As we look ahead to 2025 and beyond, the cyber security landscape continues to evolve at an unprecedented pace.
Emerging technologies, expanding regulatory pressures, and the continuing innovation of threat actors are shaping a future where security and resilience are more critical than ever.
Our experts have shared their thoughts on the key topics and trends that will define the years ahead in cyber security. These insights aim to inspire action and preparation as we confront a world of rapid disruption and boundless potential. Whether you’re steering a business, shaping policy, or enhancing personal security, the future is here—and it’s moving fast.
Reimagining the supply chain
Ade Clewlow, Senior Advisor:
The next 12 months are likely to be dominated by an increase in AI-supported, sophisticated cyber-attacks specifically targeting the global supply chain. As we have seen all too often, they have proved to be catastrophic for organisations caught up in their wake. Threat actors have long recognised the supply chain as an attack vector, and the trend is for these to continue and grow.
This places a growing emphasis on an organisation’s resilience to withstand and recover from such an incident at all levels, from senior leadership down to the technical teams. Being prepared for a cyber incident and returning to BAU as quickly as possible should be the focus for every organisation in 2025.
Managing third-party risk remains immature across much of the economy, but this is hardly surprising when organisations have supply chains in the thousands. However, a lack of effective third-party monitoring, loose contractual obligations, and a poor comprehension of the risk to the business at a senior level all contribute to the current situation.
Increasing regulatory pressure, improving awareness of third-party risk management across the business, and implementing stricter cyber security standards on an organisation’s most trusted suppliers will all contribute to addressing the maturity issue. Where appropriate, adopting a Zero Trust mindset when controlling access to an organisation’s estate by suppliers will also help to reduce risk.
One of the most challenging areas is software supply chain security, where a greater emphasis on providing Software Bill of Materials (SBOM) and driving secure code development will contribute to improving supply chain risk management. In addition, cloud security, data protection, and proactive measures, such as AI-driven threat detection and incident response planning, will become mainstream as companies introduce defence-in-depth to enhance their resilience against ransomware and other forms of attack.
Understanding the threat to your business is always the first step. Armies don’t go into battle without knowing an adversary’s capabilities and intent; the same is true when planning your supply chain security strategy. Collaboration and intelligence sharing within sectors will play a critical role in addressing these evolving risks, as more businesses integrate cyber security into their broader supply chain management practices.
Reimagining the supply chain will be a key focus over the next 2-5 years as many organisations move beyond viewing their risks solely through a financial lens. Increasing awareness and understanding of the threats to core business operations will drive the adoption of automation and tooling that enhance defence-in-depth strategies and build greater redundancy. These improvements will, in turn, deliver stronger resilience across the supply chain.
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.