As we look ahead to 2025 and beyond, the cyber security landscape continues to evolve at an unprecedented pace.
Emerging technologies, expanding regulatory pressures, and the continuing innovation of threat actors are shaping a future where security and resilience are more critical than ever.
Our experts have shared their thoughts on the key topics and trends that will define the years ahead in cyber security. These insights aim to inspire action and preparation as we confront a world of rapid disruption and boundless potential. Whether you’re steering a business, shaping policy, or enhancing personal security, the future is here—and it’s moving fast.
Crafting cyber policy for a connected world
Verona Johnstone-Hulse, Government Affairs and Global Institutions Engagement Lead, shares a few of the most top-of-mind concerns from a year spent engaging with leaders around the world:
Bot’ocracy?
AI and LLMs will be drafting our cyber laws, creating national resilience strategies and monitoring firms’ implementation of digital regulations. Back in 2021, we speculated that government ministers and advisers could one day have a willing team of AIs to churn out policy ideas and content based on political aims. We even got a machine learning model to write a national cyber strategy to prove our point.
LLMs have developed significantly since then and we are already starting to see governments use AI to analyse responses to public inquiries and consultations (e.g. Half a million words analysed by AI - GOV.UK). With governments around the world looking to make significant public sector efficiencies (e.g. Trump names Elon Musk to lead government efficiency drive | Reuters), we predict that, by 2030, AI models will play a much greater role making government policy and setting the rules of the road.
The Cyber Doctor will see you now:
Cyber security experts will face the same level of scrutiny for their practices, ethical behaviour and professional standards as doctors. With the cyber industry an increasingly critical pillar of the digitalised economy, governments have been making moves to assure the quality of services provided by practitioners and cyber firms. From the EU’s certification schemes for managed security services to the UK’s Charterships for cyber professionals. By 2030, such schemes will be commonplace and essential for doing business in the cyber industry. Cyber practitioners will be required to sign up to standards and codes of ethics, and could be “struck off” for poor behaviour.
Tech multinationals will be formally recognised as nation-state proxies:
They will be given seats on global institutions like the UN Security Council. The borderless nature of cyberspace, as well as complex ownership structures, mean that the lines between public and private sector responsibility are increasingly blurred. We are already seeing political leaders acknowledge this, with UK Technology Secretary Peter Kyle recently commenting that governments should show a “sense of humility” and use “statecraft” when dealing with global technology firms.
By 2030, we predict that we will see this emerging view of technology multinationals reflected in traditionally government-only institutions.
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.