Cybersecurity and Data Protection 2025: key trends, threats, and investments for businesses

Everything businesses need to know to safely navigate the digital future

Cybersecurity in 2025 is not simply a technical matter: it is a strategic lever for competitiveness, sustainability, and trust.

In this article:

2025 marks a turning point for cybersecurity. In a world where the economy is increasingly digital and information represents a crucial asset, data protection is no longer a choice, but a strategic necessity. Cyber threats continue to increase in volume and sophistication, and businesses find themselves having to manage an ever-wider and more complex risk perimeter.

According to recent analyses, 57% of global organizations plan to increase their cybersecurity budget over the next 12-24 months. Furthermore, 58% state that this spending will be integrated with IT investments and those dedicated to digital transformation. In this context, cybersecurity is no longer an isolated sector, but a cross-cutting element that embraces every area of the business.

Cybersecurity becomes a driver of growth

Today, cybersecurity is an integral part of business strategy. It is no longer limited to protecting networks and systems, but actively contributes to achieving business goals, building trust, and accelerating innovation processes.

The most significant data point? 86% of companies globally have already taken concrete action to strengthen their security posture. Organizations with a higher level of cyber maturity are the ones that manage to reap the greatest benefits, recording up to twice the positive results compared to less prepared competitors. This demonstrates that the ability to prevent and manage cyberattacks not only reduces risk, but also creates value.

Artificial Intelligence: a powerful ally, but not without risks

In 2025, Artificial Intelligence (AI) confirms its status as an increasingly strategic resource in cyber defense. 39% of companies already use it to monitor IT infrastructure in real time, detect anomalous behavior, and trigger automated responses to security incidents.

However, AI is not without its risks. One of the most insidious emerging threats is represented by deepfakes: artificially generated audio or video content capable of perfectly simulating words and actions never actually spoken or taken by a real person. In recent months, this technology has made massive progress, to the point that distinguishing an authentic video from a synthetic one is increasingly difficult, even for the human eye.

This phenomenon is worsened by the massive amount of data available on social media, which provides cybercriminals with the necessary material to “train” AI models and carry out increasingly sophisticated fraud.

But can this type of attack also compromise remote identification processes? At the moment, the risk remains contained: creating real-time deepfakes during a video identification session is still technically complex. Furthermore, detection technologies are evolving rapidly, making it increasingly difficult to deceive recognition systems with synthetic content.

Security as an integral part of digital transformation

In the new digital landscape, cybersecurity can no longer be treated as a separate line item. It must become an integral part of technology strategy, decision-making processes, and innovation. Unsurprisingly, 58% of companies plan to integrate security spending with that for IT projects and recognition systems, adopting a synergistic approach among technology, risk, and value.

This means that every new development – from the adoption of AI to the transition to cloud-native systems – must be designed from the very beginning with an embedded security vision. This is the principle of security by design: only in this way can protection be guaranteed without slowing down innovation.

Intesa Identification

In order to have security procedures that are widespread and pervasive throughout the entire process, Intesa’s AI-powered identification performs checks at every step:

verifying the authenticity of the identity document, regardless of the document used: the font, all graphic elements, and the expiration date are checked. In the event of anomalies, a human check is triggered.
using external databases for data verification (for example, SCIPAFI, one of the most well-known), as well as checking the user’s digital footprint—for instance, how long ago the phone number or email address was created.
in the case of self-onboarding with liveness verification, it checks whether the face is present in our blacklist, whether the same face has been associated with different personal data, and, of course, if it matches the uploaded document.
every night, an “overnight check” is run on all videos uploaded over time during the identification processes carried out by Intesa. Should any suspicious matches be detected, a manual verification of the personal data is initiated.
for remote identification processes, Intesa ID is available, the wallet-ready identification platform certified by AgID for SPID and CIE. It enables secure digital user identification through guided identity document acquisition and a video selfie. Intesa ID integrates advanced automated controls and biometric validation systems, ensuring full compliance with regulations and a smooth, accessible user experience.

Data protection: the beating heart of digital trust

Data protection is now one of the fundamental pillars of corporate competitiveness. Customers, partners, and stakeholders expect organizations to guarantee the integrity, confidentiality, and availability of information. Indeed, businesses consider the loss of trust in technological systems to be the most serious consequence of a cyberattack.

To meet these demands, many companies are adopting zero-trust security models, strengthening identity and access management systems, and integrating privacy right from the design stage of digital services, in accordance with the principle of privacy by design.

In this context, relying on qualified vendors becomes essential. These partners, certified and up-to-date on the latest regulations such as GDPR and eIDAS, offer advanced technological solutions and continuous infrastructure monitoring, minimizing vulnerabilities and simplifying regulatory compliance. Collaborating with trusted vendors allows companies to build transparent and solid relationships with customers and stakeholders, thereby strengthening their reputation and competitiveness in the digital market.

Conclusion: a trust-based strategy to face the future

Cybersecurity in 2025 is not simply a technical matter: it is a strategic lever for competitiveness, sustainability, and trust. Companies that can evolve toward an integrated, proactive, and value-oriented security model will be the best prepared to face the digital future.

In this journey, Intesa, as a Qualified Trust Service Provider (QTSP) under the European eIDAS regulation, accompanies businesses and public administrations in building secure, compliant, and interoperable digital ecosystems. Because protecting data today means protecting reputation, business, and the ability to innovate tomorrow.

Sources: