

AIceberg

Seed

$10,000,000

Sprout & Oak

AI/LLM

Quantum Industries

Seed

$10,000,000

Sparring Capital Partners

Quantum

Hawcx

Seed

$3,000,000

Engineering Capital

Identity

Sola

Seed

$30,000,000

S Capital

Platform

Harmony Intelligence

Seed

$3,000,000

Airtree Ventures

Vulnerability

Orion Security

Seed

$6,000,000

Pico Partners

Data

Hunted Labs

Seed

$3,000,000

Red Cell Partners

AppSec

Protectt.AI

Seed

$8,800,000

Bessemer 

Endpoint

Charm Security

Seed

$8,000,000

Team8

Fraud

SplxAI

Seed

$7,000,000

LAUNCHub

Vulnerability

Flagright

Seed

$4,300,000

Frontline Ventures

Fraud

STYX Intelligence

Seed

$2,700,000

Business Development Bank of Canada

Fraud

Cybereason

Funding

$120,000,000

Liberty Strategic Capital

Endpoint

Straiker

Funding

$21,000,000

Lightspeed Ventures

AI/LLM

Crogl

Funding, A

$25,000,000

Menlo Ventures

Automation

VulnCheck

Funding, A

$12,000,000

Ten Eleven Ventures

Vulnerability

GetReal Security

Funding, A

$17,500,000

Forgepoint Capital

Forensics

Strike Security

Funding, A

$13,500,000

FinTech Collective

PenTesting

Cloudsmith

Funding, B

$23,000,000

TCV

AppSec

SpecterOps

Funding, B

$75,000,000

Insight Partners

Vulnerability

Botguard (now Blackwall)

Funding, B

$49,000,000

Dawn Capital

Bot

Tonic.ai

Funding, B

$35,000,000

Insight Partners

Data

Pentera

Funding, D

$60,000,000

Evolution Equity Partners

PenTesting

Island

Funding, E

$250,000,000

Coatue

Browser

Aura

Funding, G

$140,000,000

Ten Eleven Ventures

Identity

Coalition

Growth Equity

$30,000,000

Mitsui Sumitomo 

Cyber Insurance

360 Privacy

Growth Funding

$36,000,000

FTV Capital

OSINT

According to SecurityWeek; Q1 2025 saw significant M&A activities with 45 deals only Jan 2025, 28 deals only Feb 2025, and 23 deals only Mar 2025.

Key Takeaways

  • Market Sentiment: The overall M&A market sentiment at the start of the year 2025 was bullish, saw a significant rise in cybersecurity M&A deals, as evident from the list above with 45 announced in January alone, reflecting a trend of strategic growth and innovation, driven by factors like declining interest rates and increased corporate confidence, suggesting a promising trajectory for future M&A activities. However, ended with slight uncertainty due to geopolitical changes and in particular announcements around Tariffs.

  • Service Integration and Expansion: Many acquisitions aimed to enhance service offerings, expand market presence, and improve client value propositions. For example, 1Password acquired Trelica to enhance its access management platform.

  • Geographical Expansion: Companies like Quorum Cyber expanded their global incident response capabilities through strategic acquisitions, such as Kivu Consulting.

  • Talent Acquisition: Acquisitions were also driven by the need to address skill shortages in technical domains, ensuring companies have the expertise needed to innovate and compete.

  • Technological Advancements: Deals focused on integrating advanced technologies like AI, cloud security, and endpoint management. For instance, Citrix acquired Unicon to enhance endpoint security.

  • Enhanced Cybersecurity Capabilities: Acquisitions aimed to strengthen cybersecurity capabilities, particularly in areas like threat detection and response. Darktraceโ€™s acquisition of Cado Security is a notable example.

These takeaways highlight the strategic importance of M&A in the cybersecurity sector, driven by the need for innovation, market expansion, and enhanced security capabilities.

Cyber Incidents, Ransomware Attacks & Data breaches 

The trend of significant data breaches continued throughout the quarter, emphasizing the ongoing cybersecurity challenges faced by organizations.

Here are few of the major companies that experienced incidents and or data breaches from Q1 2025:

Victim

Threat Actor

Business Impact

Casio UK

online store hacked to steal customer credit cards

Source: BleepingComputer

February 02, 2025

Unknown

Between January 14 and 24, 2025, Casio UK's e-shop was hacked, potentially compromising credit card and customer information of those who made purchases during this period.

GrubHub

data breach impacts customers, drivers, and merchants

Source: BleepingComputer

February 03, 2025

Unknown

GrubHub reported a data breach affecting the personal information of customers, merchants, and drivers after attackers accessed its systems through a service provider account.

UK / British engineering firm IMI discloses breach, shares no details

Source: BleepingComputer

February 05, 2025

Unknown

Firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems.

Hospital Sisters Health System notifies 882,000 patients of August 2023 breach

Source: BleepingComputer

February 07, 2025

Unknown

Hospital Sisters Health System informed over 882,000 patients of a data breach from an August 2023 cyberattack that exposed their personal and health information.

HPE notifies employees of data breach after Russian Office 365 hack

Source: BleepingComputer

February 07, 2025

IntelBroker

Hewlett Packard Enterprise (HPE) informed employees of a data breach by Russian state-sponsored hackers in a May 2023 cyberattack on its Office 365 email.

PPL Electric Utilities Pennsylvania utility says MOVEit breach at vendor exposed some customer data

PPL Electric Utilities Cyber Attack

February 14, 2025

Cl0p ransomware

A Pennsylvania utility company reported that basic customer data was exposed online in 2023 due to a vendor breach via a MOVEit software bug. PPL Electric Utilities said its core systems were unaffected, and the vendor notified them of the breach in June 2023.

Finastra

Fintech giant Finastra notifies victims of October data breach

Finastra Data Breach Updates 

February 16, 2025

"Abyss0" a name on the BreachForums

Finastra is notifying victims of a data breach after attackers accessed its systems in October 2024. An investigation revealed that an unauthorized party accessed a Secure File Transfer Platform (SFTP) between October 31 and November 8, 2024, obtaining certain files. The breach is linked to a post by "abyss0" on BreachForums, claiming to sell 400GB of data stolen from Finastra.

Australian IVF giant Genea

confirms hackers โ€˜accessed dataโ€™ during cyber attack

Australian IVF Giant Data Breach

February 19, 2025

Termite ransomware

Genea reported a cybersecurity incident disrupting patient services and potentially exposing sensitive information.

CarMoney

Ukrainian hackers claim breach of Russian loan company linked to Putinโ€™s ex-wife

Source: The Record

February 21, 2025

Cyber Alliance

The pro-Ukraine hacking group, Cyber Alliance, claims responsibility for a cyberattack on Russian microfinance company CarMoney, linked to Putin's ex-wife, obtaining data on numerous borrowers, including Russian military and intelligence members.

Orange Group confirms breach after hacker leaks company documents

Source: BleepingComputer 

February 24, 2025

Rey (HellCat ransomware)

A hacker claims to have stolen thousands of internal documents from Orange Group, including user records and employee data, and published details on a hacker forum after a failed extortion attempt.

DISA USA

US drug testing firm DISA says data breach impacts 3.3 million people

Source: BleepingComputer

February 24, 2025

Unknown

DISA Global Solutions, a US background screening and drug testing firm, experienced a data breach affecting 3.3 million people.

Rubrik rotates authentication keys after log server breach
Source: Bleeping Computer
March 03, 2025

Unknown

Last month, Rubrik revealed a breach of a server hosting log files, prompting the company to rotate potentially leaked authentication keys after detecting unusual activity.

Stock Broker Angel One
Indian Stock Broker Angel One Discloses Data Breach

Source: Security Week
March 03, 2025

Unknown

Indian brokerage firm Angel One reported a data breach affecting client information in its AWS account, leading to an over 11% drop in shares to a 52-week low on March 3.

Carruth Compliance Consulting
Thousands of public school workers impacted by cyber attack on retirement plan administrator
Source: The Record Media
March 06, 2025

Skira Ransomware

A December 2024 cyber attack on Carruth Compliance Consulting exposed the information of thousands of U.S. public school teachers and employees. Dozens of schools reported data breaches in several states, warning that sensitive data was stolen. The Skira Team, a new cybercriminal group, claimed responsibility, stating they accessed data from 36 public schools.

NTT Communications Corporation
Data breach at Japanese telecom giant NTT hits 18,000 companies
Source: Bleeping Computer
March 06, 2025

Unknown

Japanese telecommunication services provider NTT has alerted nearly 18,000 corporate clients about a data breach affecting its 'Order Information Distribution System,' which contained information on 17,891 companies, but no personal customer data.

PowerSchool
PowerSchool previously hacked in August, months before data breach
Source: Bleeping Computer
March 10, 2025

Unknown

PowerSchool released a CrowdStrike investigation on its December 2024 data breach, revealing earlier hacks in August and September. The breach affected 6,505 school districts across the US, Canada, and other countries, compromising data of 62.5 million students and 9.5 million teachers.

Western Alliance Bank
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach
Source: The Record Media
March 17, 2025

Clop Ransomware

Phoenix-based Western Alliance Bank reported that over 20,000 individuals' information was stolen last year due to a vulnerability in a popular file-sharing tool. The breach involved a third-party vendor and affected multiple organizations. Stolen data includes names, Social Security numbers, and sometimes dates of birth, financial account numbers, driver's license numbers, tax IDs, and passports.

GitHub Action
GitHub Action hack likely led to another in cascading supply chain attack
Source: Bleeping Computer
March 18, 2025

Unknown

A supply chain attack starting with the compromise of "reviewdog/action-setup@v1" GitHub Action likely caused the breach of "tj-actions/changed-files," leaking CI/CD secrets.

Dogequest
Dogequest Website exposes Tesla owners' sensitive information
Dogequest data breach
March 18, 2025

Unknown

The website "Dogequest" reportedly published personal information of Tesla owners in the U.S. to shame and intimidate them, amid Elon Musk's increasing government interference. Musk called it "extreme domestic terrorism" on X.

Pennsylvania State Education Association
Half a million people impacted by Pennsylvania State Education Association data breach
Source: The Record Media
March 19, 2025

Rhysida Ransomware

A July 2024 cyber attack on the Pennsylvania State Education Association (PSEA) affected over 500,000 people. The breach exposed state IDs, Social Security numbers, financial and payment card details, passport numbers, taxpayer IDs, and health and medical data of current and former members and their dependents.

Ascom, Jira
HellCat hackers go on a worldwide Jira hacking spree
Source: Bleeping Computer
March 19, 2025

HellCat Ransomware 

Swiss solutions provider Ascom confirmed a cyber attack by the Hellcat hacker group, which targeted Jira servers using compromised credentials. The hackers breached Ascom's technical ticketing system, claiming to have stolen 44GB of data potentially affecting all company divisions. The incident is under investigation.

Sperm donation giant California Cryobank
Sperm donation giant California Cryobank warns of a data breach
Source: Bleeping Computer
March 19, 2025

Unknown

California Cryobank, a major US sperm donor, experienced a data breach in April 2024, exposing customers' personal information. The breach revealed names, bank details, Social Security numbers, driver's license numbers, payment card numbers, and health insurance information.

China's Baidu
China's Baidu denies data breach after executive's daughter leaks personal info
Source: Reuters
March 20, 2025

Human Error

Baidu denied an internal data breach after a top executive's teenage daughter posted personal details online. The company stated that employees are prohibited from accessing user data and that the information came from illegally obtained "doxing databases" on foreign platforms.

Coinbase
Coinbase was primary target of recent GitHub Actions breaches
Source: Bleeping Computer
March 21, 2025

Unknown

Researchers found that Coinbase was the main target in a recent GitHub Actions supply chain attack, where threat actors altered the action to expose CI/CD secrets and authentication tokens in GitHub Actions logs.

Oracle
Oracle denies breach after hacker claims theft of 6 million data records, but customers confirm it
Source: Bleeping Computer
March 21 and 26, 2025

Rose87168, a BreachForums account name

Despite Oracle denying a breach of its Cloud SSO login servers and the theft of data for 6 million people, multiple companies have confirmed the validity of data samples shared by the threat actor.

StreamElements
StreamElements discloses third-party data breach after hacker leaks data
Source: Bleeping Computer
March 26, 2025

"Victim", a BreachForum name

StreamElements confirmed a data breach at a third-party provider after a hacker leaked samples of stolen data on a forum. The hacker claimed to have stolen data from 210,000 customers, including names, addresses, phone numbers, and emails, on March 20, 2025.

Numotion
U.S. wheelchair maker Numotion says data breach impacted half a million customers
Source: Teiss UK
March 26, 2025

Black Basta group

Tennessee healthcare mobility provider Numotion experienced a data breach affecting nearly half a million individuals' sensitive information.

NYU
Hacker defaces NYU website, exposing admissions data on 1 million students
Source: The Record Media
March 26, 2025

Computer Niggy Exploitation

The hacker altered the NYU homepage with charts and links to student datasets categorizing standardized test scores by race. They claimed personal information was redacted but linked to four datasets containing personal data.information on NYU applicants, their citizenship status and more.

Lafayette Federal Credit Union
Over 75,000 people impacted in Lafayette Federal Credit Union data breach
Source: Teiss UK
March 26, 2025

Unknown

Lafayette Federal Credit Union in Maryland reported a data breach last year affecting over 75,000 individuals' sensitive personal information.

Other notable data breaches are:

  • TalkTalk: A hacker claimed to have stolen data from approximately 18.8 million current and former customers, including names, emails, and phone numbers. The breach targeted a third-party supplier's system.

  • Gravy Analytics: Suffered a breach potentially exposing precise location data of millions of individuals through unauthorized access to their AWS cloud storage.

  • Unacast: Experienced a breach involving its data broker subsidiary, Gravy Analytics, with stolen files possibly containing personal data.

  • PowerSchool: A data breach affected schools across the U.S. and Canada, exposing sensitive student and staff information.

  • Medusind: A medical billing firm disclosed a breach affecting 360,000 individuals, exposing personal and health information.

  • BayMark Health Services: Notified patients of a data breach that stole personal and health information3.

  • Rosreestr: Hackers claimed to have breached the Russian property agency, leaking personal data, though Rosreestr denied the breach3.

  • Avery Products Corporation: Suffered a data breach after its website was hacked to steal credit cards and personal information3.

  • Wolf Haldenstein: Exposed personal information of nearly 3.5 million individuals in a data breach3.

  • Otelier: Experienced a breach exposing hotel reservations and personal information of millions of guests3.

  • Meta (WhatsApp): Confirmed a sophisticated spyware attack affecting WhatsApp users, including journalists and civil society members2.

  • DOD and Defense Contractors: Credentials were stolen in a breach impacting the U.S. Department of Defense and its contractors2.

  • IoT Data Breach: Exposed 2.7 billion records in a massive IoT-related data breach2.

  • HCRG Care Group: Suffered a ransomware attack2.

  • DISA Global: A data breach impacted over 3 million people2.

  • Palo Alto Networks: Confirmed exploitation of their firewalls2.

  • GrubHub: Disclosed a third-party data breach affecting customer, driver, and merchant data24.

  • Investment Research Firm: Data of 12 million customers was compromised.

Hereโ€™s some stats on ransomware attacks targeting different industries and sectors:

  • According to State of Ransomware 2025 report by black fog: The year 2025 started with a record-breaking 92 disclosed ransomware attacks in January, a 21% increase over last year and the highest weโ€™ve recorded since we began tracking ransomware back in 2020. With 32 different ransomware groups behind the attacks, with RansomHub leading the way.

  • Record Crypto Theft: Hackers stole over $1.67 billion in cryptocurrencies in Q1 2025, a 303% increase from the previous quarter, with the Bybit hack being the largest.

  • Ransomware Surge: Q1 2025 saw a record number of ransomware attacks, with a 45% increase compared to Q1 2024.

  • Healthcare Targeted: Healthcare was the most targeted sector with 57 ransomware attacks in Q1 2025.

  • Data Exfiltration Rise: 95% of publicly disclosed ransomware attacks involved data exfiltration.

  • Ransomware Groups: RansomHub, Qilin, and Akira were among the most active ransomware groups in Q1 2025.

  • Malware Dominance: Malware remains the primary attack method, used in 66% of successful attacks against organizations.

  • Spyware Increase: Spyware use in attacks on organizations increased by 4 percentage points in Q4 2024.

  • Financial Motivation: 48% of successful attacks on individuals were financially motivated, up 18 percentage points from the previous year6.

  • Phishing Threats: Phishing attacks, including those using corrupted files and archive formats, remain a significant threat.

  • Cybersecurity Awareness: The need for heightened cybersecurity awareness among organizations and individuals continues to grow.

2024 Flashback - Going down the memory Lane

In case you missed and or want to know key insights from 2024, checkout the series here โ†’ Q1 2024; Q2 2024; Q3 2024; and Q4 2024.

Other great must reads are; The State of the Cybersecurity Market in 2024 - an in-depth look at the cybersecurity market in 2024, focusing on AI's role, funding shifts, and investment trends shaping the industry.

Together with (Sponsor):

Learn how to make AI work for you

AI wonโ€™t take your job, but a person using AI might. Thatโ€™s why 1,000,000+ professionals read The Rundown AI โ€“ the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.

Updates - Guidance, Standards & Regulations!

Here are some of the updates on regulations and standards in the cybersecurity field from Q1 2025:

  • Hong Kongโ€™s Protection of Critical Infrastructures (Computer Systems) Ordinance: Gazetted in March 2025, this law is set to take effect on January 1, 2026, but preparations began in Q1 2025 to enhance cybersecurity standards for essential services providers.

  • Chinaโ€™s Cybersecurity Law Amendments: The second draft of amendments to China's Cybersecurity Law was released in March 2025, introducing stricter penalties, clearer enforcement mechanisms, and alignment with existing data protection laws.

  • Regulations on Network Data Security Management: These regulations took effect on January 1, 2025, in China, further refining the country's data compliance system.

  • Cyber Resilience Act (CRA): Adopted in 2024 but gaining attention in Q1 2025, the CRA aims to strengthen the EU's cybersecurity framework by setting standards for the security of connected products.

  • NIS 2 Directive: While technically in effect since October 2024, organizations were still implementing necessary changes in Q1 2025 to comply with its enhanced cybersecurity resilience requirements for critical infrastructure and key services across the EU.

  • Digital Operational Resilience Act (DORA): Set to take effect on January 17, 2025, DORA focuses on improving operational resilience in critical financial sectors within the EU.

  • Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is working on finalizing rules for this act, which mandates incident reporting for critical infrastructure entities.

  • EU Cybersecurity Standards: Ongoing efforts to enhance EU cybersecurity standards continued in Q1 2025, with a focus on improving digital resilience across various sectors.

  • Global Cybersecurity Initiatives: Various global initiatives, such as those by the World Economic Forum, emphasized the importance of training government staff in cybersecurity and establishing new data protection offices.

  • Cybersecurity Integration: Rapid integration of AI and cybersecurity, particularly in threat detection, was observed in Q1 2025.

  • Critical Infrastructure Focus: Renewed interest in critical infrastructure M&A due to global logistics stress.

  • Maritime Conflict Impact: Maritime conflict and infrastructure vulnerabilities prompted increased focus on critical infrastructure security.

  • Regulatory Updates: Ongoing regulatory updates aim to address emerging cybersecurity threats and vulnerabilities.

  • Standards Evolution: Cybersecurity standards continue to evolve to address new technologies and threats.

  • Global Cooperation: International cooperation on cybersecurity regulations and standards is increasingly important.

These updates reflect a global trend towards strengthening cybersecurity regulations and standards to address emerging threats and enhance digital resilience.

References:

Artificial Intelligence (AI), Guidance & Regulations

AI-related cybersecurity investments in Q1 2025 showed significant trends and developments:

  • Increased Investment in AI Cybersecurity: AI integration in cybersecurity advanced rapidly, particularly in threat detection and response. Organizations continued to invest heavily in AI-driven cybersecurity solutions to enhance threat detection and response capabilities. This trend reflects growing concerns over sophisticated AI-powered attacks and the need for advanced defenses.

  • Agentic AI Adoption: There was a notable rise in discussions around agentic AI, which operates autonomously to achieve specific goals. This technology is expected to transform how businesses operate and defend against cyber threats.

  • Generative AI Integration: The integration of generative AI models into cybersecurity strategies became more prominent. These models can help predict threats and automate vulnerability assessments, but also pose risks if misused.

  • CEO Prioritization: CEOs increasingly emphasized AI as a critical area for investment, with AI discussions being the second most common topic in earnings calls during Q1 2025.

  • Budget Allocation: UK organizations planned to increase cybersecurity budgets by an average of 31% in 2025, reflecting a broader trend of heightened investment in AI-enhanced security solutions.

  • AI-Driven Threats: The use of AI by threat actors to launch sophisticated attacks was a major concern. This necessitates the development of AI-driven defense strategies to counter such threats.

  • Regulatory Focus: There was a growing emphasis on ensuring the secure deployment of AI technologies, with many organizations lacking adequate safeguards for AI infrastructure.

  • Leadership in AI Initiatives: Chief Information Officers (CIOs) took a leading role in AI initiatives, indicating a shift towards more technical leadership in AI adoption.

  • ROI Pressure: Despite increased investment, there was pressure to demonstrate the return on investment (ROI) for AI initiatives, particularly in the context of cybersecurity.

  • Global Outlook: The World Economic Forum emphasized AI and machine learning as crucial to next year's cybersecurity, advocating for a balanced approach that integrates AI safely into organizations while managing risks and opportunities.

  • Generative AI Applications: U.S. Cyber Command saw significant benefits from generative AI in threat detection.

  • AI-Driven Threats: AI-powered attacks are becoming more sophisticated, requiring advanced defenses.

  • Regulatory Frameworks: Developing regulatory frameworks for AI in cybersecurity is a growing priority.

  • Ethical AI Use: Ensuring ethical use of AI in cybersecurity is crucial to prevent misuse.

  • AI-Enhanced Phishing: AI can enhance phishing attacks, making them more sophisticated and targeted.

  • AI for Incident Response: AI is increasingly used to improve incident response times and effectiveness.

  • AI Training Challenges: Training AI models for cybersecurity requires large, diverse datasets.

Legislative and Regulatory Developments

  • U.S. Federal AI Legislation: Congress introduced several AI bills on national security, workforce skills, AI supply chain resilience, and fraud prevention. The Senate passed the "TAKE IT DOWN" Act to ban nonconsensual AI-generated deepfake imagery. The House reintroduced the "CREATE AI" Act to establish the National AI Research Resource for advancing innovation.

  • California AI Advisories: Californiaโ€™s Attorney General clarified that consumer protection, civil rights, competition, and privacy laws apply to AI, stressing compliance to prevent bias. A separate advisory mandates AI in healthcare to adhere to patient privacy and autonomy laws.

  • EU Artificial Intelligence Act Rollout: In February 2025, the EU started enforcing its AI Act, categorizing AI systems by risk and banning high-risk practices like social scoring and unauthorized biometric ID. The Act mandates AI literacy for providers and deployers and enforces strict data protection in line with GDPR.

  • U.S. Executive Order on AI: In January 2025, a U.S. executive order emphasized maintaining global AI leadership with a focus on innovation free from ideological bias, promoting AI infrastructure development and international pro-innovation policies.

  • AI Literacy and Governance: The EU AI Act and related reports stress the need for AI literacy among developers and users and the implementation of cybersecurity measures such as data minimization and privacy by design to comply with GDPR and AI regulations.

Emerging AI Cybersecurity Threats and Defense

  • AI-Powered Cyberattacks Surge: In Q1 2025, sophisticated AI-driven attacks like deepfake phishing, adaptive autonomous malware, and AI-enhanced social engineering increased. Organizations are advised to use AI-powered threat detection, train employees on AI threats, and implement strong authentication to reduce risks.

  • DeepSeek R1 Impact: DeepSeek's open-source AI model R1, released in January 2025, gained popularity for its high performance and low cost but exposed major cybersecurity vulnerabilities, including jailbreak attack susceptibility. Its widespread use led to an 1800% increase in related security platform traffic, highlighting risks of shadow AI and unauthorized data access.

  • Adaptive Attack Strategies: DeepSeek R1 and similar models allow attackers to combine multiple attack vectors and adapt tactics based on target responses, challenging defensive cybersecurity technologies.

  • AI Security Integration: Leading tech companies like Microsoft, Amazon Web Services, and Cerebras swiftly integrated DeepSeek R1, highlighting the importance of securing AI leadership through reliability and trust, beyond just accessibility.

AI is transforming cybersecurity in Q1 2025 by driving new laws, increasing threat sophistication, and pushing organizations to adopt advanced AI defenses and governance.

References:

How CISOโ€™s role is evolving in 2025

The role of the Chief Information Security Officer (CISO) in 2025 and beyond is evolving rapidly from a primarily technical function to a strategic, multifaceted leadership position that integrates cybersecurity deeply with business objectives and risk management. Key aspects of this evolution include:

Strategic Business Leadership - CISOs are now strategic business partners, aligning cybersecurity with business goals to enhance resilience and value. They collaborate with C-suite leaders to secure budgets and promote a security-focused culture.

Expanded Accountability and Personal Liability - Regulatory scrutiny is increasing, and CISOs are more accountable for cybersecurity outcomes, facing legal, financial, and reputational risks. They need to clearly understand and mitigate cyber risks, often with responsibility but limited authority, navigating complex governance and compliance challenges.

Mastering Communication and Influence - Effective communication is crucial for CISOs, who must translate technical risks into business terms for executives, align security goals with organizational priorities, and secure investments. They also serve as the public face of security, fostering customer trust and managing third-party and supply chain risks.

Adoption of Advanced Technologies - CISOs are tasked with adopting AI and machine learning for improved threat detection, automated responses, and managing expanding attack surfaces like cloud and IoT. Zero Trust Architecture and AI-driven security platforms are now key to their cybersecurity strategies.

Navigating a Complex Threat Landscape - CISOs must adapt to sophisticated threats like AI-powered attacks and ransomware by consolidating security tools into unified platforms, reducing complexity, and enhancing operational efficiency.

Focus on Regulatory and Compliance Expertise - CISOs must keep up with global regulations, ensuring compliance and integrating cybersecurity with GRC frameworks, while managing challenges like shadow AI and AI-related data privacy concerns.

Talent Management and Upskilling - Addressing the cybersecurity skills gap is a priority, with CISOs investing in upskilling, cross-training, and automation to focus teams on strategic tasks.

Summary

In 2025, the CISO role is a high-profile, high-accountability position that blends technical expertise with strategic business leadership, regulatory savvy, and advanced technology adoption. CISOs are pivotal in securing digital trust, driving organizational resilience, and enabling business growth amid an increasingly complex and dynamic cyber threat landscape.

References:

Securing Things Academy: (coming soon)

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list โ†’ here.

Checkout a brief overview below:

Post from Past - My notes from a Ted Talk

I posted on LinkedIn on 10 Aug 2024 on ๐Ÿš€ Motivational Snippet ๐Ÿš€ 

๐Ÿ‘‰ Saw a great Ted Talk titled: How to speak๐ŸŽ™so that people want to listen ๐Ÿ“ข (by Julian Treasure | TED TALKS) (41M+ views) and wanted to share with all.

Many of us (myself most definitely) especially in #Cybersecurity / #Technology community, struggles with clear speech and need to learn from and adopt techniques for a better speech capability.

๐Ÿ‘‰Here are the key takeaways as powerful tips ๐Ÿ“” to consider and remember.

โžก Habits to move away from --> Problem with most speech today:

The 7 Deadly Sins:

-> Gossip | Judging | Negativity | Complaining | Excuses | Lying | Dogmatism.

  • ๐Ÿ‘‰All above to be avoided.

  • ๐Ÿ‘‰Results in -> most not listening.

  • ๐Ÿ‘‰Creates -> Noise | bad acoustics.

To deliver really powerful speech:

โžก Adapt HAIL (to greet or acclaim enthusiastically):

  • ๐Ÿ‘‰H = Honesty - be clear and straight

  • ๐Ÿ‘‰ A = Authenticity - be yourself

  • ๐Ÿ‘‰ I = Integrity - be your word

  • ๐Ÿ‘‰ L = Love - wish them well.

โžก Toolbox that very few of us have opened on the subject of -> How to speak:

  • ๐Ÿ‘‰ Register = speak through the chest (instead of nose and or throat) - with power & authority

  • ๐Ÿ‘‰ Timbre = way your voice feels - can be trained - through voice coach.

  • ๐Ÿ‘‰Prosody = break habits for being monotone and avoid repetitive questioning prosody.

  • ๐Ÿ‘‰ Pace = finding the balance of how fast and slow you want to be and where.

  • ๐Ÿ‘‰ Pitch = goes along with Pace. May change the meaning in delivery with change of pitch.

  • ๐Ÿ‘‰ Volume = choice the right levels for the right emotions.

Whether presenting a talk, pitching a proposal (professional or marriage) and or asking for raise etc.

โžก Few warm up exercises before speaking: (watch the video for exact illustration - starting at 7:55 mins)

  1. deep breath in - arms up - open wide and say - huhhhh - breathing out and arms going down

  2. warming lips - Baah baah baah baahโ€ฆ

  3. burrrrhhhhhhhh

  4. exaggerated la la la laโ€ฆ

  5. rolling r -> crrrhhhโ€ฆ

  6. we (high) oh (low)..

What it would be like if we are:

-> Speaking ๐Ÿ’ช powerfully and people are listening consciously in environments that are actually fit for purpose -> Creates -> designed | soundscapes

Make it more larger - what it would be like if we are: -> Creating and Consuming sound Consciously -> Results in Designing our environment consciously

๐Ÿ‘‰That's where the WORLD does sound beautiful and where our understanding be the Norm.

โžก An idea worth spreading so that it may change the world ๐ŸŒ

๐Ÿš€ Have a great week ahead.

My Recent Most Viewed Social Posts

In case youโ€™ve missed - here are some of my recent most viewed social posts.

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.

โœ‰๏ธ Wrapping Up

Have questions, comments, or feedback? Just reply directly, Iโ€™d love to hear from you.

Also, if you find this or previous newsletter edition(s) useful and know other people who would too, I'd really appreciate if you'd forward it to them. Thanks a ton.

Thanks for reading - until the next edition!

Itโ€™s a Great Day to Start Securing Things for a Smart & Safer Society.

Take care and Best Regards,

Follow Securing Things on LinkedIn | X/Twitter & YouTube.

Rate the newsletter content

Did you find the content valuable?

Login or Subscribe to participate in polls.

If you are reading this online donโ€™t forget to register; validate your email, and request a login link to submit the poll.

Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.

Reply

or to participate.