With cybercrime expected to cost $12 trillion in 2025, boards and tech leaders in Asia-Pacific (APAC) and across the globe are scrambling to address the looming threats to cyber security.
AZK Media’s Azadeh Williams caught up with Chirag D Joshi, a leading cyber security expert and founder of 7 Rules Cyber, about the most pressing concerns organisations face in 2025. Also the vice president of ISACA Sydney – one of the largest professional associations in the world – Joshi dives into the advancement in AI increasing the sophistication of cyber threats and the efforts at the leadership level to ensure organisations are well-equipped to tackle these threats.
Regulatory changes are shaping cyber security
The Australian Cyber Security Centre receives approximately 144 reports of cybercrime a day in Australia. Due to the alarming rise of cyber threats, the Australian Government introduced the National Cyber Security Law and changes to the Privacy Act, forcing boards and executives to pay closer attention to cyber security. These regulations carry serious legal and financial consequences for non-compliance, which means Chief Information Security Officers (CISO) must play a pivotal role in helping organisations navigate these regulatory changes.
It seems businesses are finally jumping on board with cyber security. According to Forrester’s 2024 The State of Data Security report, privacy and data use will drive additional investment in data security controls. A considerable 78% of respondents in APAC said enterprise security decision-makers expect to increase investment in new data security controls to comply with privacy requirements over the next 12 months. By staying ahead of the regulatory curve, CISOs positively impact the organisation's cyber security posture and provide a competitive advantage rather than a compliance burden.
AI favours organisations and cyber attackers alike
The rapid development of AI presents both a threat and an opportunity for cyber security. On one hand, AI is being leveraged by cyber criminals to automate attacks, such as credential stuffing and phishing campaigns, which are becoming more advanced and harder to detect. On the other hand, AI also holds the potential to enhance security measures by automating threat detection, improving incident response and even predicting potential vulnerabilities before they are exploited.
"The pace of AI adoption is fast, and with that comes the potential for increased threats. At the same time, AI holds tremendous potential to enhance our security measures," says Joshi.
For tech leaders, the key challenge is balancing the speed of AI adoption with the need for responsible governance. AI can drive innovation, but it must be integrated with strong cyber security measures to mitigate the risks it brings. This involves setting clear guidelines for AI usage, establishing frameworks for ethical AI deployment and putting in place guardrails to prevent abuse. Tech leaders must not only advocate for AI integration but also ensure that security considerations are a top priority.
Shift towards identity and access management
As cyber threats evolve, so too must the methods used to protect organisations. Credential theft and credential stuffing are now popular causes of data breaches, replacing traditional methods like phishing and social engineering. This shift places identity and access management (IAM) at the forefront of cyber security.
To combat these rising threats, organisations need to move beyond basic security measures like multi-factor authentication. The focus must shift to adaptive access controls, which adjust the level of security required based on contextual information, such as the user’s location or the sensitivity of the data being accessed. Additionally, the adoption of passkeys and other passwordless technologies is expected to improve security by eliminating one of the most vulnerable points of access.
According to Joshi, tech leaders should prioritise IAM as part of their broader cyber security strategy. By advocating for more robust access management systems, they can help organisations protect sensitive information and reduce the likelihood of successful cyber attacks. This requires not only technology solutions but also a cultural shift within the organisation toward more secure digital practices.
Supply chain vulnerabilities and real-time monitoring
Supply chain attacks pose another major area of concern. As organisations increasingly rely on third-party vendors for critical services and infrastructure, they become more vulnerable to cyber attacks targeting those vendors.
“We've started to see a host of geopolitical issues related to supply chain come about just in the last six months,” explains Joshi.
An ACSC study found that in 2024, 74% of entities performed supply chain risk assessments for applications, ICT equipment and services. In a way to mitigate risks from the start, Joshi emphasises the importance of moving beyond traditional security questionnaires when evaluating vendors. Instead, tech leaders should implement real-time monitoring and adaptive controls to assess the security of key suppliers continuously. This proactive approach allows organisations to identify vulnerabilities before they are exploited.
“That's a key part of what we need to do this year, is move beyond the questionnaires, get to more adaptive control and have visibility. If we don't have visibility, we really have nothing,” says Joshi.
Joshi adds that tech leaders must take the initiative in building strong relationships with key vendors and ensuring that both the organisation's and the vendor's cyber security practices align. In appealing for greater transparency, it’s wise to ask vendors to disclose their own security practices and any subcontractors they may use. By doing so, they can better manage supply chain risks and ensure that their organisation is not exposed to unnecessary threats.
Cyber security centres around education and community building
Joshi says that cyber security is ultimately a “people problem”, and culture plays a critical role in mitigating risks.
“If you improve the company culture, you automatically address 90 per cent of your threats. Culture means not just awareness and training about cyber security, but also getting people equipped to do their jobs responsibly,” says Joshi.
Tech leaders have a responsibility to create a culture that prioritises cyber security. This means providing ongoing education, fostering a mindset of security-first thinking, and ensuring that employees are empowered to recognise and respond to threats. From the C-suite to entry-level employees, everyone should be equipped with the knowledge they need to protect the organisation.
“Cyber security is not something we can tackle in isolation,” Joshi says.
“Engagement with the wider community, thought leadership, and knowledge-sharing are crucial to our collective resilience,” he continues.
Why should tech trailblazers lead the charge?
As the cyber security landscape becomes more complex in 2025, tech leaders must step up and lead the way. Regulatory changes, the rise of AI, evolving threats to identity and access management, and the growing risks associated with supply chain vulnerabilities all require a proactive, strategic approach.
By engaging closely with the business, advocating for responsible AI adoption, implementing robust IAM systems, and prioritising supply chain security, tech leaders can ensure that their organisations are prepared for the challenges ahead.
In short, cyber security boils down to a leadership issue. Tech leaders must take the reins and guide their organisations through the evolving threat landscape, ensuring that cyber security is not just an IT function but a core business priority.
Authored by Jessica Phillips, Senior Social Media and Communications Specialist at AZK Media.
At AZK Media, we specialise in helping global technology companies get noticed in new and emerging markets. We make driving your growth, our business. Contact us today to see how we can strengthen your expansion efforts.
Comments