As 2024 comes to a close, the data security landscape has given us plenty to celebrate—and plenty to learn from. On the positive side, advances in artificial intelligence and cloud-native solutions have empowered organizations to protect their data with greater speed and precision. Intelligent insights gathered from backup data facilitated tighter collaboration between IT and security teams, leading to faster incident response workflows and proactive threat prevention.
However, the year was not without its challenges. Businesses faced a relentless onslaught of ransomware attacks and growing concerns around the ethics and risks of AI integration. The rising costs of managing data security incidents also pushed organizations to rethink their strategies, with an increased focus on resilience and cost efficiency.
As we step into 2025, the data security landscape is set to evolve at an unprecedented pace. From the next step in AI ethics and transparency, to the potential first major AI data breach and heightened focus on managed service models, the year ahead will continue to redefine how organizations approach data security.
Druva leaders CTO Stephen Manley, CSO Yogesh Badwe, and SVP of Global Partners & Alliances Michael Houghton share their predictions to help you get a broader perspective of what 2025 has in store for AI, tech, and data security.
AI Predictions
1. Ethics in AI Will Take a Step Forward in 2025
In 2025, geopolitical turbulence will continue and misinformation is likely to thrive. It’s unlikely that new data privacy and AI policies will be passed and enforced in 2025, so customers will expect businesses to take responsibility for ethics in AI. As companies incorporate AI into their products, they have a responsibility to protect what and how AI uses customer data, especially as it relates to sensitive data. Businesses will need to invest in ethical AI development, with an emphasis on transparency because AI adoption will directly correlate to the amount of trust that customers have in it.
2. Expect the First Data Breach of an AI Model
Pundits have frequently warned about data risks in AI models. If the training data is compromised, entire systems can be exploited. While it is difficult to attack the large language models (LLMs) used in tools like ChatGPT, the rapid rise of lower-cost, more targeted small language models (SLM) makes them a target. The impact of a corrupt SLM in 2025 will be massive because consumers won’t make a distinction between LLMs and SLMs. Breaches will spur the development of new regulations and guard rails to protect customers.
3. Use of Synthetic Data Will Give Birth to New Risks
For AI to produce valuable results, it needs to be trained on good data and rigorously tested with prompt engineering. The business temptation is to use customer data to train AI models – but that causes a myriad of problems like data compliance breaches, higher impact of cyber risk, and higher likelihood of data leakage. To effectively combat these challenges, businesses will turn to synthetic or training data that AI models generate in order to maintain safety best practices during the training process. This, however, will create new risks, since the synthetic data can create a feedback loop that will exacerbate any bias in the data. Consequently, companies will need to invest in transparency and increase the rigor in reviewing their AI-generated output.
4. 2025 Will be The True Year of AI
The question and challenge most businesses are exploring is: how do you monetize AI? Instead, the question should be: How can AI demonstrate ROI across every use case? AI is increasingly being woven into the fabric of every product, and its implementation mirrors the paradigm shift from legacy to cloud products and technologies. Perhaps new AI business models will triumph (hello, agentic AI), but over the next year, businesses – and especially partners – need to be able to address how AI is used in-product and what ROI means for customers. There’s too much noise in the market, and those proof points will differentiate tangible solutions (and expertise) from future promise.
Data Security Predictions
5. Ransomware Will Continue to Make Headlines in 2025
Data breaches continue to increase – but it’s not for a lack of effort in threat prevention. In fact, in the past year, Gartner forecasted that global information security end-user spending would reach $183.9 billion. The reality is that businesses need to stop throwing money at traditional security tools and turn their focus to new strategies instead. Security at the data level is a fundamental way to minimize threats and mitigate impact, and we’ll see the channel community rally around modern data security solutions to a) help customers protect their most valuable assets and b) tap into new avenues of revenue growth.
6. Federal Regulations Will Codify Security Standards
The volume of ransomware attacks and data breaches have continually shifted blame back and forth from companies to CISOs as we try to mitigate breaches and assign accountability. However, what’s truly needed are consistent security standards to agree as an industry on what constitutes appropriate security standards. The president-elect has several Silicon Valley advisors who will finally help institute the appropriate security measures, and we’ll see GAAP-like security standards emerge in the coming years. That should be viewed as a positive step forward for security, but the real work and debate will comprise what enters into the to-be-created standard.
7. Security Gaps Will Arise From Non-Human Entity Data Access
Many are aware human errors can cause simple mistakes that hackers can take advantage of. But what about non-human “errors?” In 2025, non-human entities – such as automated bots with credentials (think: connecting an app to Slack, Google Drive, or calendar) – will become the focal point of a new set of attacks. Rather than “errors,” these non-human entities sometimes have unfettered data access that can be exploited. When combined with a continued dependency on legacy systems, threat actors will wreak havoc and profit off lackadaisical security and lapses in data access.
8. Supply Chain Attacks Will Increase Due to Unfiltered Data Access
In the next few years, we’ll see more supply chain-related compromises involving critical infrastructure, likely led by small third-party IT or OT vendor products. Threat actors are evolving their tactics to swim upstream from smaller partner vendors, and businesses need to keep an eye on emerging leverage and pressure points that introduce wider attack surfaces. While data access seems like a simple point to defend, the reality is risk vectors are constantly changing and require the right data security strategies and policies to protect. In 2025 and beyond, data access will resurface as a top business priority to defend.
SaaS & Cloud Predictions
9. Data Risks of SaaS Apps Will Start Getting Attention
A reckoning is coming for SaaS apps as businesses seek to understand how these apps use sensitive data and introduce potential security risks. We’ve seen supply chain threats emerge downstream as a result of overlooked data access, and IT leaders will scrutinize the interconnected nature of SaaS apps to mitigate potential risks. Sophisticated cyber attacks are accelerating this process, and we’ll see industry demand for robust data protection skyrocket.
10. More Businesses Will Shift to a Managed Service Provider (MSP) Business Model
For as long as businesses have existed, customer preferences have dictated success. And in 2025, customers will vastly prefer consumption-based pricing in efforts to make total cost of ownership more efficient. However, that approach doesn’t always work at scale, and large enterprises are increasingly choosing managed services to free internal resources to focus on profit-driving activities versus software maintenance and upkeep. This bodes well for partners, who will see increased opportunity and margins across their SaaS-based offerings.
Step Into 2025 Secure & Prepared
As we look ahead to 2025, one thing is clear: the intersection of AI, security, and data risks will shape the future of business and technology in profound ways. From ethical AI adoption to new threats like non-human entity attacks and supply chain vulnerabilities, companies will face both challenges and opportunities in protecting their data and building trust with customers.
The coming year will demand a renewed focus on transparency, innovation, and proactive security strategies to stay ahead of evolving risks. Businesses that embrace these changes, invest in comprehensive data security, and prioritize measurable AI value will set themselves up for success.
Next Steps
Start the new year securely by identifying and understanding your organization’s security gaps with the help of Druva’s Cyber Resilience Maturity Model. Download our white paper to assess your current level and uncover blind spots to strengthen your overall cyber resilience. Here’s to a year of progress, resilience, and working smarter, not harder!