Another year is coming to a close, and it’s time to gaze into the crystal ball to see what’s in store for 2025. Once again, our team of cybersecurity experts will share their predictions for identity, technology, and digital trust.

Last year, we focused heavily on artificial intelligence (AI) and quantum computing—and the risks and opportunities that go with them. These technologies are continuing to reshape the security landscape, and we’re seeing their impact on cybersecurity strategies.

So what’s in store for 2025? Keep reading for insights from DigiCert’s Dean Coclin, Senior Director of Digital Trust Services Avesta Hojjati, Vice President of Engineering; Tim Hollebeek, Vice President of Industry Standards; and Mike Nelson, Global Vice President of Digital Trust.

Prediction 1: Post-quantum cryptography will advance from theoretical to practical and deployed

Last year, DigiCert predicted that ongoing advances in quantum computing would motivate executives to learn more about its risks and accelerate their investments in post-quantum cryptography (PQC). We predict that 2025 will be the year that PQC takes a major leap forward, from abstract line items on IT roadmaps to deployed operational solutions.

We’re already seeing the first steps toward putting PQC into play. The U.S. National Security Agency (NSA) is expected to announce CNSA 2.0 algorithms for critical NSS networks. We predict adoption of quantum-resistant cryptography will grow, with advanced encryption becoming available in hardware security modules (HSMs) and applications.

As its adoption accelerates, PQC will also evolve to become a regulatory compliance imperative. Global organizations have acknowledged the need for a quantum-secure economy, and compliance standards and regulations are in process for financial services organizations as well as healthcare providers.

Prediction 2: 2025 will see a continued rise in the hiring of Chief Trust Officers

In 2025, we’ll see a continued rise in Chief Trust Officers (CTrOs) as organizations prioritize digital trust and transparency to navigate increasingly complex regulatory environments and rising cybersecurity threats. With trust now a key factor in customer relationships, companies will recognize the need for a dedicated executive to oversee data privacy, ethical AI, and secure digital experiences.

The CTrO will play a crucial role in building and maintaining trust with customers, partners, and regulators, ensuring that companies not only meet compliance standards but also actively foster trust as a core business asset. As digital ecosystems expand, the demand for leaders who can align technology, security, and transparency will continue to grow—and grow fast.

Prediction 3: Coalition for Content Provenance and Authenticity (C2PA) will go mainstream

For cybersecurity pros, the 2024 election will be remembered as the first where AI deepfakes threatened to undermine voter confidence. So much of the media we consume is suspect, making content provenance more vital than ever. We predict that Coalition for Content Provenance and Authenticity’s (C2PA) Content Credentials icon will become commonplace to make it easier for consumers, creators, and marketers to identify authentic digital content.

Supported by top brands like Adobe, Microsoft, Nikon, Leica, and several others, the C2PA standard utilizes PKI to produce a tamper-evident record, which helps users differentiate between real and fake media. In the event content is manipulated or edited, the changes are recorded, making it easier to identify deepfakes and other altered content. It won’t be long before people see content credentials on many of the images they see online.

Prediction 4: As certificates evolve, crypto-agility will become more essential than ever

At a recent CA/Browser (CA/B) forum meeting, Apple proposed a gradual reduction of the maximum validity for public SSL/TLS certificates to 45 days by 2027. This proposal is part of a growing trend toward shorter certificate lifespans, which aims to improve internet security by reducing risks associated with longer certificate validities. To keep pace with the need for more frequent renewals, we predict that organizations will require more automation for web PKI.

Certificate automation has long been a fundamental aspect of crypto-agility, and for organizations that haven’t made it a part of their processes, certificate changes on the horizon will motivate them to adapt.

Prediction 5: Organizations will demand resilience and zero outages

The massive CrowdStrike outage this past summer not only revealed the need for better testing of automated software updates at scale, but also the importance of digital trust. We predict that expectations will rise and that people will demand more proof that their software and updates aren't just safe and reliable—they're secure and fully trusted.

That’s particularly true in cases where your physical safety can be compromised. As the IoT continues to mature, we’re seeing over-the-air (OTA) software updates across a variety of use cases—but how can people know that these updates are legitimate?

It’s not hard to imagine how disruptive a flawed or malicious update could be to a fleet of self-driving cars. We expect it won’t be long before automakers adopt a more transparent approach to sharing the results of their security measures to give car owners peace of mind.

In fact, we believe new regulations from the E.U. will accelerate this trend worldwide. The region recently adopted a set of cybersecurity requirements for the design and production of hardware and software. Effective in 2027, the Cyber Resilience Act is the first regulation with teeth to ensure that digital products adopt a more holistic approach to IoT security.

Prediction 6: AI-driven phishing attacks will surge

In 2025, the proliferation of AI will fuel an unprecedented surge in sophisticated phishing attacks, making them harder to detect. Attackers will leverage AI to craft highly personalized and convincing phishing campaigns, using advanced language models to mimic human communication with near-perfect accuracy. Automated tools will enable cybercriminals to scale these attacks at an alarming rate, targeting individuals and organizations with precision. As traditional defenses struggle to keep pace, organizations will need to adopt new mechanisms to counter this escalating threat.

Prediction 7: New private PKI standards like ASC X9 will gain momentum

Emerging private PKI standards like ASC X9 are crucial. Why? Because they enable interoperability and trust between organizations without relying on browser-driven, one-size-fits-all requirements, allowing for customized approaches that address specific business needs. Developed by the Accredited Standards Committee X9, ASC X9 focuses on security standards tailored for the financial industry, addressing critical areas like data integrity and authentication.

Unlike public PKI, which imposes uniform requirements driven by browser ecosystems, private PKI offers greater flexibility in defining security policies and compliance measures. This is particularly relevant for finance, healthcare, and other industries with stringent regulatory requirements or unique operational needs. By fostering secure, scalable, and tailored trust frameworks, these standards will empower organizations to enhance security and streamline collaboration in a way that public PKI cannot.

Prediction 8: More people will ask for Cryptography Bill of Materials (CBOMs) to strengthen trust

As cyberattacks and new, potentially malicious technologies like AI continue to evolve, we’ll be seeing an increased threat level to systems, devices, and processes. We predict that people will digitally sign more things, more often—and that they'll ask for Cryptography Bills of Materials (CBOMs) to strengthen digital trust.

CBOMs describe cryptographic assets and their dependencies. They provide a better understanding of how and where crypto assets are used and help organizations facilitate assessment of their risk. They’re extremely valuable, and in 2025, their use will become much more common.

Prediction 9:  Managing certificates with spreadsheets will end by 2028

Although nearly 25% of enterprises* manage their thousands (and sometimes, tens of thousands) of certificates manually, the era of manual tools to manage certificates is coming to an end. We predict that as businesses adopt increasingly stringent security standards and shorter certificate lifespans, outdated processes and legacy applications will simply cease to be sustainable.

This shift will drive organizations to embrace modernized, automated management solutions that provide the agility, scalability, and efficiency needed to keep up with evolving industry demands. Businesses that prioritize automation and streamlined workflows will be better equipped to meet these challenges and remain competitive.

*2024 World Quantum Readiness Day survey; 23.53% of respondents said certificates are managed via “manual effort” (e.g., spreadsheets)

Prediction 10: Organizations will continue to prioritize fewer vendors to simplify their tech stack

Despite this summer’s CrowdStrike incident, which raised concerns about relying too heavily on a single vendor, we predict that enterprises will continue consolidating their vendor selection. Managing thousands of vendor relationships and contracts is a common challenge for large enterprise IT teams, and streamlining these partnerships offers numerous advantages. Partnering with a vendor that provides a wide range of solutions not only creates economies of scale but also simplifies integration and interoperability across the tech stack, reducing system fragmentation.

Consolidation can enhance security by providing greater visibility and consistency in practices while lowering the risks associated with managing multiple platforms. It reduces the complexity and time spent on contract negotiations, renewals, and vendor evaluations, allowing IT teams to focus on strategic initiatives. And it fosters stronger, more collaborative vendor relationships, enabling faster issue resolution, better support, and tailored solutions that align with enterprise needs.

In short, prioritizing fewer vendors drives efficiency, cost savings, and agility across the organization—and we don’t expect to see that change.

The latest developments in digital trust

Want to learn more about topics like automation, PQC, and digital trust? Subscribe to the DigiCert blog to ensure you never miss a story.