How many fire drills have you participated in?
One drill once a year, if not more, right? And you’re probably great at it now because it now comes second nature. Fire drills work because they’re consistent, practiced and prepare you for the unexpected.
So, why aren’t we applying the same principle to other critical threats, like cyberattacks?
With new threats and regulations constantly appearing on the horizon, it’s time to shift our mindset. Practicing and training are the best ways to prepare for fires, accidents, and, yes, even cyberattacks. But what are the biggest trends your organization will have to take into account when it comes to cybersecurity training in 2025?
Let me share with you what I’ve learned from our own 2024 Cybersecurity Academy training sessions.
Key topics to watch out for in 2025
1. AI: What everybody is talking about
Let’s start with the elephant in the room: AI.
With AI tools becoming available everywhere, everyone should be trained on how to securely adopt and implement them. Organizations need to provide adapted training for IT and cybersecurity teams, but also to their wider employee base, to address AI-related threats and mitigation strategies. Indeed, hackers are using AI to create new types of malware and launch sophisticated attacks, such as phishing and deepfake threats. While younger generations may already be adept at using new technologies and equally adept at recognizing it when used for malicious purposes, employees lack digital maturity, making it difficult for them to adapt.
Anti-phishing training should now include deepfake awareness. Employees need to know how to spot a scam, whether it’s in an email, a video call, or even a voice message. Often targeted by scams that could cost millions, C-suite executives are particularly vulnerable. Training employees to pause and question what they see and hear is critical. It’s a new way of thinking and one that requires practice to get right.
Another equally important aspect of training is to get employees to use AI responsibly. Clear guidelines help prevent employees from mishandling sensitive data or relying on AI for decisions it is not equipped to make. They must understand how to avoid feeding confidential information into AI tools and need to remember to apply ethical principles when deploying AI.
2. Two emerging trends that companies need to address immediately
Two game-changing technologies are set to dominate the cybersecurity agenda in 2025: post-quantum cryptography (PQC) and privacy-enhancing technologies (PET).
Governments and European institutions[1] are emphasizing the urgent need to invest in PQC technologies to address quantum-era threats. Yet, many decision-makers remain behind the curve. This lag poses a significant risk. Organizations must prioritize training to prepare for these advanced threats before they materialize.
Eviden strongly advises businesses to address PQC training now to bridge the knowledge gap before it becomes a significant challenge. If quantum threats aren’t already part of your cybersecurity risk management strategy, now is the time to upskill your teams.
What about PET? Well, PETs are becoming indispensable for companies managing sensitive customer data. PETs include tools like homomorphic encryption and differential privacy, enabling secure data processing without compromising user privacy. Training programs must equip teams to implement these technologies effectively and align with global privacy regulations.
Hyper specialized trainings will support cybersecurity teams to upskill on these new cyber paradigms regarding data privacy and cryptography.
3. Compliance challenges in 2025
The Digital Operational Resilience Act (DORA), Cyber Resilience Act (CRA), NIS 2 Directive, and AI Act will dominate the regulatory landscape for European companies.
However, these regulations don’t just affect IT teams; they demand attention from boards and executives. The financial stakes for non-compliance, including hefty fines, will push organizations to invest in comprehensive training. They should be able to answer concrete questions such as:
- How does DORA impact your incident response plans?
- What does the AI Act mean for your use of machine learning models?
Addressing these questions through targeted training ensures teams are prepared to meet regulatory requirements effectively and become progressively more resilient.
The future of cybersecurity training: Learning by doing
Gone are the days of passive lectures and PowerPoint slides. In 2025, effective training will be about action: learning by doing. The trainee should not only listen but be able to act and upskill, as required. Being in action allows the trainee to memorize best practices, make mistakes without bearing the consequences of its impacts, and then improve.
Interactive crisis simulations
Your team is in the middle of a simulated cyber crisis. Systems are down. Alarms are blaring.
- What’s the first step?
- Who calls the shots?
Crisis simulations allow teams to practice under pressure, test their processes, and refine policies without real-world consequences.
Gamification and escape rooms
Gamified experiences, like cybersecurity escape rooms, bring teams together to solve challenges with a short time limit.
These are engaging, competitive, and help cement critical skills. Plus, winning awards definitely makes it all the more enjoyable!
Immersive theatre for cybersecurity
In this new type of learning, professional actors portray your typical CISO, CTO, or even a stubborn CFO resisting a bigger cybersecurity budget. When a crisis unfolds, participants must strategize, collaborate, and respond in real-time.
In the end, the entire “cast” has a debrief with academic trainers who break down what went well, what didn’t, and what to do differently next time. It’s realistic, interactive, and sticks with participants far longer than traditional methods.
Preparing for the way ahead
Cybersecurity training in 2025 is all about proactivity, creativity, and immersion. The stakes are higher than ever, but so are the opportunities to build resilient organizations. Whether it’s mastering AI threats, tackling quantum challenges, or preparing for the latest regulations, the tools are there. Are you ready to step up?
Let’s discuss how your organization can launch an immersive cybersecurity training and development program for better readiness and resilience. Connect with me.
[1] BSI Germany, l’ANSSI France, Home departement Netherlands, Severals states Members
