The cybersecurity conversation has shifted — irreversibly. As our recently published "Trends and Cyber Threat Intelligence — H2 2025" report makes clear, the discussion is no longer about tools or defensive architectures alone. It points to a far broader reality: cybersecurity has become a structural challenge, deeply intertwined with geopolitics, the digital economy, identity, and trust.
In this landscape, the CISO's role is undergoing a fundamental transformation — evolving into that of a systemic risk strategist with direct accountability for business resilience.
NTT DATA's "Trends and Cyber Threat Intelligence" report reveals that the threat no longer stems from technological disruption, but from threat actors who have become operationally mature and strategically sophisticated. They are not looking for attention — they are buying time. The longer they remain undetected, the greater the impact. This fundamentally reshapes cybersecurity leadership priorities.
From attack detection to contextual understanding
One of the most notable trends in the report is the rise of low-noise attacks — no traditional malware, built on legitimate tools and valid credentials. The abuse of cloud services, SaaS platforms, and standard authentication flows has moved the focus away from the technical perimeter toward behavior and context.
In this new reality, the key question for the CISO is no longer technical — it's strategic: "Which decisions, access patterns, or behaviors fall outside the normal logic of the business?" Contextual detection thus becomes a pillar of resilience, demanding that organizations break down silos between security, identity, operations, and business functions.
Identity and OAuth: the new battleground
The report reveals a structural trend: identity is the new perimeter. Compromised credentials, token abuse, poorly governed OAuth integrations, and mismanaged third-party trust relationships now rank among the top attack vectors.
OAuth, designed to enable interoperability and seamless digital experiences, has also become a critical risk vector when permissions, lifecycle management, and privilege controls lack proper governance. For the CISO, this means elevating identity management — human and non-human — to the level of strategic decision-making.
The question becomes: who is accessing what, why, for how long — and how does that access affect actual risk exposure?
Ransomware: the economics of impact
Ransomware is no longer a technical problem — it has evolved into a highly optimized economic model. Data-driven extortion, selective leaks, and reputational pressure have reduced reliance on encryption as the primary mechanism.
This shift calls on the CISO to look far beyond the technical perimeter. Resilience is measured, above all, by the organization's ability to respond in a coordinated manner, manage communications, meet regulatory requirements, and protect stakeholder trust. Cybersecurity is no longer a siloed responsibility — it requires joint engagement across corporate governance, legal, communications, and executive leadership.
Artificial Intelligence: strategic ally or risk multiplier
AI is establishing its role as an operational force multiplier for cyber threats. On the offensive side, AI automates target discovery and profiling, enhances social engineering, and lowers the barrier to entry for less sophisticated threat actors. But the report also shows the flip side: organizations that deploy defensive AI and automation significantly reduce the financial impact of incidents.
This creates a new mandate for the CISO: governing AI usage across the organization, countering practices like Shadow AI that expand the attack surface and undermine resilience. AI must be deliberately integrated into the risk model.
The second half of 2025 delivers a clear message: a persistent gap remains between regulatory compliance and effective resilience. The most exposed organizations are those that fail to connect cybersecurity to strategy and context.
The CISO faces critical challenges ahead:
- Interpret cyber threats as a systemic factor.
- Govern identity, OAuth, and digital trust as critical assets.
- Translate technical risk into executive decisions.
- Build resilience as a competitive advantage — not a cost.
Remember: resilience is not improvised — it is designed, governed, and practiced continuously.