Info-Tech Research Group published its Security Priorities 2025 report, highlighting actionable strategies to operationalize AI security, strengthen identity management programs, and prepare for the challenges posed by quantum computing and other emerging risks.
The report highlights the continued escalation of sophistication and frequency of cyber threats, which has put immense pressure on cybersecurity leaders to adapt and protect their organizations. The global IT research and advisory firm advises that this risk environment demands that organizations shift from reactive measures to more proactive strategies that can address emerging threats, such as artificial intelligence (AI)-powered attacks and quantum computing risks.
“The world of cybersecurity is undergoing a seismic shift, driven by the rise of AI-powered threats, increasing regulatory requirements, and advancements in quantum computing,” says Ahmad Jowhar, research analyst at Info-Tech Research Group and lead author of the report. “Cybersecurity leaders must not only defend against these threats but also embrace forward-thinking, proactive measures. A diversified training program to enhance employee awareness of AI-driven threats and a security strategy aligned with industry regulations form the backbone of a resilient and adaptive security posture.”
Five critical priorities include:
- Operationalize AI Security: with AI adoption accelerating, organizations must establish responsible AI governance to mitigate security and privacy risks while leveraging AI capabilities to enhance security operations. Developing clear policies for secure AI deployment and assessing potential vulnerabilities are essential steps.
- Strengthen Identity & Access Management (IAM): as identity-based attacks rise, modernizing IAM programs is vital. Implementing zero-trust security models, risk-based authentication, and continuous identity verification can help protect sensitive assets and reduce exposure to unauthorized access.
- Build a Resilient Vendor Security Management Practice: third-party risks remain a significant concern. Cybersecurity leaders are encouraged to adopt a risk-based approach to vendor security assessments, establish continuous monitoring processes, and foster collaboration with stakeholders to address supply chain vulnerabilities.
- Defend Against Deepfakes: Deepfake technology is emerging as a significant threat. Organizations must invest in training and technology solutions to detect and mitigate deepfake-driven attacks while establishing policies to verify suspicious activities and protect critical assets.
- Prepare for a Post-Quantum Era: Quantum computing poses a long-term threat to current encryption methods. Developing quantum-resilient cryptographic strategies and conducting risk assessments will ensure organizations are prepared for the eventual impact of quantum advancements.