• Security will continue to be a top concern for ANZ businesses

• Vendor relationships, tools to be scrutinised in 2025

• AI adoption will drive technological, cultural changes at ANZ enterprises
• NFTs and blockchain will make a comeback with security use cases

SYDNEY, December 18, 2024 – Kyndryl today released its cyber security predictions for 2025, with supply chain security rising to the top of the agenda following high-profile attacks and breaches in the past year. In a push to improve their security posture, Australian CISOs and security leaders will be leading a charge to reassess and scrutinise supply chains across the business, including physical and software supply chains. 

Australian businesses are set to review their supplier relationships to minimise threats posed by third party products and services, and their respective technology environments. This process will see business and security leaders aiming to streamline supplier partnerships, consolidating them wherever possible, thereby reducing the threat surface and increasing overall business efficiency. 

“Thanks to the increased focus on cyber security across the board in ANZ these last few years, we are seeing a real maturation from organisations in terms of how they approach security,” said E-Yang Tang, Vice President, Security, Resiliency & Network, ANZ at Kyndryl. “Where in previous years we saw organisations focus on protecting their own direct environments, we are now seeing an evolution in this approach with the understanding that third parties can pose just as much of a risk to business continuity.”

“Australian businesses have been impacted by globally significant supply chain attacks over the past few years, which while certainly unfortunate, have driven this increased understanding in the factors contributing to an organisation’s security posture. We’ll see businesses use existing tools and methods to refine their security practices, and I think we’ll see a comeback of NFTs and blockchain technologies for verification purposes, which may ultimately be a more suitable use case for them than tokenisation,” he added.

ANZ Predictions for 2025

Supply chain security will be back in focus

Businesses across industries will focus on supply chain traceability and operational security in the face of a growing threat landscape and increasing regulations. Demands to improve visibility across supply chains will drive neglected technology investment around data integration, while manufacturers will consider distributed manufacturing practices. Recent geopolitical conflict has heightened the attention on supply chain integrity.

NFTs will make a comeback – but not as you know them

The rise of AI-generated deepfakes and insider risk will see organisations turn to blockchain technology like NFTs for verification purposes, rather than tokenisation. These will be used to certify the authenticity of communications from execs and high-profile stakeholders. NFTs can be integrated into most businesses’ email platforms. 

ANZ CISOs will push for vendor consolidation

Security tool sprawl has created an environment where many ANZ businesses are paying for separate tools with overlapping capabilities. In 2025, we’ll see businesses ask vendors to re-prove to them why they should be sourcing particular tools from them, with the aim to consolidate into as few vendors and tools as possible. 

The rise of the ‘Ethical AI’ department

In the face of intensifying regulatory scrutiny, like APRA’s CPS 230 and 234, businesses deploying AI will stand up cross-functional teams focused on compliance and ensuring their use of AI keeps them onside of both regulations and public opinion. These teams will also be tasked with ensuring the business’ use of AI does not leave them susceptible to either cyber attack or accidental data leakage. 

CISOs and business leaders looking to protect their organisations in 2025 should consider proactive cyber security planning as well as workforce training on both tools and practices to ensure they can protect themselves against attack. Transparent communication with customers, vendors, partners, employees and regulators about cyber security and ethical AI practices is also important to build trust and ensure organisational alignment.