- Securing Things Newsletter
- Posts
- Cybersecurity Insights from Q1 2025
Cybersecurity Insights from Q1 2025
[ST # 62] โ IT, OT, AI Cybersecurity Market Insights, M&As, Incidents, breaches, ransomware, threats and changing regulatory landscape - Things are moving crazy fast.๐ [Securing Things by M. Yousuf Faisal]

Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Hey there,
Hope you are doing well.
Here are some key Cybersecurity insights from Q1 2025 related to:
โ๏ธ Cybersecurity M&As, fundings, and Start-ups.
โผ๏ธ Cyber Incidents, Ransomware Attacks & Data breaches.
๐ Notable Updates - Guidance, Standards & Regulations!.
๐ Artificial Intelligence (AI), Guidance & Regulations.
โช๏ธ How CISOโs role is evolving in 2025.
โช๏ธ Personal growth Tip - How to speak๐so that people want to listen.
Why read this? Lots have happened in Q1 2025.
If you're seeking insights on any of the above topics, you'll find valuable information that can shorten your search quest.
But before we begin, do me a favour and make sure you โSubscribeโ to let me know that you care and keep me motivated to publish more. Thanks!
Ready? letโs dig in.
Yours truly.
โ Yousuf.
Together with (Sponsor):
Streamline IT management with 'The World at Work 2024: Deel IT
Discover how you can transform your IT operations, enhancing operational efficiency & compliance across borders. Our guide has essential strategies for managing a global workforce.
Cybersecurity M&As, fundings, and Start-ups
According to pinpoint search group and security week:
thereโs increased Funding Rounds & Stable investments levels; despite a slight decline in total funding raised, the cybersecurity sector remains attractive.
Q1 2025 saw a 12% rise in cybersecurity funding rounds compared to Q1 2024, with 103 total funding and M&A transactions, $2.2 Billion raised over 85 rounds, 17 total M&A events showing strong valuation multiples, and 1 IPO recorded, indicating stability in the investment landscape.
Early-Stage Funding Dominance: Seed and Series-A start-ups led the funding landscape, accounting for 62% of all funding rounds in Q1 2025.
Based on pinpoint search group, below are the key IT/OT acquisitions in Q1 2025:
Vendor | Activity Type | Acquiring Company | Financials | Market Segment |
Phylum | Acquisition | Veracode | Undisclosed | AppSec |
Trelica | Acquisition | 1Password | Undisclosed | SaaS Security |
Cado Security | Acquisition | Darktrace | Undisclosed | Forensics |
Alterya | Acquisition | Chainalysis | Undisclosed | Fraud |
Kivu | Acquisition | Quorum | Undisclosed | Security Services |
Vulcan Cyber | Acquisition | Tenable | $150,000,000 | Vulnerability |
vArmour | Acquisition | Fenix24 | Undisclosed | Identity |
Stack Identity | Acquisition | JumpCloud | Undisclosed | Identity |
SafeBase | Acquisition | Drata | $250,000,000 | Ratings |
Zilla Security | Acquisition | CyberArk | $165,000,000 | Identity |
Votiro | Acquisition | Menlo Security | Undisclosed | Detection/Response |
Dassana | Acquisition | Deepwatch | Undisclosed | Ratings |
Identity Automation | Acquisition | Jamf | $215,000,000 | Identity |
Otorio | Acquisition | Armis | $120,000,000 | OT/ICS |
Wiz | Acquisition | $32,000,000,000 | Cloud | |
Cyral | Acquisition | Varonis | Undisclosed | Data |
Previously Iโve covered, the Biggest Cybersecurity Deal ever in Q1 2025 for Wiz - a cybersecurity Multi-Cloud Security Solutions Provider.
Also, based on pinpoint search group, below are the key investments in Q1 2025:
Vendor | Activity Type | Financials | Investor | Market Segment |
Orchid Security | Seed | $36,000,000 | Team8 | Identity |
Wultra | Seed | $3,000,000 | Tensor Ventures | Quantum |
AI or Not | Seed | $5,000,000 | Foundation Capital | Fraud |
Spikerz | Seed | $7,000,000 | Disruptive AI | Fraud |
DryRun Security | Seed | $8,700,000 | LiveOak Ventures | AppSec |
Axoflow | Seed | $7,000,000 | EBRD Venture Capital | Detection/Response |
Kymatio | Seed | $1,900,000 | Decelera | Training |
TrustLogix | Seed | $13,000,000 | Westwave Capital | Data |
Frenos | Seed | $3,880,000 | DataTribe | OT/ICS |
Backline | Seed | $9,000,000 | StageOne Ventures | Vulnerability |
Staris | Seed | $5,700,000 | Freestyle VC | AppSec |
Freeze | Seed | $2,600,000 | Undisclosed | Vulnerability |
Dune Security | Seed | $6,000,000 | Alumni Ventures | Training |
ThreatMark | Funding | $23,000,000 | Octopus Ventures | Fraud |
Zynap | Funding | $5,700,000 | Kibo Ventures | Threat Intel |
Fudo Security | Funding | $9,400,000 | bValue Growth Fund | Identity |
Almanax | Funding | $1,000,000 | Blockchain Builders Fund | Crypto |
Conifers.AI | Funding | $25,000,000 | SYN Ventures | Detection/Response |
SignPath | Funding, A | $5,100,000 | TIN Capital | AppSec |
Dataships | Funding, A | $7,000,000 | Osage Venture Partners | GRC |
Passbolt | Funding, A | $8,000,000 | Airbridge Equity Partners | Identity |
Token Security | Funding, A | $20,000,000 | Notable Capital | Identity |
Clutch | Funding, A | $20,000,000 | SignalFire | Identity |
Seraphic | Funding, A | $29,000,000 | GreatPoint Ventures | Browser |
BforeAI | Funding, B | $10,000,000 | Titanium Ventures | Threat Intel |
Mitiga | Funding, B | $30,000,000 | SYN Ventures | Detection/Response |
Hypori | Funding, B | $12,000,000 | UBS | Endpoint |
Oligo | Funding, B | $50,000,000 | Greenfield Partners | AppSec |
Eclypsium | Funding, C | $45,000,000 | Pavilion Capital | Firmware Security |
Knostic | Seed | $11,000,000 | Bright Pixel | AI/LLM |
Aryon Security | Seed | $9,000,000 | Viola Ventures | Vulnerability |
AIceberg | Seed | $10,000,000 | Sprout & Oak | AI/LLM |
Quantum Industries | Seed | $10,000,000 | Sparring Capital Partners | Quantum |
Hawcx | Seed | $3,000,000 | Engineering Capital | Identity |
Sola | Seed | $30,000,000 | S Capital | Platform |
Harmony Intelligence | Seed | $3,000,000 | Airtree Ventures | Vulnerability |
Orion Security | Seed | $6,000,000 | Pico Partners | Data |
Hunted Labs | Seed | $3,000,000 | Red Cell Partners | AppSec |
Protectt.AI | Seed | $8,800,000 | Bessemer | Endpoint |
Charm Security | Seed | $8,000,000 | Team8 | Fraud |
SplxAI | Seed | $7,000,000 | LAUNCHub | Vulnerability |
Flagright | Seed | $4,300,000 | Frontline Ventures | Fraud |
STYX Intelligence | Seed | $2,700,000 | Business Development Bank of Canada | Fraud |
Cybereason | Funding | $120,000,000 | Liberty Strategic Capital | Endpoint |
Straiker | Funding | $21,000,000 | Lightspeed Ventures | AI/LLM |
Crogl | Funding, A | $25,000,000 | Menlo Ventures | Automation |
VulnCheck | Funding, A | $12,000,000 | Ten Eleven Ventures | Vulnerability |
GetReal Security | Funding, A | $17,500,000 | Forgepoint Capital | Forensics |
Strike Security | Funding, A | $13,500,000 | FinTech Collective | PenTesting |
Cloudsmith | Funding, B | $23,000,000 | TCV | AppSec |
SpecterOps | Funding, B | $75,000,000 | Insight Partners | Vulnerability |
Botguard (now Blackwall) | Funding, B | $49,000,000 | Dawn Capital | Bot |
Tonic.ai | Funding, B | $35,000,000 | Insight Partners | Data |
Pentera | Funding, D | $60,000,000 | Evolution Equity Partners | PenTesting |
Island | Funding, E | $250,000,000 | Coatue | Browser |
Aura | Funding, G | $140,000,000 | Ten Eleven Ventures | Identity |
Coalition | Growth Equity | $30,000,000 | Mitsui Sumitomo | Cyber Insurance |
360 Privacy | Growth Funding | $36,000,000 | FTV Capital | OSINT |
According to SecurityWeek; Q1 2025 saw significant M&A activities with 45 deals only Jan 2025, 28 deals only Feb 2025, and 23 deals only Mar 2025.
Key Takeaways
Market Sentiment: The overall M&A market sentiment at the start of the year 2025 was bullish, saw a significant rise in cybersecurity M&A deals, as evident from the list above with 45 announced in January alone, reflecting a trend of strategic growth and innovation, driven by factors like declining interest rates and increased corporate confidence, suggesting a promising trajectory for future M&A activities. However, ended with slight uncertainty due to geopolitical changes and in particular announcements around Tariffs.
Service Integration and Expansion: Many acquisitions aimed to enhance service offerings, expand market presence, and improve client value propositions. For example, 1Password acquired Trelica to enhance its access management platform.
Geographical Expansion: Companies like Quorum Cyber expanded their global incident response capabilities through strategic acquisitions, such as Kivu Consulting.
Talent Acquisition: Acquisitions were also driven by the need to address skill shortages in technical domains, ensuring companies have the expertise needed to innovate and compete.
Technological Advancements: Deals focused on integrating advanced technologies like AI, cloud security, and endpoint management. For instance, Citrix acquired Unicon to enhance endpoint security.
Enhanced Cybersecurity Capabilities: Acquisitions aimed to strengthen cybersecurity capabilities, particularly in areas like threat detection and response. Darktraceโs acquisition of Cado Security is a notable example.
These takeaways highlight the strategic importance of M&A in the cybersecurity sector, driven by the need for innovation, market expansion, and enhanced security capabilities.
Cyber Incidents, Ransomware Attacks & Data breaches
The trend of significant data breaches continued throughout the quarter, emphasizing the ongoing cybersecurity challenges faced by organizations.
Here are few of the major companies that experienced incidents and or data breaches from Q1 2025:
Victim | Threat Actor | Business Impact |
Casio UK online store hacked to steal customer credit cards Source: BleepingComputer February 02, 2025 | Unknown | Between January 14 and 24, 2025, Casio UK's e-shop was hacked, potentially compromising credit card and customer information of those who made purchases during this period. |
GrubHub data breach impacts customers, drivers, and merchants Source: BleepingComputer February 03, 2025 | Unknown | GrubHub reported a data breach affecting the personal information of customers, merchants, and drivers after attackers accessed its systems through a service provider account. |
UK / British engineering firm IMI discloses breach, shares no details Source: BleepingComputer February 05, 2025 | Unknown | Firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems. |
Hospital Sisters Health System notifies 882,000 patients of August 2023 breach Source: BleepingComputer February 07, 2025 | Unknown | Hospital Sisters Health System informed over 882,000 patients of a data breach from an August 2023 cyberattack that exposed their personal and health information. |
HPE notifies employees of data breach after Russian Office 365 hack Source: BleepingComputer February 07, 2025 | IntelBroker | Hewlett Packard Enterprise (HPE) informed employees of a data breach by Russian state-sponsored hackers in a May 2023 cyberattack on its Office 365 email. |
PPL Electric Utilities Pennsylvania utility says MOVEit breach at vendor exposed some customer data PPL Electric Utilities Cyber Attack February 14, 2025 | Cl0p ransomware | A Pennsylvania utility company reported that basic customer data was exposed online in 2023 due to a vendor breach via a MOVEit software bug. PPL Electric Utilities said its core systems were unaffected, and the vendor notified them of the breach in June 2023. |
Finastra Fintech giant Finastra notifies victims of October data breach February 16, 2025 | "Abyss0" a name on the BreachForums | Finastra is notifying victims of a data breach after attackers accessed its systems in October 2024. An investigation revealed that an unauthorized party accessed a Secure File Transfer Platform (SFTP) between October 31 and November 8, 2024, obtaining certain files. The breach is linked to a post by "abyss0" on BreachForums, claiming to sell 400GB of data stolen from Finastra. |
Australian IVF giant Genea confirms hackers โaccessed dataโ during cyber attack Australian IVF Giant Data Breach February 19, 2025 | Termite ransomware | Genea reported a cybersecurity incident disrupting patient services and potentially exposing sensitive information. |
CarMoney Ukrainian hackers claim breach of Russian loan company linked to Putinโs ex-wife Source: The Record February 21, 2025 | Cyber Alliance | The pro-Ukraine hacking group, Cyber Alliance, claims responsibility for a cyberattack on Russian microfinance company CarMoney, linked to Putin's ex-wife, obtaining data on numerous borrowers, including Russian military and intelligence members. |
Orange Group confirms breach after hacker leaks company documents Source: BleepingComputer February 24, 2025 | Rey (HellCat ransomware) | A hacker claims to have stolen thousands of internal documents from Orange Group, including user records and employee data, and published details on a hacker forum after a failed extortion attempt. |
DISA USA US drug testing firm DISA says data breach impacts 3.3 million people Source: BleepingComputer February 24, 2025 | Unknown | DISA Global Solutions, a US background screening and drug testing firm, experienced a data breach affecting 3.3 million people. |
Rubrik rotates authentication keys after log server breach | Unknown | Last month, Rubrik revealed a breach of a server hosting log files, prompting the company to rotate potentially leaked authentication keys after detecting unusual activity. |
Stock Broker Angel One | Unknown | Indian brokerage firm Angel One reported a data breach affecting client information in its AWS account, leading to an over 11% drop in shares to a 52-week low on March 3. |
Carruth Compliance Consulting | Skira Ransomware | A December 2024 cyber attack on Carruth Compliance Consulting exposed the information of thousands of U.S. public school teachers and employees. Dozens of schools reported data breaches in several states, warning that sensitive data was stolen. The Skira Team, a new cybercriminal group, claimed responsibility, stating they accessed data from 36 public schools. |
NTT Communications Corporation | Unknown | Japanese telecommunication services provider NTT has alerted nearly 18,000 corporate clients about a data breach affecting its 'Order Information Distribution System,' which contained information on 17,891 companies, but no personal customer data. |
PowerSchool | Unknown | PowerSchool released a CrowdStrike investigation on its December 2024 data breach, revealing earlier hacks in August and September. The breach affected 6,505 school districts across the US, Canada, and other countries, compromising data of 62.5 million students and 9.5 million teachers. |
Western Alliance Bank | Clop Ransomware | Phoenix-based Western Alliance Bank reported that over 20,000 individuals' information was stolen last year due to a vulnerability in a popular file-sharing tool. The breach involved a third-party vendor and affected multiple organizations. Stolen data includes names, Social Security numbers, and sometimes dates of birth, financial account numbers, driver's license numbers, tax IDs, and passports. |
GitHub Action | Unknown | A supply chain attack starting with the compromise of "reviewdog/action-setup@v1" GitHub Action likely caused the breach of "tj-actions/changed-files," leaking CI/CD secrets. |
Dogequest | Unknown | The website "Dogequest" reportedly published personal information of Tesla owners in the U.S. to shame and intimidate them, amid Elon Musk's increasing government interference. Musk called it "extreme domestic terrorism" on X. |
Pennsylvania State Education Association | Rhysida Ransomware | A July 2024 cyber attack on the Pennsylvania State Education Association (PSEA) affected over 500,000 people. The breach exposed state IDs, Social Security numbers, financial and payment card details, passport numbers, taxpayer IDs, and health and medical data of current and former members and their dependents. |
Ascom, Jira | HellCat Ransomware | Swiss solutions provider Ascom confirmed a cyber attack by the Hellcat hacker group, which targeted Jira servers using compromised credentials. The hackers breached Ascom's technical ticketing system, claiming to have stolen 44GB of data potentially affecting all company divisions. The incident is under investigation. |
Sperm donation giant California Cryobank | Unknown | California Cryobank, a major US sperm donor, experienced a data breach in April 2024, exposing customers' personal information. The breach revealed names, bank details, Social Security numbers, driver's license numbers, payment card numbers, and health insurance information. |
China's Baidu | Human Error | Baidu denied an internal data breach after a top executive's teenage daughter posted personal details online. The company stated that employees are prohibited from accessing user data and that the information came from illegally obtained "doxing databases" on foreign platforms. |
Coinbase | Unknown | Researchers found that Coinbase was the main target in a recent GitHub Actions supply chain attack, where threat actors altered the action to expose CI/CD secrets and authentication tokens in GitHub Actions logs. |
Oracle | Rose87168, a BreachForums account name | Despite Oracle denying a breach of its Cloud SSO login servers and the theft of data for 6 million people, multiple companies have confirmed the validity of data samples shared by the threat actor. |
StreamElements | "Victim", a BreachForum name | StreamElements confirmed a data breach at a third-party provider after a hacker leaked samples of stolen data on a forum. The hacker claimed to have stolen data from 210,000 customers, including names, addresses, phone numbers, and emails, on March 20, 2025. |
Numotion | Black Basta group | Tennessee healthcare mobility provider Numotion experienced a data breach affecting nearly half a million individuals' sensitive information. |
NYU | Computer Niggy Exploitation | The hacker altered the NYU homepage with charts and links to student datasets categorizing standardized test scores by race. They claimed personal information was redacted but linked to four datasets containing personal data.information on NYU applicants, their citizenship status and more. |
Lafayette Federal Credit Union | Unknown | Lafayette Federal Credit Union in Maryland reported a data breach last year affecting over 75,000 individuals' sensitive personal information. |
Other notable data breaches are:
TalkTalk: A hacker claimed to have stolen data from approximately 18.8 million current and former customers, including names, emails, and phone numbers. The breach targeted a third-party supplier's system.
Gravy Analytics: Suffered a breach potentially exposing precise location data of millions of individuals through unauthorized access to their AWS cloud storage.
Unacast: Experienced a breach involving its data broker subsidiary, Gravy Analytics, with stolen files possibly containing personal data.
PowerSchool: A data breach affected schools across the U.S. and Canada, exposing sensitive student and staff information.
Medusind: A medical billing firm disclosed a breach affecting 360,000 individuals, exposing personal and health information.
BayMark Health Services: Notified patients of a data breach that stole personal and health information3.
Rosreestr: Hackers claimed to have breached the Russian property agency, leaking personal data, though Rosreestr denied the breach3.
Avery Products Corporation: Suffered a data breach after its website was hacked to steal credit cards and personal information3.
Wolf Haldenstein: Exposed personal information of nearly 3.5 million individuals in a data breach3.
Otelier: Experienced a breach exposing hotel reservations and personal information of millions of guests3.
Meta (WhatsApp): Confirmed a sophisticated spyware attack affecting WhatsApp users, including journalists and civil society members2.
DOD and Defense Contractors: Credentials were stolen in a breach impacting the U.S. Department of Defense and its contractors2.
IoT Data Breach: Exposed 2.7 billion records in a massive IoT-related data breach2.
HCRG Care Group: Suffered a ransomware attack2.
DISA Global: A data breach impacted over 3 million people2.
Palo Alto Networks: Confirmed exploitation of their firewalls2.
GrubHub: Disclosed a third-party data breach affecting customer, driver, and merchant data24.
Investment Research Firm: Data of 12 million customers was compromised.
Hereโs some stats on ransomware attacks targeting different industries and sectors:
According to State of Ransomware 2025 report by black fog: The year 2025 started with a record-breaking 92 disclosed ransomware attacks in January, a 21% increase over last year and the highest weโve recorded since we began tracking ransomware back in 2020. With 32 different ransomware groups behind the attacks, with RansomHub leading the way.
Record Crypto Theft: Hackers stole over $1.67 billion in cryptocurrencies in Q1 2025, a 303% increase from the previous quarter, with the Bybit hack being the largest.
Ransomware Surge: Q1 2025 saw a record number of ransomware attacks, with a 45% increase compared to Q1 2024.
Healthcare Targeted: Healthcare was the most targeted sector with 57 ransomware attacks in Q1 2025.
Data Exfiltration Rise: 95% of publicly disclosed ransomware attacks involved data exfiltration.
Ransomware Groups: RansomHub, Qilin, and Akira were among the most active ransomware groups in Q1 2025.
Malware Dominance: Malware remains the primary attack method, used in 66% of successful attacks against organizations.
Spyware Increase: Spyware use in attacks on organizations increased by 4 percentage points in Q4 2024.
Financial Motivation: 48% of successful attacks on individuals were financially motivated, up 18 percentage points from the previous year6.
Phishing Threats: Phishing attacks, including those using corrupted files and archive formats, remain a significant threat.
Cybersecurity Awareness: The need for heightened cybersecurity awareness among organizations and individuals continues to grow.
2024 Flashback - Going down the memory Lane
In case you missed and or want to know key insights from 2024, checkout the series here โ Q1 2024; Q2 2024; Q3 2024; and Q4 2024.
Other great must reads are; The State of the Cybersecurity Market in 2024 - an in-depth look at the cybersecurity market in 2024, focusing on AI's role, funding shifts, and investment trends shaping the industry.
Together with (Sponsor):
Learn how to make AI work for you
AI wonโt take your job, but a person using AI might. Thatโs why 1,000,000+ professionals read The Rundown AI โ the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
Updates - Guidance, Standards & Regulations!
Here are some of the updates on regulations and standards in the cybersecurity field from Q1 2025:
Hong Kongโs Protection of Critical Infrastructures (Computer Systems) Ordinance: Gazetted in March 2025, this law is set to take effect on January 1, 2026, but preparations began in Q1 2025 to enhance cybersecurity standards for essential services providers.
Chinaโs Cybersecurity Law Amendments: The second draft of amendments to China's Cybersecurity Law was released in March 2025, introducing stricter penalties, clearer enforcement mechanisms, and alignment with existing data protection laws.
Regulations on Network Data Security Management: These regulations took effect on January 1, 2025, in China, further refining the country's data compliance system.
Cyber Resilience Act (CRA): Adopted in 2024 but gaining attention in Q1 2025, the CRA aims to strengthen the EU's cybersecurity framework by setting standards for the security of connected products.
NIS 2 Directive: While technically in effect since October 2024, organizations were still implementing necessary changes in Q1 2025 to comply with its enhanced cybersecurity resilience requirements for critical infrastructure and key services across the EU.
Digital Operational Resilience Act (DORA): Set to take effect on January 17, 2025, DORA focuses on improving operational resilience in critical financial sectors within the EU.
Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is working on finalizing rules for this act, which mandates incident reporting for critical infrastructure entities.
EU Cybersecurity Standards: Ongoing efforts to enhance EU cybersecurity standards continued in Q1 2025, with a focus on improving digital resilience across various sectors.
Global Cybersecurity Initiatives: Various global initiatives, such as those by the World Economic Forum, emphasized the importance of training government staff in cybersecurity and establishing new data protection offices.
Cybersecurity Integration: Rapid integration of AI and cybersecurity, particularly in threat detection, was observed in Q1 2025.
Critical Infrastructure Focus: Renewed interest in critical infrastructure M&A due to global logistics stress.
Maritime Conflict Impact: Maritime conflict and infrastructure vulnerabilities prompted increased focus on critical infrastructure security.
Regulatory Updates: Ongoing regulatory updates aim to address emerging cybersecurity threats and vulnerabilities.
Standards Evolution: Cybersecurity standards continue to evolve to address new technologies and threats.
Global Cooperation: International cooperation on cybersecurity regulations and standards is increasingly important.
These updates reflect a global trend towards strengthening cybersecurity regulations and standards to address emerging threats and enhance digital resilience.
References:
Hong Kongโs new cybersecurity law gazetted.
Chinaโs Cybersecurity Law Amendments: Key Changes in Second Draft.
Cybersecurity threatscape: Q4 2024 โ Q1 2025.
Q1 2025 M&A Market Update from The McLean Group.
EU Cybersecurity & Data Protection Update Q1-2025.
5 Big Cybersecurity Laws You Need to Know About Ahead of 2025.
Artificial Intelligence (AI), Guidance & Regulations
AI-related cybersecurity investments in Q1 2025 showed significant trends and developments:
Increased Investment in AI Cybersecurity: AI integration in cybersecurity advanced rapidly, particularly in threat detection and response. Organizations continued to invest heavily in AI-driven cybersecurity solutions to enhance threat detection and response capabilities. This trend reflects growing concerns over sophisticated AI-powered attacks and the need for advanced defenses.
Agentic AI Adoption: There was a notable rise in discussions around agentic AI, which operates autonomously to achieve specific goals. This technology is expected to transform how businesses operate and defend against cyber threats.
Generative AI Integration: The integration of generative AI models into cybersecurity strategies became more prominent. These models can help predict threats and automate vulnerability assessments, but also pose risks if misused.
CEO Prioritization: CEOs increasingly emphasized AI as a critical area for investment, with AI discussions being the second most common topic in earnings calls during Q1 2025.
Budget Allocation: UK organizations planned to increase cybersecurity budgets by an average of 31% in 2025, reflecting a broader trend of heightened investment in AI-enhanced security solutions.
AI-Driven Threats: The use of AI by threat actors to launch sophisticated attacks was a major concern. This necessitates the development of AI-driven defense strategies to counter such threats.
Regulatory Focus: There was a growing emphasis on ensuring the secure deployment of AI technologies, with many organizations lacking adequate safeguards for AI infrastructure.
Leadership in AI Initiatives: Chief Information Officers (CIOs) took a leading role in AI initiatives, indicating a shift towards more technical leadership in AI adoption.
ROI Pressure: Despite increased investment, there was pressure to demonstrate the return on investment (ROI) for AI initiatives, particularly in the context of cybersecurity.
Global Outlook: The World Economic Forum emphasized AI and machine learning as crucial to next year's cybersecurity, advocating for a balanced approach that integrates AI safely into organizations while managing risks and opportunities.
Generative AI Applications: U.S. Cyber Command saw significant benefits from generative AI in threat detection.
AI-Driven Threats: AI-powered attacks are becoming more sophisticated, requiring advanced defenses.
Regulatory Frameworks: Developing regulatory frameworks for AI in cybersecurity is a growing priority.
Ethical AI Use: Ensuring ethical use of AI in cybersecurity is crucial to prevent misuse.
AI-Enhanced Phishing: AI can enhance phishing attacks, making them more sophisticated and targeted.
AI for Incident Response: AI is increasingly used to improve incident response times and effectiveness.
AI Training Challenges: Training AI models for cybersecurity requires large, diverse datasets.
Legislative and Regulatory Developments
U.S. Federal AI Legislation: Congress introduced several AI bills on national security, workforce skills, AI supply chain resilience, and fraud prevention. The Senate passed the "TAKE IT DOWN" Act to ban nonconsensual AI-generated deepfake imagery. The House reintroduced the "CREATE AI" Act to establish the National AI Research Resource for advancing innovation.
California AI Advisories: Californiaโs Attorney General clarified that consumer protection, civil rights, competition, and privacy laws apply to AI, stressing compliance to prevent bias. A separate advisory mandates AI in healthcare to adhere to patient privacy and autonomy laws.
EU Artificial Intelligence Act Rollout: In February 2025, the EU started enforcing its AI Act, categorizing AI systems by risk and banning high-risk practices like social scoring and unauthorized biometric ID. The Act mandates AI literacy for providers and deployers and enforces strict data protection in line with GDPR.
U.S. Executive Order on AI: In January 2025, a U.S. executive order emphasized maintaining global AI leadership with a focus on innovation free from ideological bias, promoting AI infrastructure development and international pro-innovation policies.
AI Literacy and Governance: The EU AI Act and related reports stress the need for AI literacy among developers and users and the implementation of cybersecurity measures such as data minimization and privacy by design to comply with GDPR and AI regulations.
Emerging AI Cybersecurity Threats and Defense
AI-Powered Cyberattacks Surge: In Q1 2025, sophisticated AI-driven attacks like deepfake phishing, adaptive autonomous malware, and AI-enhanced social engineering increased. Organizations are advised to use AI-powered threat detection, train employees on AI threats, and implement strong authentication to reduce risks.
DeepSeek R1 Impact: DeepSeek's open-source AI model R1, released in January 2025, gained popularity for its high performance and low cost but exposed major cybersecurity vulnerabilities, including jailbreak attack susceptibility. Its widespread use led to an 1800% increase in related security platform traffic, highlighting risks of shadow AI and unauthorized data access.
Adaptive Attack Strategies: DeepSeek R1 and similar models allow attackers to combine multiple attack vectors and adapt tactics based on target responses, challenging defensive cybersecurity technologies.
AI Security Integration: Leading tech companies like Microsoft, Amazon Web Services, and Cerebras swiftly integrated DeepSeek R1, highlighting the importance of securing AI leadership through reliability and trust, beyond just accessibility.
AI is transforming cybersecurity in Q1 2025 by driving new laws, increasing threat sophistication, and pushing organizations to adopt advanced AI defenses and governance.
References:
WEF Global Cybersecurity Outlook 2025.
What CEOs talked about in Q1 2025: Tariffs, rising uncertainty, and agentic AI.
Cyber Security 2025 Predictions: Trends and Challenges to Watch by aztech.
Cybersecurity threatscape: Q4 2024 โ Q1 2025.
Q1 2025 M&A Market Update from The McLean Group.
KPMG AI Quarterly Pulse Survey: What executives are saying now.
Quarterly AI Update | Q1 2025 by Arnontl.
U.S. Tech Legislative & Regulatory Update โ First Quarter 2025.
How CISOโs role is evolving in 2025
The role of the Chief Information Security Officer (CISO) in 2025 and beyond is evolving rapidly from a primarily technical function to a strategic, multifaceted leadership position that integrates cybersecurity deeply with business objectives and risk management. Key aspects of this evolution include:
Strategic Business Leadership - CISOs are now strategic business partners, aligning cybersecurity with business goals to enhance resilience and value. They collaborate with C-suite leaders to secure budgets and promote a security-focused culture.
Expanded Accountability and Personal Liability - Regulatory scrutiny is increasing, and CISOs are more accountable for cybersecurity outcomes, facing legal, financial, and reputational risks. They need to clearly understand and mitigate cyber risks, often with responsibility but limited authority, navigating complex governance and compliance challenges.
Mastering Communication and Influence - Effective communication is crucial for CISOs, who must translate technical risks into business terms for executives, align security goals with organizational priorities, and secure investments. They also serve as the public face of security, fostering customer trust and managing third-party and supply chain risks.
Adoption of Advanced Technologies - CISOs are tasked with adopting AI and machine learning for improved threat detection, automated responses, and managing expanding attack surfaces like cloud and IoT. Zero Trust Architecture and AI-driven security platforms are now key to their cybersecurity strategies.
Navigating a Complex Threat Landscape - CISOs must adapt to sophisticated threats like AI-powered attacks and ransomware by consolidating security tools into unified platforms, reducing complexity, and enhancing operational efficiency.
Focus on Regulatory and Compliance Expertise - CISOs must keep up with global regulations, ensuring compliance and integrating cybersecurity with GRC frameworks, while managing challenges like shadow AI and AI-related data privacy concerns.
Talent Management and Upskilling - Addressing the cybersecurity skills gap is a priority, with CISOs investing in upskilling, cross-training, and automation to focus teams on strategic tasks.
Summary
In 2025, the CISO role is a high-profile, high-accountability position that blends technical expertise with strategic business leadership, regulatory savvy, and advanced technology adoption. CISOs are pivotal in securing digital trust, driving organizational resilience, and enabling business growth amid an increasingly complex and dynamic cyber threat landscape.
References:
How CISOs Will Navigate The Threat Landscape Differently In 2025.
Six ways CISO role is changing in 2025 (And what to do about it).
CISO Outlook for 2025 by SecurityWeek.
CISOs in 2025: Evolution of a High-Profile Role.
Securing Things Academy: (coming soon)
IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list โ here.
Checkout a brief overview below:
Post from Past - My notes from a Ted Talk
I posted on LinkedIn on 10 Aug 2024 on ๐ Motivational Snippet ๐
๐ Saw a great Ted Talk titled: How to speak๐so that people want to listen ๐ข (by Julian Treasure | TED TALKS) (41M+ views) and wanted to share with all.
Many of us (myself most definitely) especially in #Cybersecurity / #Technology community, struggles with clear speech and need to learn from and adopt techniques for a better speech capability.
๐Here are the key takeaways as powerful tips ๐ to consider and remember.
โก Habits to move away from --> Problem with most speech today:
The 7 Deadly Sins:
-> Gossip | Judging | Negativity | Complaining | Excuses | Lying | Dogmatism.
๐All above to be avoided.
๐Results in -> most not listening.
๐Creates -> Noise | bad acoustics.
To deliver really powerful speech:
โก Adapt HAIL (to greet or acclaim enthusiastically):
๐H = Honesty - be clear and straight
๐ A = Authenticity - be yourself
๐ I = Integrity - be your word
๐ L = Love - wish them well.
โก Toolbox that very few of us have opened on the subject of -> How to speak:
๐ Register = speak through the chest (instead of nose and or throat) - with power & authority
๐ Timbre = way your voice feels - can be trained - through voice coach.
๐Prosody = break habits for being monotone and avoid repetitive questioning prosody.
๐ Pace = finding the balance of how fast and slow you want to be and where.
๐ Pitch = goes along with Pace. May change the meaning in delivery with change of pitch.
๐ Volume = choice the right levels for the right emotions.
Whether presenting a talk, pitching a proposal (professional or marriage) and or asking for raise etc.
โก Few warm up exercises before speaking: (watch the video for exact illustration - starting at 7:55 mins)
deep breath in - arms up - open wide and say - huhhhh - breathing out and arms going down
warming lips - Baah baah baah baahโฆ
burrrrhhhhhhhh
exaggerated la la la laโฆ
rolling r -> crrrhhhโฆ
we (high) oh (low)..
What it would be like if we are:
-> Speaking ๐ช powerfully and people are listening consciously in environments that are actually fit for purpose -> Creates -> designed | soundscapes
Make it more larger - what it would be like if we are: -> Creating and Consuming sound Consciously -> Results in Designing our environment consciously
๐That's where the WORLD does sound beautiful and where our understanding be the Norm.
โก An idea worth spreading so that it may change the world ๐
๐ Have a great week ahead.
In case youโve missed - here are some of my recent most viewed social posts.
๐ฐ [ST # 61] โ My list of IT-OT & Cybersecurity, Leadership, Productivity, Personal Development, and Money/Business books - must read for Cyber Leaders and Practitioners. Few updates on OT Security conference, & more.๐ [Securing Things by M. Yousuf Faisal] ๐ฐ
๐ข [ST #60] All Series Index - Securing Things ๐ขโ IT, OT & AI Cybersecurity โ Program, Digital Factory, Guides, Standards, Crash Courses, Quarterly Insights & more.๐ [Securing Things by M. Yousuf Faisal] ๐๏ธ๐๏ธ๐๏ธ
Cybersecurity and AI Across the Industrial Automation Stack - Monthly Digest # 1 - โ Industry Trends, Market Insights on cybersecurity and AI across the layers of industrial automation stack (Cloud, ERP, DMZ, MES, SCADA, HMI, PLC/Edge), physical devices & more.๐ [Securing Things by M. Yousuf Faisal].
ISA/IEC 62443 Standards - Part 5 - Security Program Elements (SPEs) for 62443-2-1:2024, Upcoming Asset Owner ACS Security Assurance (ACSSA) Certification Scheme to ISA/IEC 62443-2-1, 2-4, 3-2, 3-3 by ISCI, CISO's role, other interesting reads.
The Digital Factory (Data Flow) - Part 2 Industry 4.0 data/event driven data flows and security considerations and how's CISO's role is evolved in OT security.
Cybersecurity & Data Privacy for Hong Kong - HK Cybersecurity Market, upcoming Critical Infrastructure Bill 2024 regulations, Data Privacy Program Core elements, HK markets and more.
Ways in which I can help?
Whenever you are ready - I can help you with:
A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.
B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.
C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.
Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.
D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.
Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.
โ๏ธ Wrapping Up
Have questions, comments, or feedback? Just reply directly, Iโd love to hear from you.
Also, if you find this or previous newsletter edition(s) useful and know other people who would too, I'd really appreciate if you'd forward it to them. Thanks a ton.
Thanks for reading - until the next edition!
Itโs a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
Rate the newsletter contentDid you find the content valuable? |
If you are reading this online donโt forget to register; validate your email, and request a login link to submit the poll.
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.
Reply