Cybersecurity disruption isn’t just an inconvenience—it’s a ticking time bomb. A cybersecurity problem can rewrite a company’s future overnight, and the rapid evolution and expansion of data privacy threats have raised and continue to raise the importance of cybersecurity for boards and senior leaders. The 2024 AlixPartners Digital Disruption Survey revealed that cybersecurity is regarded as the most critical technology trend (Figure 1), with cybersecurity incidents and their subsequent management having the greatest impact on an organization’s value. 

Our research has identified five trends that are disrupting how companies view and respond to cybersecurity issues. Each demands a thoughtful response from businesses in their strategic planning sessions.

Figure 1:  Our Digital Disruption Survey indicates that Cybersecurity was the top trend

1. Shifting regulatory environment: from deregulation to harsher fines

The regulatory landscape is marked by a striking dichotomy and was mentioned as one of the largest threats in the 2025 AlixPartners Disruption Survey (Figure 2). On one hand, we have witnessed a tougher stance from regulators, particularly the Securities and Exchange Commission (SEC) in 2024. Ambiguities surrounding cybersecurity breach reporting requirements and the definition of “materiality” led the SEC to levy fines totaling USD 7 million against four companies for misleading cyber disclosures. For companies operating in Europe, this challenge will be compounded by the Network and Information Security Directive 2 (NIS 2), which came into effect in October 2024, introducing stringent incident reporting obligations.

On the other hand, the United States may face a wave of deregulation. The Cybersecurity and Infrastructure Security Agency (CISA), focused on critical infrastructure and coordination between the public and private sectors, may be scaled back or even disbanded amid departmental reorganizations. Additionally, there may be efforts to reduce regulations like the Critical Incident Reporting for Critical Infrastructure Act (CIRCIA). These steps could decrease CISA's compliance enforcement efforts within the private sector and diminish support for initiatives such as secure-by-design.

Figure 2: Regulation was mentioned as one of the largest threats in the 2025 AlixPartners Disruption Survey

2. AI governance and regulatory oversight beginning to take shape

Following AI's breakthrough year in 2024, nations across the globe are actively crafting and implementing governance frameworks to manage the rapid expansion of AI-powered technologies. Notable examples include the EU AI Act, China’s AI Security Regulation, and the US National AI Initiative Act, with their first applications anticipated in 2025. Integrating AI into business strategy without addressing key risks —such as data exposure, data poisoning, and the introduction of code vulnerabilities—can prove exceedingly costly.

Though a unified global approach to AI regulation has yet to emerge, common themes are beginning to take shape, focusing on accountability and governance, safety and security, data privacy and protection, and human oversight. Legislation, if implemented, will need to carefully balance fostering innovation with managing the associated risks. As foundational legislation takes effect in 2025, compliance programs will need to closely monitor this dynamic and evolving global landscape.

3. Cybersecurity vendor consolidation 

The cybersecurity market witnessed a series of blockbuster acquisitions that hinted at a significant consolidation trend likely to intensify in the coming years. Cisco’s historic $28 billion purchase of Splunk, Thoma Bravo’s $5.3 billion deal for Darktrace, and Mastercard’s $2.65 billion agreement to acquire Recorded Future represent a strategy for achieving end-to-end cyber capabilities. As highlighted by the Wall Street Journal, “Cyber Investors Expect More Mergers in 2025,” these deals reflect the growing demand for integrated security solutions. Investors and companies prioritize comprehensive solutions that address the complexities of modern cybersecurity challenges.

Consolidation — primarily through mergers and acquisitions—provides a more coordinated approach to threat intelligence, vulnerability assessment, and real-time response.

Analysts anticipate the pace of cybersecurity vendor consolidation will continue unabated, fueled by the urgency of defending against emerging threats and the desire for greater operational efficiency. At the heart of these trends lies a common theme: companies must be equipped with robust, comprehensive defenses as cyber risks escalate. Consolidation delivers on that promise, creating a market where a handful of influential vendors can provide everything from zero-trust architectures to AI-driven threat detection. This evolution will shape the cybersecurity landscape well into the coming year and beyond.

4. Supplier disruption caused by tariffs

The global trade landscape is experiencing significant shifts due to the potential or actual implementation of new trade tariffs and sanctions. Such geopolitical tensions are prompting organizations to reevaluate and often change their suppliers to maintain compliance and mitigate associated risks. As noted by Moody's, supply chain restrictions are expected to remain a top trend this year, with increasing government reliance on such measures for political and economic purposes. This dynamic environment necessitates a heightened focus on Third-Party Risk Management (TPRM) to ensure that new and existing suppliers adhere to stringent cybersecurity standards.

Introducing new suppliers into supply chains, driven by trade tariffs and geopolitics, increases the complexity of managing third-party risks. Each new supplier may introduce unique vulnerabilities, making it imperative for organizations to conduct thorough due diligence and continuous monitoring. Organizations should emphasize business resilience, sustainability, and transparency to create more robust TPRM practices. This approach can help identify and mitigate potential risks compromising the organization’s security posture while managing global trade effectively. Implementing comprehensive TPRM strategies ensures compliance with international regulations and fortifies the organization’s defense against potential supply chain disruptions and cyber threats.

5. Quantum computing breakthroughs lead to increased “harvest now, decrypt later” attacks

In December 2024, Google unveiled a groundbreaking quantum computing chip capable of solving problems in five minutes that would take the world’s fastest supercomputers an unimaginable 10 septillion years (that’s 10 followed by 24 zeroes). While this achievement is a scientific marvel, it also introduces significant risks for businesses worldwide. Quantum computers have the potential to break RSA encryption, the foundation of encrypted digital communications globally.

Although the widespread commercialization of quantum technology, or "Year to Quantum" (Y2Q), may still be a distant prospect, some threat actors are already harvesting encrypted data with the intention of decrypting it once quantum computing becomes viable. This practice, which we expect to persist, underscores the urgency for businesses to take proactive measures. Organizations must act now to identify critical business data and intellectual property, assess existing safeguards, simulate breach scenarios, and develop strategies for implementing post-quantum cryptography.

The winners will be the businesses that maintain adaptive strategies

As considerable geopolitical uncertainty may occur, one thing is clear: disruption is the constant that lies ahead. The cybersecurity landscape will continue to evolve, driven by both emerging technologies and shifting regulatory pressures.

Organizations must adapt to growing challenges posed by advanced technologies like AI and quantum computing, while navigating the dual pressures of regulation changes and evolving compliance requirements. The need for robust governance, proactive risk management, and strategic modernization of security systems has never been more urgent.

Learning from the past is essential to avoiding future pitfalls. The key to thriving during disruptive times will be the ability to not only respond to these challenges but to anticipate and prepare for them, ensuring resilience and long-term success in an increasingly uncertain world.

If you would like to ensure your cybersecurity strategy is well-prepared to drive and protect value in our increasingly disrupted world, please reach out to the AlixPartners Cybersecurity team.