As organizations increasingly adopt Generative AI (GenAI), the need to secure both training data and the data generated by AI models is reshaping approaches to cybersecurity. Gartner has identified key trends for 2025, highlighting the growing demand for data security solutions to manage the complexities brought on by GenAI and its associated risks.
One of the key shifts is the rise of unstructured data, such as text and images, which is becoming more prevalent with the use of GenAI. Unlike the structured data found in traditional databases, unstructured data poses new challenges in terms of security. As a result, there is a surge in demand for Data Security Posture Management (DSPM) solutions capable of addressing the unique needs of GenAI deployment.
Another emerging trend is the use of synthetic data for training AI models. Synthetic data, which is generated by AI models and mimics real-world data, is gaining traction as a safer alternative to using sensitive real-world datasets. By leveraging synthetic data, organizations can increase the availability of training data while minimizing the risk of exposing private or sensitive information.
However, especially in industries like finance and healthcare, the use of synthetic data requires careful oversight. Ensuring the accuracy and integrity of the data generation process is essential to avoid errors, bias, and potential degradation of AI model performance.
In addition to these developments, a shift is occurring in how organizations handle cyber-risk decision-making. The traditional model of centralized authority is becoming less effective as organizations recognize the need for greater autonomy among resource owners. Gartner’s findings from its 2022 survey showed that more than half of organizations are empowering resource owners to make independent cyber-risk decisions, though with flexible centralized oversight to ensure that these decisions align with broader organizational goals.
Looking ahead to 2025, Gartner recommends that organizations establish a comprehensive enterprise security charter. This document should clearly outline the responsibilities and accountability of resource owners when making cyber-risk decisions, ensuring that these decisions are not made in isolation but with consideration for their potential impact on the entire organization.
Stay tuned to DC Brief for further updates on this story and other technology developments.
