Richard Seiersen , Chief Risk Technology Officer , Qualys the risk cannot be fully understood through empirical data .
As the deterministic aspects of cybersecurity are automated , the role of experts will increasingly shift toward decision-making in uncertain scenarios . AI will aid in modelling these risks , but the effectiveness of these models will heavily depend on the expertise and assumptions of the security professionals using them .
This means that while AI will enhance analytical capabilities , the human element will remain critical in interpreting data and making informed choices among plausible
the importance of their expertise in the evolving landscape of AI-driven cybersecurity .
# 4 Automation and orchestration will grow in importance in 2025 to centralise risk telemetry
Landing all your risk telemetry into one place will become common . Many organisations are already aggregating IT , OT and cloud-native risk data into security data lakes , including asset state and changes over time , along with threat and vulnerability intelligence . Note that telemetry consumption is different from risk measurement .
# 2 Human factor will be key to guarding against hackers leveraging AI
AI will enable bad actors to do what they
have always done , but faster . Just like defenders , they will use AI to automate software development and expedite the analysis of reams of data to discover plausible vulnerabilities and select and execute exploits .
One critical area for improvement lies in addressing human vulnerabilities , often referred to as layer 8 in cybersecurity . Since humans are easily spoofed , it is essential to implement stronger forms of multi-factor authentication and privileged access management . These measures can help mitigate risks associated with social engineering and wire fraud , which are likely to increase as attackers utilise AI for more sophisticated tactics .
# 3 AI-driven cybersecurity will enhance operational efficiency for defenders
Over the next five years , we can expect significant improvements in operational and capital efficiency for defenders , as AI continues to automate routine tasks and streamline processes . This will free security practitioners to focus on more complex challenges , particularly those involving irreducible uncertainty situations , where alternatives . Security professionals will continue to play a vital role in navigating complexities and uncertainties , underscoring
As the deterministic aspects of cybersecurity are automated , the role of experts will shift toward decision-making in uncertain scenarios .
At a minimum , assets must be normalised , and scores must be rationalised . From there , automation will enable organisations to measure operational efficiency in controlling attack surfaces and implement policyas-code using AI copilots . AI-driven tools will drive down risk in both a capital and operationally efficient manner .
# 5 Cyber risk quantification will become core practice for CISOs
Measuring risk is a core capability , not a product . As cybersecurity maturity grows , the integration of financial metrics
44 www . intelligenttechchannels . com