From NIS2 to zero trust: how businesses must shape IT security in 2025

By Tresorit Team compliance
From NIS2 to zero trust: how businesses must shape IT security in 2025

In a Bitkom study from summer 2024, an alarming 8 out of 10 companies reported they had already been affected by data theft, espionage, or sabotage—a trend that continues to rise. Thus, IT security will remain an essential topic in 2025, too. The good news: while cyber criminals are upping their game, the IT security landscape is also speedily evolving.

As we look ahead to 2025, businesses must embrace themselves for transformative challenges—from the rapid rise of AI and advanced digitalization to sweeping legislative changes. Central to this evolution is the EU’s NIS2 Directive, a game-changer in how organizations approach security.

This article explores the key trends that will shape IT security in 2025 and highlights how secure collaboration platforms like Tresorit can help businesses meet the moment.

NIS2 Directive: the rising benchmark for cybersecurity

As of 2025, businesses across Europe must comply with the requirements of the EU NIS2 Directive (Network and Information Systems Directive 2) and DORA (Digital operational Resilience Act). The NIS2 Directive expands the scope of cybersecurity regulations to new industries and legal entities and stipulates more stringent security measures, transparent risk management processes, and swifter incident reporting. Meanwhile, DORA enforces comparable standards within the financial sector, focusing on operational resilience and cybersecurity compliance.

With a particular focus, the NIS2 directive mandates proactive measures to mitigate risks within the supply chain. For organizations navigating complex supply chains, this translates into a new level of operational diligence and accountability.

One of the biggest challenges for businesses falling under the NIS2 Directive is ensuring secure collaboration and communication across employees, partners, and third parties. Thus secure cloud collaboration platforms such as Tresorit can offer an optimal solution for NIS2 compliance.

Tresorit’s zero-knowledge end-to-end encryption ensures that sensitive information exchange inside and outside of the organization remains secure. Key features like granular access controls and audit logs not only safeguard data but also simplify compliance with the requirements of NIS2 for risk management and documentation.

By providing transparency into who has accessed data and what actions have been taken, Tresorit empowers businesses to meet both the spirit and the letter of NIS2. Beyond compliance, these measures build trust among stakeholders and elevate overall operational security.

Technological independence and data sovereignty

As geopolitical tensions rise, data sovereignty is emerging as a pivotal issue for European businesses. Initiatives like Gaia-X emphasize local control over data and technological independence, pushing organizations to choose providers who comply with European regulations and prioritize data integrity, e.g. with powerful encryption and free choice regarding data residency.

By choosing solutions rooted in Europe, businesses can fortify their cybersecurity strategies while aligning with broader sovereignty goals.

The zero-trust trend

As cloud adoption soars, so too does the necessity for robust cloud security strategies. Especially in terms of data transfer, data storage, and collaboration, companies must ensure that their cloud services are up to par with the latest security standards. This also entails protection from threats like ransomware and DDoS attacks, which increasingly affect businesses.

This is closely linked to another trend: The zero-trust approach has become the norm in IT security over the years. Zero trust challenges the outdated notion of implicit trust based on network location. Instead, it enforces a strict “never trust, always verify” policy. Every user and device must be authenticated and authorized for each action. This ensures that only authorized users can access specific data and applications, independent of their location or device.

For businesses embracing hybrid and remote work models, zero trust mitigates insider threats and cyberattacks while reducing the fallout from successful breaches. And zero-knowledge end-to-end encrypted platforms like Tresorit can efficiently facilitate and complement this approach. Even if attackers gain access, Tresorit’s end-to-end encryption ensures they’ll find only unusable, scrambled data.  

AI and machine learning: the future of threat detection

Artificial intelligence and machine learning are revolutionizing cybersecurity by enabling real-time threat detection and response. This way, cyberattacks such as phishing, ransomware, and DDoS attacks can be identified sooner, enabling a quicker response and damage limitation.

AI-powered tools can analyze data patterns to spot anomalies, predict likely vulnerabilities, and even recommend preemptive action. This proactive approach will be critical for businesses in 2025.

Security as the foundation for business success in 2025

As we move into 2025, one thing is clear: IT security is no longer just a technical issue—it’s a strategic priority. Compliance with regulations like NIS2 and DORA will require businesses to scrutinize not just their own IT infrastructures but also their suppliers and processes for potential risks.

Trends like zero trust, cloud security, and AI-driven threat analysis will revolutionize the way organizations protect their systems. IT security isn’t just a cost of doing business: it’s the bedrock for innovation, growth, and resilience. And as 2025 approaches, it’s more vital than ever.

Want to learn more about how Tresorit can help your business stay ahead in 2025?
Discover our solutions for secure collaboration and simplified NIS2 and DORA compliance.

Suggested Articles