While stronger governance and automated oversight provide the framework, Jain emphasizes that security ultimately depends on the daily decisions of everyone in the organization. “True security comes from habit, behavior, and culture. Every click, every decision, every configuration, every third-party integration now carries weight.”
7. Regulatory pressures hit the board
Government oversight grew stricter in 2025. Regulations demanded faster reporting, tighter controls, and accountability at the senior leadership level, according to Jain. “Boards are no longer satisfied with compliance checklists. They expect measurable resilience, ROI in terms of risk optimization, demonstrated preparedness, and continuous reporting. This has made cybersecurity a strategic lever, influencing M&A decisions, supply chain partnerships, and even go-to-market business strategies.”
Meanwhile, international frameworks like IRAP, ISO, and NIST are being enforced more rigorously, says Soin. “Standards may not have changed as much as we think they have. But the enforcement of those standards is getting stricter. We’re seeing a lot more, as an example, customer contracts or regulations on expectations from customers, and for the right reasons.”
