Over the years, we’ve seen dramatic shifts in how organisations approach cybersecurity—from reactive measures to more proactive strategies, thanks to advancements in technology and a growing understanding of the risks we face.

The truth is, the challenges ahead aren’t going away. In fact, as we move into next year, the stakes are higher. 

But it’s not all bad news. With the right strategies in place, businesses can stay one step ahead, protect sensitive data, and avoid costly breaches. 

So, what can we expect in 2025? Based on years of experience, and my ongoing research in the field, here are my key predictions for what’s coming next in the data security space.

1: Data classification will become a cornerstone of cybersecurity strategies

If there’s one thing we’ve learned from working with our customers, it’s that proper data classification is fundamental to effective security. When sensitive information is improperly stored or exposed, businesses are at serious risk. 

We’ve even seen it firsthand—after analysing more than six million Google Drive files, we found that 40% of them contained Personally Identifiable Information (PII). If that information isn’t handled properly, it puts businesses at risk of a data breach.

By 2025, we’re going to see more organisations prioritising automated data classification systems to help tackle this problem. AI-driven tools will become a lot more common, and they’ll be able to automatically identify, tag, and secure sensitive data across cloud and SaaS environments. 

These tools will help companies stay on top of the massive amounts of data being generated each day, ensuring that sensitive data is protected and reducing the risk of unnecessary exposure.

2: The focus on stale data will intensify

Here’s something that’s often overlooked: stale data. It’s becoming a significant security issue, especially in collaborative work environments like Google Drive. In fact, we’ve found that 86% of files in Google Drive haven’t been updated in over 90 days. Even more concerning, 70% of them haven’t been touched for more than a year. That’s a lot of unnecessary data taking up space—and more importantly, creating potential vulnerabilities that could be exploited.

As we move into 2025, I predict that security leaders will be laser-focused on reducing the amount of stale data across their SaaS platforms. 

With regulatory requirements becoming stricter, managing stale data will become a critical part of compliance and risk reduction. We’ll see businesses taking a much more proactive approach, regularly auditing their systems to identify and remove outdated data. 

This will become an essential part of their cybersecurity routine—essentially, digital housekeeping to ensure they’re not leaving any unnecessary doors open for attackers.

3: Cybersecurity will be a shared responsibility, not just an IT concern

Human error continues to be a major factor in data breaches. According to a 2024 Verizon report, 68% of breaches involved a “non-malicious human element.” This means that while employees might not be intentionally causing harm, their actions—whether careless or unintentional—are still putting data at risk. 

That’s why, in 2025, we’ll see businesses shifting their approach to cybersecurity by making it a shared responsibility across the entire organisation.

It won’t just be about the IT department doing all the heavy lifting anymore. Instead, businesses will start treating cybersecurity as something everyone takes responsibility for. Security leaders will push for more investment in employee education and tools that help staff spot and prevent threats in real-time. 

We’ll see more businesses rolling out technologies that allow employees to act as a “human firewall,” empowering them to identify risks and take action before they escalate. This will help build a culture of data security from the ground up, where everyone—from the C-suite to entry-level staff—is actively contributing to a safer work environment.

4: Insider threats will drive more vigilant security measures

Insider threats are a major concern for organisations—and with good reason. According to IBM’s 2024 Cost of a Data Breach Report, data breaches caused by insiders can cost businesses an average of nearly $5 million per incident. With the rapid adoption of SaaS and cloud platforms, monitoring data movement in real time is becoming even more crucial to protecting sensitive information.

In 2025, I expect businesses to double down on continuous monitoring solutions that can track data across cloud platforms and immediately detect unusual behaviour. These systems will automatically classify and protect sensitive data, ensuring it’s always secure. 

By having these monitoring systems in place, businesses can spot potential threats early, whether from inside or outside the organisation. It’s about staying one step ahead, preventing breaches before they have a chance to do any serious damage.

Data security in healthcare: A growing focus on the Human Firewall

The healthcare sector is facing an escalating number of cyberattacks, many of which are disrupting patient care. According to a recent Ponemon Institute report, 69% of cyberattacks on healthcare organisations already impact patient care. 

The cost of these attacks goes beyond dollars—it can affect lives. In 2025, I predict that healthcare organisations will start focusing more on empowering their workforce to actively contribute to cybersecurity efforts.

This will mean more investment in educating staff at all levels to spot threats and respond to incidents quickly. Security isn’t just IT’s job anymore—every employee plays a role in protecting sensitive data. This shift will help healthcare providers strengthen their defences and improve their ability to respond to cyber threats in real time.

Data security in financial services: A shift toward collective vigilance

The financial services sector has long been a target for cybercriminals. Attacks on financial institutions have cost up to $12 billion over the past two decades, according to the IMF, and the frequency of these attacks is only increasing. In 2025, we’ll see banks and financial institutions investing more in their “human firewall” approach to cybersecurity.

Similar to healthcare, this approach will involve more investment in employee education and the deployment of real-time threat detection tools. Employees will be equipped with the knowledge and technology needed to identify and prevent risks, turning the entire workforce into a proactive line of defence. With attacks becoming more frequent and sophisticated, this collective vigilance will be key to safeguarding sensitive financial data and reducing the risk of costly breaches.

My final two cents

As we move into 2025, data security will continue to be a critical concern for businesses. The strategies that worked in the past won’t be enough to keep up with the growing complexity of cyber threats. But the good news is that companies are becoming smarter, more proactive, and more strategic in their approach to protecting data.

From automating data classification and tackling stale data, to making cybersecurity a shared responsibility and addressing insider threats, the trends we’re seeing point to a future where businesses are better equipped to defend against evolving cyber risks. The companies that embrace these changes will not only safeguard their data but will also build trust with their customers and partners. 

Cybersecurity may never be simple, but with the right strategies and tools in place, like Metomic, it’s possible to stay ahead of the curve—and keep data safe. Contact us today to explore how Metomic’s solutions can help you safeguard your data, reduce risks, and build a stronger security strategy.

‍