Recent research reveals that organizations will be looking for new ways to contend with evolving security threats in 2025.i
Now in its fourth year, The 2025 Global Study on Closing the IT Security Gap, published by the Ponemon Institute and sponsored by Hewlett Packard Enterprise, examines how to close cybersecurity gaps and protect valuable data in the AI era. This report gathers findings from more than 2,100 IT and security practitioners around the world to provide fresh insights into IT security and AI strategies
Network and security teams adopting new ways to combat threats
According to Ponemon Institute, ransomware, network and application attacks, insider threats and distributed denial of service attacks are just a few of the threats that will be putting organizations on high alert in 2025. “The increasing sophistication of cyber criminals — as well as accelerating adoption of AI — makes it more important than ever for organizations to become aggressive in closing security gaps in their IT infrastructure,” researchers stated.
The report’s findings show that network and security teams are adopting new ways to protect their organizations against evolving threats. Here are five new ways network and security teams are protecting organizations:
#1: Increasing use of AI for security
AI innovation dominated headlines in 2024. AI-powered AIOps capabilities — such as predictive analytics, LLM-based support tools, and proactive insights — showed potential for improving network management and user experience. Yet AI’s potential for enhancing security remains largely untapped, with only 39% of organizations reportedly using AI to close cybersecurity gaps.
High-performing security organizations — those considered highly effective in keeping up with threats and closing security gaps — are already adopting AI at a faster rate than other organizations. These organizations noted a variety of ways they are using AI to close cybersecurity gaps, including supporting better collaboration between network and security teams, prioritizing vulnerabilities, and improving IoT device profiling accuracy. Expect to see the rate of organizations using AI for security increasing in 2025.
#2: Prioritizing zero trust as a business imperative
Zero trust has become increasingly commonplace to boost protection against a variety of evolving threats. This year’s research revealed that nearly two-thirds of organizations have adopted, or plan to adopt within the year, zero trust security strategies.
Innovation demands security, positioning zero trust to become not just a key network and security imperative, but a business enabler. For example, organizations may be required to adopt or expand zero trust to comply with cybersecurity and data privacy mandates and regulations, such as NIS2 and GDPR (EU) and those based on NIST frameworks, such as HIPAA (U.S.). Additionally, ongoing hybrid work initiatives mean network and security teams must support zero trust access for users and devices wherever they are located. Extensions of zero trust security — such as universal zero trust network access, which enables secure access for remote and on-premises subjects through a single policy framework — will grow in popularity as organizations seek to reduce complexity and close security gaps.
#3: Mounting defenses against IoT risks
An increasing number of IoT devices are connected to enterprise networks. Often these devices are unobtrusive, web-connected, and lack sophisticated security — a combination that makes them an irresistible target for cyberattacks. In fact, researchers in 2024 noted a 400% increase in IoT malware attacks across various industries.ii
IoT can be a driver of both innovation and risk for organizations. While more than half of Ponemon survey respondents indicated that identifying and authenticating IoT devices accessing their network is critical to their organizations’ security strategy, only 16% of organizations were highly confident they know all the users or devices connected to their networks.
To scale zero trust security for IoT, a growing number of network and security teams in 2025 are anticipated to enlist AI and ML tools. AI-driven solutions that provide deep visibility and accurate profiling of devices can help organizations avoid IoT blind spots that malicious actors could exploit. Network detection and response approaches leveraging AI-powered IoT behavioral baselines can identify anomalous behavior in connected devices to help teams respond to early signals of potential threats.
#4: Adopting SASE
SASE architectures are gaining traction as users become remote and applications migrate to the cloud. According to Ponemon survey data, the percentage of organizations that have adopted, or plan to adopt SASE, has increased steadily over the past several years, reaching a record high of 65% in 2024.
SASE adoption shows no signs of slowing. In 2025, a growing number of network and security teams are projected to deploy the combination of SD-WAN and SSE to reduce costs, improve application performance, and improve security. While deployment preferences will vary based on team preferences and priorities, more organizations are expected to adopt single-vendor SASE, a best practice of high-performing organizations in the Ponemon study.
#5: Collaborating on decisions about security
Organizations in the study split when it came to who makes security architecture decisions, with nearly 30% of organizations reporting that network or security teams take the lead. Collaboration is gaining ground though, with 20% of organizations indicating that their network and security teams join to make decisions, an increase from 2023.
With business and security landscapes increasing complexity in 2025, collaboration between network and security teams will be essential to a successful security strategy. The Ponemon study linked team collaboration with high effectiveness in keeping up with threats and closing security gaps.
Where might network and security teams in 2025 look for opportunities to enhance collaboration? The most natural place is the network. This is because business innovation is often built on new models of connectivity, and infusing innovation with zero trust security principles is key for both organizational protection and cybersecurity compliance. In 2025, the network can now play an essential role as not just a connectivity enabler but also as a cybersecurity defender.
Jumpstart your network and security initiatives
What are your network and security teams’ goals and priorities for 2025? Check out these helpful resources to explore new ways to connect and protect what matters most in your organization.
- Read the full report: The 2025 Global Study on Closing the IT Security Gap
- Explore multiple journeys to SASE
- Watch the webinar replay: “Zero trust made simple” (Airheads registration required)
- Hear Field CTO John Spiegel discuss scaling protection with AI
- Find out more about the network as a security solution
[i] Ponemon Institute, “The 2025 Global Study on Closing the IT Security Gap,” February 2025. hpe.com/security
[ii] Deloitte, “Global Cyber Threat Intelligence (CTI): Annual Cyber Threat Trends,” March 2024. https://www2.deloitte.com/us/en/pages/risk/articles/cybersecurity-threat-trends-report-2024.html
Eve-Marie_Lanza
Eve-Marie Lanza is a Senior Security Solutions Marketing Manager at HPE Aruba Networking, where she leads marketing for Edge-to-Cloud Security solutions. She brings to the role more than 15 years of experience in portfolio and solutions marketing with a focus on enterprise networking and data center technologies. Eve-Marie holds an MBA from the University of California at Davis.
