In 2024, regulators around the globe introduced a myriad of proposed cybersecurity- and privacy-focused policies and legislation to better manage emerging risks relating to emerging technologies such as generative AI (GenAI), as well as those related to managing third-party relationships.

Security and risk leaders sprinted to secure GenAI, even as its use cases were still evolving; almost every industry experienced critical IT disruptions due to lack of resilience planning; and despite downplaying third-party risks, organisations globally saw an increase in software supply chain breaches.

With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organisations pivot to adopt more proactive security measures to limit material impacts. This year’s cybersecurity, risk, and privacy predictions from Forrester for 2025 reflect how organisations need to evolve to address these emerging risk domains. Here are three of those predictions: