At AVANT, we stay tuned into market signals, continually distilling key trends through our AVANT Analytics research. This past year, our team met with thousands of cybersecurity industry partners, ranging from Trusted Advisors and consultants to VARS, GSIs, service providers, and platform vendors. That research culminates in our Analytics reports we publish throughout the year. Additionally, we identify a single word that encapsulates the shift we see happening in the industry.
Last year, the word was Consolidate. It highlighted the long-standing ask from cybersecurity leaders to be able to unify their tech stack. The market finally rose to this challenge in 2024. Mergers, purpose-built platforms, two-way communication tools, and service providers all contributed to build performant systems that drove meaningful outcomes.
In 2025, we expect the market to shift its focus to another foundational idea: Resilience.
Why Resilience?
This past year, the market met the demand for consolidation. This year is similar, but even more fundamental. Leaders now have the capacity to anticipate cyber threats. Furthermore, the market has given them the ability to withstand and recover from disaster. That’s why 2025’s Word of the Year, and a key focus CSOs and other security leaders must adopt, is Resilience.
Resilience means anticipating, surviving, and recovering from disaster. Business resilience is the return on investment into cybersecurity. This is not a new concept—NIST’s publications date back nearly a decade, demonstrating resilience frameworks. However, it has now crossed the chasm from government and large financial institutions into the mainstream. We have reached a meaningful inflection point where businesses of all sizes are investing in resilient strategies.
Cybersecurity is a Leadership Problem
Cybersecurity is more than a tech issue. It’s a business imperative discussed in the C-suite and boardrooms. Not only has the domain gained visibility, but the tone leaders use to address cybersecurity needs has changed.
Business leaders have learned resilience from their own experiences. They know the key to thriving in spite of adversity is building strong, adaptable people, processes, and technologies. Executives want to build organizations that thrive in spite of market downturns, increased competition, or disaster. They expect their cyber defense to operate the same way: keep the business open and profitable in the face of adversity. This is now a main focus they consider when creating a firm cybersecurity strategy.
Ransomware Exposed Flaws
Historically, the cybersecurity team’s role was to respond when things go wrong. However, this wasn’t always possible. Teams were responsible for addressing intrusions, yet they were stonewalled from building strong protections that could prevent assaults and prevented from implementing the ability to recover in a meaningful way. In 2017, the Australian Signals Directorate published the first version of their Essential Eight: a list of the top eight controls companies should implement to effectively protect their organization. The irony? Most organizations failed to align those responsibilities to their cyber team.
As ransomware crime actors proliferated, companies began to feel the impact of their underinvestment and the misalignment of roles. The ransomware outbreak that continued made the threat real and tangible in a way that leaders were previously unable to anticipate and respond to. As flaws were identified, the need for a stronger cyber strategy grew as well.
The Market Response: Resilience Rising
The market quickly adapted. Capabilities once only reserved for government agencies and major financial institutions became available across other verticals. Backup companies rushed to develop immutable storage. Patching efforts matured. Identity moved to the cloud. Solutions consolidated. Documentation became easier to read. Performant, secure systems became easier to deploy. Companies finally had visibility into threat actors attempting to leak their data. The barrier to entry came down. Complex, arbitrary concepts became tangible.
The 2025 Outlook: Automation and GenAI
Our data indicates that both supply and demand market forces will continue to confidently invest into the concepts of resilience, both directly and indirectly. Automation, especially for cloud infrastructure and data-driven programs, will continue to pull companies towards secure by design and well-architected frameworks. This is especially true of organizations leveraging generative AI, as they anticipate potential data loss. As leaders explore adoption of GenAI technology, they should keep in mind cyber resilience strategies and generative AI strategies match up well. Investing in one drive outcomes aligned with the other.
The Human Factor: Resilient People Build Resilient Businesses
Perhaps the most powerful insight from our research this year is the resilience of the cybersecurity community itself. From executives managing large-scale breaches to front-line employees persevering through layoffs and budget cuts, the people driving this industry continue to demonstrate extraordinary resilience.
In 2025, resilience will be the foundation for not only surviving but thriving in the face of cyber threats. Trusted Advisors, work with your dedicated AVANT team today to tap into our bench of cyber security resources and fill out an Interactive Quick Assessment on Pathfinder to share more about your open opportunities.
If you’re an IT decision-maker tasked with building a firm and resilient cyber strategy, a Trusted Advisor is your best resource for navigating the complexity of the market! Find your Trusted Advisor guide here.