Gartner’s Top Cybersecurity Trends of 2025 report highlighted the transformative influence of generative AI and the growing need for organizations to balance threat prevention with cyber resilience.
Gartner announced its top trends Monday during the Gartner Security & Risk Management Summit in Sydney, Australia. The full trends report, available for Gartner clients, outlines nine major trends, covering overlapping themes of enabling transformation and embedding resilience.
1. GenAI is shifting data security strategies
The need to protect and manage both GenAI training data and data produced by AI is changing many organizations’ approaches to data security. GenAI contributes to an increased prevalence of unstructured data, such as text and images, as opposed to the structured data of traditional databases. Therefore, there is a growing demand for data security posture management (DSPM) solutions equipped to keep up with the unique needs of booming GenAI use.
The use of synthetic data for AI training is also emerging as an alternative to traditional methods for anonymizing training datasets. Synthetic data is generated by AI models and mimics real-world data, increasing the availability of training data while decreasing the risk that sensitive real-world data may be unintentionally exposed by AI models.
Organizations, especially in highly regulated industries like finance and healthcare, may consider the use of synthetic data to avoid training models on sensitive datasets, but must ensure proper supervision of data generation to avoid errors, bias and degradation of model performance.
2. Organizations are ‘centralizing to decentralize’ risk management
Relying on a single, centralized authority for cyber-risk decision-making is becoming less practical and organizations are increasingly looking to enable resource owners to make autonomous cyber-risk decisions with more flexible centralized oversight.
Gartner‘s 2022 Gartner Shifting Cyber-security Operating Model Survey found that 57% of respondents sought to make resource owners directly accountable for the cyber risk associated with their resources, while 55% said they were centralizing cyber-risk decisions in an enterprise security steering committee. This suggests a movement toward “centralizing to decentralize” by establishing expectations that independent cyber-risk decisions made by resource owners are not made in isolation, but with consideration for the potential impact to the wider organization.
In 2025, Gartner recommended establishing an enterprise security charter to document resource owner responsibility and accountability when it comes to cyber-risk decisions made throughout the organization.
3. Securing machine identities is more important than ever
Organizations are recognizing the need for robust identity and access management (IAM) strategies to protect machine identities, such as service accounts, automation tools and AI agents, from attacks that can lead to unauthorized access and major data breaches. Up to 85% of identity-related breaches are caused by hacking of machine identities, according to ReliaQuest, and Gartner’s 2024 IAM Leadership Survey found that 54% of organizations saw an increase in overall identity breaches.
These trends emphasize the importance of having full visibility over an organization’s machine identities and implementing IAM policies that establish responsibility and accountability for the management and protection machine identities and credentials.
4. Security leaders shifting focus from prevention to resilience
There is a growing recognition among security and risk management (SRM) leaders, and business leaders as a whole, that cyber incidents are not 100% preventable, allowing for an increased focus on resilience, recovery and business continuity in cyber-risk strategy. By balancing proactive threat deterrence with resilience and recovery measures like increased cyberstorage for data backups and cyber incident communication strategies, leaders can aim for better business outcomes rather than unrealistic “zero tolerance” prevention.
5. Cybersecurity technology optimization trumps consolidation
With thousands of different cybersecurity vendors and products to choose from, SRM leaders face a “paradox of choice” when determining the right combination of tools to adopt for their organization’s cyber defense, according to Gartner. With the average large organization using 43 different tools, according to the 2023 Gartner Technology Adoption Roadmap for Large Enterprises Survey, and 69% seeing an increase in tools from 2022 to 2023, many may consider consolidating to one or a few select vendors rather than managing a complex and varied portfolio.
However, overreliance on a single vendor can present its own risk, for example, if the vendor is compromised or faces a major outage. In 2025, many SRM leaders are optimizing their tool suite with a combination of consolidation in some areas and adoption of point solutions in others. Standards like the Open Cybersecurity Schema Framework (OCSF) can help business strategies and maximize their cybersecurity coverage while avoiding overcomplication or overconsolidation of their toolset.
6. Tackling burnout an important aspect of cyber defense
Burnout among cybersecurity professionals is an ongoing problem, leading to employee turnover and negative cybersecurity outcomes. Gartner’s Peer Community Survey found that 62% of cybersecurity leaders have experienced burnout, and a 2024 study by Hack The Box found that 90% of CISOs were concerned about stress, fatigue and burnout affecting their team’s well-being.
Furthermore, 83% of respondents to Devo’s Cybersecurity Burnout Survey said burnout in their workplace has led to errors resulting in a security breach, and 46% of cybersecurity professionals cited high stress as a reason for leaving their role, according to ISACA’s State of Cybersecurity 2024 report.
Organizations are tackling burnout in a variety of ways in 2025, including by investing in personal resilience programs specifically tailored for cybersecurity staff. Gartner predicts that, by 2027, organizations that invest in these programs will see 50% less burnout-related attrition compared to those that don’t.
7. Taking a tactical approach to AI
SRM are now growing past the initial GenAI hype of 2023 and narrowing their focus more strategically on implementations that can achieve demonstrable results. Gartner expects that hype surrounding AI agents will peak in 2025, and organizations can take advantage of this boom by focusing on the ways AI can be integrated into existing workflows to improve cybersecurity rather than rushing to replace their current methods with AI.
Leaders should have realistic expectations about what they can achieve with AI and establish long-term plans to gradually implement new AI technologies while measuring outcomes using established cybersecurity metrics.
8. Security behavior and culture programs gaining more traction
Security behavior and culture programs (SBCPs) go a step beyond traditional security awareness programs by putting greater emphasis on behavioral psychology, user experience and sources of human error other than phishing, such as insecure coding practices, system misconfiguration and installation of untrusted software. Organizations are increasingly recognizing the value of SBCPs and the integration of GenAI to improve and personalize program content is expected to reduce employee-driven cybersecurity incidents by 40% by 2026 for business that use these programs, according to Gartner.
9. Third-party GenAI use a source of supply chain risk
Leaders need to not only consider the risk of GenAI use within their own organization, but also the risks that can arise from GenAI use by third parties they work with. Businesses may not be aware of the ways third-party partners are using GenAI and what the associated security and privacy risks may be; additionally, many organizations rely on third parties to expand their own GenAI capabilities.
Organizations should seek visibility into third-party GenAI decisions and how this may impact data shared with third parties. Gartner’s Generative AI 2024 Planning Survey found that when SRM leaders are included in the planning of GenAI feature and third-party GenAI tool adoption, they are 1.35 times more likely to prevent data exfiltration attempts and external unauthorized access, emphasizing the importance of incorporating security and risk management into these business decisions.
