According to Gartner, information security spending is set to grow by 15% in 2025. And it’s no wonder why – from the July CrowdStrike outage that brought down businesses all over the world, to increased fears around AI-enabled attacks like deepfakes, threats and vulnerabilities are mounting. As businesses prioritize cybersecurity measures, investors are also taking notice: a slight increase from 2023 to 2024 in venture capital investments in cybersecurity startups could signal that the industry is stabilizing and may attract more money in the coming year. However, the big story in 2025 for cybersecurity is M&A: experts expect the cybersecurity M&A market to heat up after being stagnant for several years – with massive platform providers like Palo Alto looking to acquire innovative startups to bolster their offerings.
What are the key areas of security investment?
- You guessed it, AI: AI is being watched from all angles in cybersecurity. First, there is increasing concern around the potential it has to multiply the number and types of attacks on the enterprise. As bad actors with AI get smarter, so too must the companies using AI to protect themselves. In 2025, we’ll see greater AI capabilities across the vendor landscape, and startups in the AI security space will continue to attract attention from investors. However, expect CISOs to still be a little skeptical about ROI – according to Forrester, they have their guard up around all the benefits of GenAI that have yet to be realized.
- Cloud security: As more companies do business in the cloud, Gartner predicts there will be even more investment in cloud security in 2025. And rightfully so – according to HackerNews’ outlook for 2025, many of the data breaches that have occurred over the last few years are a result from misconfigurations in the cloud, including missing access controls, incorrect security policies or insecure storage buckets.
- Zero trust architecture: As threats continue to grow in volume, enterprises are increasingly shifting to Zero-Trust architecture; meaning that they will require the verification of a person, device and application on an ongoing basis. As a result, identity access management is going to continue to be an important investment that companies make.
- Supply chain security: Look no further than the Change Healthcare attack in early 2024 to see the ripple effects that a cyberattack can have on numerous organizations. With that, third party vendors are going to be under increased scrutiny and monitoring in the year ahead.
- Privacy & compliance: While not the sexiest topic, privacy and compliance are receiving renewed attention as regulations regarding everything from consumer data consent and the right to be forgotten get re-examined in the AI era. Meanwhile, new regulations related to data privacy and AI are being rolled out on every level – with new state laws set to go into effect across the U.S. as early as January.
What does all this mean for security marketers? That was the big question addressed at the 2024 CyberMarketing Conference, which V2 attended and presented at. Throughout three days of programming, it became evident that cybersecurity marketers should:
- Build their brand: There are thousands of cybersecurity companies vying for the attention of enterprise security leaders. Building a credible brand reputation helps you stand out – especially in a crowd often looking for answers to difficult questions. Establishing the thought leadership topics your company wants to “own” and building a thoughtful strategy on how to use and promote those ideas can help you gain that credibility and recognition, while also providing valuable insights to your audience. Key pillars of that strategy should include an always-on media engine, data and research when possible, meaningful content that can be amplified on social and via paid channels, and speaking slots at industry events (and I’m not just saying that because V2 moderated a panel on brand reinvention at the conference).
- Harness the power of community: “Community” was another word we heard throughout the conference. CISOs trust their community of peers more than anyone else – a reference from another CISO is worth more than any booth at RSA. Marketers should focus on finding ways to build relationships and create experiences that build trust with and engage CISOs with meaningful content. This can happen through working with influencers, using your customer spokespeople to share the compelling work you’ve done in media or at events, or carefully crafting an experience (say, a CISO dinner with a compelling speaker) to provide value to this greater community of experts.
- Talk to the practitioners, but leave the marketing speak behind: A resounding theme throughout the conference was that more companies should target the people on the frontlines in addition to the CISO. Why? Because they know the company’s technology and where there are gaps inside and out. They know what resources they need, where their staff in overburdened, and what vulnerabilities they have. While the CISOs might have to sign off on the budget, they are listening to the VPs, directors and managers about what they need and why. As marketers have more conversations with practitioners, be warned that they have a low tolerance for buzzwords and can cut through marketing jargon in a heartbeat. Be direct about what your product does and the unique benefits it provides – it will go a long way.
If you’re looking for a partner to help you cut through the noise, connect with the right people and establish your brand, you’ve come to the right place. Learn more about how V2 can help you make 2025 a standout year, by checking out our services or client case studies.