with technical security data will become critical . The industry calls this cyber-risk quantification , CRQ , but I call it cybersecurity risk management .
You cannot extract quantitative measurement from the broader domain of cybersecurity risk management , they are one and the same . The good news is that the majority of CISOs will have CRQ capabilities in 2025 , in part or integrated into their cybersecurity risk management programs .
# 6 Relationship between CISOs , C-suite , boards will evolve towards strategic collaboration
The CISO that focuses on economic and operational efficiency will be fast friends with business focused leaders . The modern CISO will see risk management as minimising business impact without breaking the bank . It is that simple in theory . In practice , the CISO must do this in a structured manner that is explainable to business stakeholders and executable by operators , which goes back to measurement as a career skill and core security capability .
Clear , measurable communication will be essential , allowing CISOs to translate complex security strategies into actionable insights for business leaders . In short , our relationship with business folks who are focused on winning will be improved to the extent we adopt the right concepts , objects and methods of measurement .
This approach will foster stronger partnerships with the C-suite , enhancing decision-making and driving business outcomes , while managing cyber risk effectively .
UAE organisations are lagging adversary ’ s AI adoption
In 2024 , the UAE Cyber Security Council identified 155,000 vulnerable assets , with two in five critical vulnerabilities remaining unaddressed for over five years . The cloud is vulnerable . Businesses worldwide are moving their data from cloud storage solutions to on-premises setups and we expect this migration to continue through the coming year as UAE organisations dial back their reliance on third parties .
The rise of the multi-cloud environment has brought with it new vulnerabilities . In 2025 , organisations will look to multilayered defences recommended by the Open Worldwide Application Security Project , OWASP to secure Web apps . Many organisations have relegated security to an afterthought when adopting AI tools .
This may be because best practice standards have yet to emerge on the tools or practices that most effectively protect enterprises as they use AI . This leads to vulnerabilities being overlooked , including those in Web apps .
The art of cybersecurity continues to be non-holistic among regional businesses . Companies work with point solutions , each geared towards a specific area , such as endpoints or networks . This leads to data silos and an open field for attackers who understand how to decipher their attacks so no one tool can detect a breach . As such , the visibility of the security team is compromised .
In 2025 , we expect to see UAE enterprises prioritise vendor consolidation , not only to cut costs but to give the SOC a single pane view of the attack surface .
Cheaper AI has lowered entry hurdles for threat actors . In some cases , this has been
Sertan Selcuk , VP METAP and CIS , OPSWAT done by plugging technical knowledge gaps for attackers ; in others , AI has provided more grammatically and aesthetically convincing phishing messages , increasing the likelihood of success in credentials theft . The same tools can be leveraged by potential targets to bolster their cyber defences , but so far , we see UAE organisations often lagging their adversaries ’ adoption .
In 2025 , we believe this trend will begin to reverse itself , with business and technology leaders collaborating on ways to focus cyber investments where they will have the greatest impact .
INTELLIGENT TECH CHANNELS 45