Cyber Top Trends for 2025: Insights from Datos

Datos Insights recently shared their latest research on Cyber Top Trends for 2025. 

Unsurprisingly, artificial intelligence (AI) is a big deal – and staying vigilant and informed is more important than ever. 

Here’s a rundown of the eight trends that made the list this year:

1. Governance, Risk, and Compliance (GRC): GRC Financial Services (FS) firms are gearing up to invest heavily in AI-enabled cyber GRC solutions for the board. Chief Information Security Officers (CISOs) are focusing on enhancing their board of directors' oversight of cybersecurity risks by using artificial intelligence (AI) technologies that turn technical jargon into board-level business stories. For instance, explaining how cyber risk can lead to liability risk for the board, potentially resulting in lawsuits or penalties from the SEC.
2. Cloud Security: As Dato consultants say, “Complexity is the enemy of cybersecurity.” In 2025, CISOs will prioritize cloud security improvements. AI tools are proving more effective for cybercriminals than their targets, so CISOs plan to invest in cloud-native application protection platforms and security measures across multiple cloud deployments. There's also a trend toward consolidating and reducing the number of security monitoring tools to lighten the workload.
3. Dodd Frank 1033 Rule – Consumer Access to Financial Records: The final rule from the Dodd Frank Consumer Financial Protection Bureau is speeding up API security deployments to support open banking and clustering of banking services. APIs are a prime target for cybercriminals aiming for account takeovers and fraud – resulting in CISOs prioritizing efficiency and risk management over mere regulatory compliance or growth-driven security improvements.
4. Cyber Collaboration: As cyber threats from nation-states and organized crime evolve, new accountholder identity management and threat intelligence solutions are creating opportunities for better teamwork between the financial crimes/fraud, cybersecurity, and AML/identity management teams. Based on this trend, you can expect more integration in the coming year.
5. Customer Identity Management: Fraud is growing faster than real-time payments worldwide – with account takeovers via phishing becoming a major concern. To combat fraud and improve fraud detection rates, financial service firms plan to deploy modern customer identity solutions – as fraud prevention teams often struggle with siloed solutions and low-quality consumer identity, MFA, and account-based risk profiles.
6. Data Governance to Increase Protection of Sensitive Data: There's a shift from focusing solely on defending against data theft to prioritizing the limitation of data access and minimizing the impact of breaches. As a result, CISOs are looking for data security posture management solutions to protect against data breaches. Phishing attacks targeting employees to gain access to sensitive data are a top concern for banks and credit unions, along with ransomware and data breaches, which are major concerns for business executives. Automating data discovery and classification with AI can simplify operations and boost the efficiency of data governance and access management while implementing zero trust, usage, and file integrity monitoring are essential for successful data governance.
7. Managed Detection and Response (MDR): As detection expands across the computing environment, alert fatigue becomes an issue. To address this, CISOs are re-evaluating MDR solutions to meet resilience and SecOps needs. With more source feeds requiring interdisciplinary assessment skills, detection and response orchestration needs cross-team resources and collaboration, including legal expertise. This interdisciplinary knowledge is also expanding boardroom requirements, shifting the focus from the perimeter to insiders. Intrusions at multiple stages are also pushing the need to expand the detection surface area – meaning monitoring products are taking in more data feeds.
8. Pseudo Platforms: True security platforms stand out from pseudo-platforms. While many security platforms claim to offer integrated risk capabilities, not all are created equal. This discrepancy is especially important for CISOs to consider. There's a wide range of maturity among security vendor platforms. Less mature platforms, often driven by marketing, are pseudo-platforms, while more mature platforms leverage common tech stacks and data lakes analyzed by AI. In between, there's a wide spectrum. When evaluating vendors, look for those that can deliver integrated data feeds and reporting. Data integration, correlation, and machine learning are key indicators of a mature platform.

Is your financial institution proactively addressing cybersecurity challenges expected in the new year? Learn more about enhancing your cybersecurity posture to confidently serve your accountholders.