Top Cybersecurity Projects to Prioritize in 2025: Insights from Gartner
Gartner’s 2025 report outlines eight cybersecurity projects that CISOs must prioritize—covering zero trust, GenAI, CPS, insider threats, and security culture. Learn how Keepnet helps turn strategy into action.
In 2025, cybersecurity is more challenging than ever. As generative AI (GenAI) spreads fast and attacks on cyber-physical systems (CPS) increase, organizations are under pressure to improve their defenses. At the same time, security behavior and culture programs (SBCPs) are becoming more important. According to Gartner, companies that use GenAI with smart, integrated platforms in these programs can cut down employee-driven security incidents by 40% by 2026.
To stay ahead of these threats, Gartner’s latest report highlights eight cybersecurity projects that every security and risk management (SRM) leader should prioritize. These projects are designed to reduce risks, improve resilience, and align cybersecurity with business goals.
In this blog, we’ll explore each of these key projects and show how Keepnet helps put Gartner’s recommendations into action.
Gartner’s 8 Must-Do Cybersecurity Projects for 2025
To keep up with fast-evolving threats, Gartner has identified 8 core cybersecurity projects that organizations must act on in 2025. These projects address both technical gaps and cultural shifts—from global supply chain risks to the impact of GenAI on employee behavior.

Each initiative offers a clear path for reducing risk, building resilience, and aligning cybersecurity with business strategy.
1. Evaluate the Impact of Tariffs on Cybersecurity Programs
Tariffs are increasing the cost of cybersecurity hardware and software, making it harder for organizations to stay on budget and on schedule. These rising costs can delay important security upgrades, leaving systems exposed. To reduce this risk, security leaders should work with procurement to identify cost-effective vendors, avoid over-reliance on a single supplier, and build flexible plans that account for price changes and supply delays. This helps ensure that security projects stay on track—even in a volatile market.
2. Develop an Actionable Zero-Trust Strategy
Zero trust is now a core cybersecurity model—not just a trend. It requires strict access controls, continuous monitoring, and layered defenses to protect sensitive data. Gartner recommends building a Zero-Trust Center of Excellence (ZTCE) to lead this effort, ensuring the strategy is clearly defined, aligned with business goals, and consistently applied across the organization.
To dive deeper into how this model works, explore What Is Zero Trust Architecture?
3. Mature Cybersecurity Governance with NIST CSF 2.0
Strong governance improves how organizations manage cybersecurity risks. With the release of NIST Cybersecurity Framework (CSF) 2.0, Gartner recommends updating governance models to make cybersecurity part of everyday business decisions—not just IT operations. This helps align cyber risks with business goals, improve accountability, and maintain compliance in a rapidly evolving threat landscape.
To better align governance with security awareness training, read Keepnet article on Why Phishing Campaign Difficulty Matters and How to Use the NIST Phish Scale for More Effective Training.
4. Embed Cybersecurity Considerations into GenAI Governance
As GenAI becomes part of everyday business tools, it also introduces new security risks—especially around how data is accessed, processed, and shared. Organizations need clear policies that define how GenAI tools are used, particularly when handling unstructured or sensitive data. Building cybersecurity into GenAI governance helps prevent data leaks, reduce misuse, and stay compliant with evolving regulations.
For a deeper look at how to align GenAI use with compliance standards, read the Keepnet guide on Security Awareness Compliance: Requirements, Frameworks, and Best Practices.
5. Prepare Unstructured Data for Safe GenAI Adoption
Unstructured data—like emails, documents, and chat logs—often contains sensitive information that can pose risks when used in GenAI systems. Before integrating this data, organizations must classify, label, and secure it to prevent accidental exposure. A strong data governance process ensures that only safe, authorized content is fed into GenAI tools, reducing the risk of leaks and misuse.
6. Enhance Cybersecurity of Data with Cyberstorage
Traditional backups only store data—they don’t protect it from modern threats like ransomware or insider attacks. Gartner recommends cyberstorage solutions that actively detect and block threats within storage environments. These tools add a critical layer of defense, helping organizations prevent data breaches and stay compliant with evolving security standards.
To better understand and address the human risks behind insider threats, read the Keepnet blog on Why Do Employees Fail to Report Insider Threats? Understanding the Psychology Behind Inaction.
7. Discover, Monitor, and Manage Cyber-Physical Systems (CPS)
Cyber-physical systems (CPS)—such as operational technology (OT) and IoT devices—are increasingly targeted by cyberattacks due to their weak visibility and outdated protections. Gartner recommends using dedicated CPS security platforms that can automatically discover devices, map networks, and provide real-time threat detection and response. These tools are critical for protecting essential operations and minimizing downtime from cyber incidents.
8. Reposition Cybersecurity as a Business Enabler
Cybersecurity is often viewed as a blocker, but it should be recognized as a driver of business continuity and trust. Gartner urges organizations to reframe cybersecurity as a strategic asset that supports growth, protects reputation, and enables innovation. This shift starts with clear internal communication that highlights cybersecurity’s value across all teams and leadership levels.
For practical tips on aligning security with business goals, read the Keepnet article on Security as a Business Enabler: How CISOs Can Secure the Budget They Need.
How Keepnet Supports Gartner’s 2025 Cybersecurity Priorities
As organizations work to prioritize these key cybersecurity projects, Keepnet provides advanced solutions that can help streamline their efforts and enhance their cybersecurity posture. Here’s how Keepnet can play a crucial role in addressing these initiatives:
1. Support for Zero-Trust Strategy
Keepnet’s platform helps organizations adopt a zero-trust model by integrating behavioral-based security awareness training and AI-driven risk monitoring. By ensuring only authorized individuals can access sensitive data, organizations can reduce their exposure to internal and external threats, a core tenet of the zero-trust framework.
2. Cybersecurity Governance Maturity
With Keepnet’s comprehensive data protection and incident response tools, organizations can build a robust governance framework that aligns with NIST CSF 2.0. Keepnet offers continuous monitoring and automated responses, ensuring that governance is integrated into every level of the organization’s cybersecurity culture.
3. Mitigating GenAI Risks
Keepnet’s Human Risk Management platform helps embed cybersecurity considerations into GenAI governance. With real-time phishing detection and incident response, Keepnet assists organizations in managing the security risks associated with GenAI adoption, ensuring that sensitive data remains protected throughout the process.
4. Enhanced Data Protection
Keepnet enables businesses to safeguard data with cyberstorage solutions. The platform actively monitors and responds to cyber threats in real-time, ensuring that both structured and unstructured data are protected from potential breaches. This proactive approach helps businesses comply with the latest data protection regulations and standards.
5. Securing Cyber-Physical Systems (CPS)
Keepnet is well-equipped to support the security of operational technology (OT) and IoT environments. By using its Email Threat Simulator and behavior-based Security Awareness Training, Keepnet helps organizations identify vulnerabilities, test employee response to CPS-related threats, and raise awareness among non-IT staff. This ensures continuous protection of critical infrastructure through both technical simulations and human-focused defense.
6. Rebranding Cybersecurity Across Stakeholders
Keepnet’s platform fosters a security-first culture by offering engaging, adaptive security awareness programs that resonate with stakeholders across the organization. Through real-time nudges, incident response tools, and reporting capabilities, Keepnet rebrands cybersecurity as a strategic partner in business success, not a hindrance.
Turn Gartner’s Priorities into Real Security Outcomes
Gartner’s 2025 roadmap outlines where security leaders must act—from zero trust and GenAI governance to CPS protection and culture transformation. But real impact depends on execution.
Keepnet’s Extended Human Risk Management Platform empowers organizations to build a strong security culture with AI-driven phishing simulations, adaptive training, and automated phishing response. This all-in-one approach helps eliminate employee-driven threats, insider risks, and social engineering—turning your people from a vulnerability into your first line of defense.