Data deregulation to AI protection: Security priorities in 2025

The cyber threat landscape continues to evolve rapidly, urgently affecting businesses across all sectors — with 40% of recently surveyed executives and CISOs sharing that they have publicly reported a staggering six to ten cybersecurity breaches over the past year. As business leaders look to protect organizational and user data from damaging cyberattacks, and safeguard their own company’s reputation for safety and security, 2025 will be a pivotal year in how organizations approach data security and AI adoption. With AI implementation expected to continue to heat up in 2025, there will certainly be an increase across industries in IT budget dedicated to AI initiatives.

In tandem, we’ll continue to see shifts in how governments advance data regulation — with divergence in policies taking shape on the national and local levels. Global differences in how countries are approaching these laws are already apparent. In the European Union, policies like GDPR set far-reaching, strict protections for the use of consumer and AI data — while there is currently no federal regulation in the United States for the use of AI data in place. With this in mind, below are my predictions for what organizations and governments will be prioritizing and paying close attention to in data security this year: 

Varying data regulation approaches

The regulatory landscape for cybersecurity is at an interesting inflection point globally. While the United States is trending towards deregulation, Europe continues to take a stronger stance on American companies through mechanisms like GDPR. The U.S. has recently taken a regionalized approach to data and AI policies — with regulations like the Colorado AI Act and California Consumer Privacy Act introduced in 2024. In response to this interplay, security leaders and organizations should expect divergence in data regulation to increase, with countries beginning to develop more localized data governance strategies that challenge global data management norms.

Particularly in Europe, we’re seeing cybersecurity regulations emerging that will be as transformative as GDPR was for organizations doing business in the EU — including the Cyber Resilience Act as well as the EU AI Act. The EU AI Act — proposed to take effect as early as February 2025 — introduces clear requirements for developers and deployers of AI regarding its use, as well as a uniform regulatory and risk framework for organizations and agencies to follow. These regulations will fundamentally reshape how companies approach their defense-in-depth strategies throughout 2025 and 2026.  

Shifting to a ‘data sovereignty first’ security strategy

With the emergence of an increasingly regional and national approach to data regulation, we’ll witness the rise of a ‘data sovereignty first’ mentality in cybersecurity and privacy laws, and within organizations. In the years ahead, more countries will implement national-specific data protection regulations, prioritizing regional data control and creating complex compliance landscapes for multinational organizations. In response, businesses will also adopt a ‘data sovereignty first’ mindset themselves — upskilling teams on emerging regulations, prioritizing advanced and localized data classification and governance policies, and enforcing stricter data access and sharing controls to meet local specifications. 

Although new regulations introduce more in-depth compliance protocols, this shift will actually strengthen organizations’ security posture immensely — holding companies accountable to demonstrate real implementation rather than just documentation. The alternative — having outdated or generalized security policies that leave a company vulnerable — is far more dangerous in today’s threat landscape. When businesses are required to prove security controls are working as intended, it drives meaningful improvements throughout the organization.  

Maturing their AI security strategy

As we’ve seen organizations widely adopt AI tools throughout 2024 and increase their budget for the technology, we’ll continue to see digital maturity quickly advance to empower safe and effective implementations. Through 2025, growing generative AI adoption will cause a spike in the cybersecurity resources required to secure it, resulting in a more than 15% incremental spending increase on application and data security. To power ROI when it comes to AI investment, business leaders will prioritize the advancement of data governance, management, and resilience strategies to drive success and secure the use of these tools.

Skyrocketing AI adoption, paired with the increasing intricacy of the global data regulation landscape, tells us one thing — implementing advanced data governance, management, lifecycle management, and resilience strategies and tools should be every enterprise’s priority in 2025 and beyond. Realizing the benefits of AI tools — while ensuring that data is safe from emergent cyber threat — starts with treating data security as a top business priority in the years ahead.