AI's evolving role in ANZ cybersecurity: 2025 outlook

Vectra AI has shared its 2025 security predictions, emphasising the role of Artificial Intelligence (AI) in cybersecurity for Australia and New Zealand, and highlighting the emerging focus on delivering measurable results.

A top concern for Chief Information Officers (CIOs) in Australia and New Zealand in 2025 is cybersecurity, with an emphasis on allocating resources effectively and anticipating future attack vectors.

The company warns of the growing fatigue with AI applications as organisations struggle with high costs and a lack of demonstrated value. Chris Fisher, Vectra AI's Regional Director for Australia and New Zealand, said, "Many are adopting AI tools without understanding their purpose, leading to confusion about how these solutions address specific pain points."

Fisher further stated, "While AI has tremendous potential, it is often misrepresented as a panacea for cybersecurity challenges. Organisations must rethink their strategies to effectively utilise AI for real issues, focusing on outcomes rather than just technology."

The rising use of AI by malicious actors is an additional concern. Fisher pointed out, "Attackers are increasingly using AI to enhance phishing campaigns and exploit zero-day vulnerabilities — such as those in Palo Alto Networks and Cisco Systems — in security tools. This raises concerns about new vulnerabilities, particularly regarding identity theft."

With the introduction of legislation such as Australia's new Cyber Security Act, Fisher believes there will be a push for innovation in security tools, urging organisations to adopt solutions that offer real-world results. He remarked, "By focusing on practical applications and regulatory compliance, organisations can enhance their security posture and better protect against evolving threats."

Fisher also commented on the marketing saturation surrounding AI, "Organisations must implement rigorous testing to differentiate between genuine AI advancements and mere marketing buzz, ensuring they achieve real security improvements."

One of Vectra AI's key predictions is the overwhelming focus on AI, which could lead to disillusionment among security leaders despite the fact that 89% plan to adopt more AI tools. The initial excitement is expected to give way to a more measured approach where tangible results like faster threat detection and improved accuracy become crucial.

Another significant prediction is the increase in AI-driven cyberattacks, which will allow attackers to refine phishing campaigns and exploit vulnerabilities in a more sophisticated manner. As Fisher noted, "When infiltrating environments with tools like CoPilot, they can exploit these resources against organisations."

Moreover, the emphasis on regulatory compliance is likely to overwhelm cybersecurity teams, potentially providing attackers with an advantage. With security teams prioritizing compliance, there is a risk of neglecting dynamic threat detection, which could be exploited by attackers.

Identity-based attacks remain a critical concern, with the use of Generative AI (GenAI) to enhance phishing campaigns and business email compromise (BEC) expected to rise. This underscores the need for continuous testing and robust identity management practices.

Lastly, the misuse of AI agents, which could be traced back to many enterprise breaches in the future, must be addressed. Ensuring the security and responsible use of AI systems will be essential to mitigate these threats.

As the digital landscape continues to evolve, organisations are being urged to adopt strategic, outcome-focused approaches to cybersecurity, enhancing their ability to optimise resources and mitigate risks effectively.