Back Regulatory approval, operational resilience, new risks and the use of AI will define cybersecurity in 2025

2025 / 02 / 21
ZIURek argitaratu berri duen Industria sektorerako prospektibak 2025 izeneko txostenak Clouden dauden mehatxuak, produktuen ziurtapena eta detekziorako eta erantzunerako tresnak ere nabarmentzen ditu aurtengo joera nagusi gisa

Regulatory approval, operational resilience, new risks and the use of AI will define cybersecurity in 2025

The report ‘Prospects of 2025 for the industrial sector’ that ZIUR has just published also highlights threats in the Cloud, product certification and detection and response tools as the major trends for this year

The industrial sector has been forced in 2024 to reconsider its approach to cybersecurity due to major changes in the regulatory and technological environment, as well as the emergence of new threats. The growing dependence on digital infrastructures has intensified the challenge of balancing technological innovation with security, forcing the Basque industry to rethink its priorities.

In order to help companies in the Basque Country to understand the trends in the field of cybersecurity in 2025, ZIUR, the Gipuzkoa Industrial Cybersecurity Centre dependent on the Provincial Council, has published a new forecast report, in which it indicates that this year will be marked by the approval of regulations, operational resilience, new risks in the Cloud, the use of AI, product certification and tools for detecting and responding to cyber threats.

“We must strengthen cybersecurity capabilities and adopt comprehensive strategies to ensure operational continuity. This context demands a rapid response to changes, so organizations have to develop a greater capacity to prevent, detect, respond to and recover from cyber incidents,” says María Penilla, general manager of ZIUR. In this sense, she insists that “interoperability of security solutions has become key due to the increasing integration of IT and OT systems.” Moreover, according to Gartner, this year 75% of OT security solutions will be interoperable with IT security solutions and will be supplied through multifunctional platforms.

Therefore, it is more necessary than ever to “consolidate previous learning, adapt to stricter regulations and align processes, products and strategies to strengthen resilience against future challenges,” Penilla insists.

Risks in the Cloud

As highlighted in the ‘2025 Outlook Report for the industrial sector’, as organizations migrate their systems to the cloud, new risks associated with data storage and processing emerge. “Although the cloud offers flexibility and scalability, it also poses security challenges and requires greater control of sensitive data,” warns the director of ZIUR, who assures that in recent years cybercriminals have intensified attacks targeting cloud infrastructures, compromising the confidentiality of data and the integrity of industrial systems.

To mitigate these risks, organizations must not only implement reactive measures, but also develop new proactive measures, including network segmentation and data isolation, periodic review of cloud security configurations, data encryption and advanced authentication, and regulatory compliance.

New regulations and AI

As for new regulations, one of the major trends in cybersecurity for 2025 is the recently approved NIS2 directive by Europe, which requires stricter risk management and incident reporting; IEC 62443, an essential standard for cybersecurity in industry, as it protects automation and control systems; the CRA (Cyber ​​Resilience Act), which requires organizations to carry out continuous cyber risk assessments; or the AI ​​ACT, that is, the Artificial Intelligence Act, which establishes regulations to ensure its safe use in industrial systems.

“Artificial Intelligence is no longer simply a promise of future innovation, it has become an essential tool in the field of cybersecurity and a key enabler for organizations to face the challenges of an increasingly complex digital environment. Its inclusion in current tools, from threat detection systems to predictive analysis platforms, has significantly improved the ability to anticipate and respond to cyber threats,” says María Penilla, who also warns of its use by cybercriminals, who manage to launch “much more sophisticated attacks.”