Small business trends to watch in 2025

It’s clear that the world of cybersecurity is changing fast. With new tech, evolving cyber threats, and AI taking center stage, businesses will have to stay on their toes. From smarter ways to detect threats to the growing role of AI in security, the next year will bring plenty of shifts.

Experts are weighing in with their predictions on what’s coming next, and what companies need to focus on to stay ahead of the curve. Here’s what to expect as small businesses gear up for the future

Sal Sferlazza, CEO and Co-Founder, NinjaOne

In 2025, people will double down on practical use cases for AI

To accommodate new norms, hybrid work won’t go away.

“Employees will continue to have more flexibility in where and how they work – even as companies try to draw their people back to the office. While some organisations issue in-office mandates, they will remain the exception. The reality is that employees are everywhere now, and they need to be supported anywhere, on a variety of devices, to be productive at work.

“To build hybrid resilience, organisations will need to implement digital guardrails (frameworks for AI use, clear security policies, etc.) to adapt to new work patterns. IT teams also need to have the tools and resources at their disposal to remain competitive. Otherwise, business productivity, employee satisfaction, and customer security are at risk.”

2025 will be the year of the hardware (and software) refresh.

“Everyone bought new laptops during the pandemic (that’s about 5 years ago now), and folks are due to start trading in their old models for new ones (especially as AI-enabled PCs start coming to market). Plus, Apple and other hardware giants have been launching a wide variety of new devices and updated operating systems (OS) this year, meaning a widespread refresh is on the horizon for organisations big and small.

But it’s not just hardware that’s due for an update. Software is too. The federal government issued several warnings this year about the vulnerabilities associated with the Windows 10 OS, which will be reaching end-of-life (EOL) next October. But even still, 70 percent of Windows devices today are running on Windows 10.

If organisations don’t update their operating systems now, they’ll be running on unsupported systems come next October, which is a terrifying thought as the threat landscape gets worse and more ruthless. Not to mention, it adds an additional layer of complexity for IT teams burdened with managing a widening heterogeneous environment.”

AI will start to find its identity.

“In 2024, we saw a shotgun approach to AI. Organisations threw a lot against the wall as they tried to find and monetise what sticks, sometimes even at the expense of customers. For example, we saw the emergence of things like autonomous script generation – giving AI carte blanche access to writing and executing scripts on endpoint devices. But giving AI the keys to the entire kingdom with little to no human oversight sets a dangerous precedent.

In 2025, people will double down on practical use cases for AI – use cases that actually add value without compromising security, via capabilities like automating threat detection, patching support, and more. Plus, next year, we’ll see regulators really start sharpening the pencil on where the data is going and how it’s being used, as more AI governance firms up around specific use cases and protection of data.”

Sally Branson, Managing Director, The Sally Branson Consulting Group SBCG

By the end of 2025, crisis management capabilities will be a standard KPI for board evaluations.

It may seem at odds for a crisis manager to say she’s excited about crisis coming in 2025 – but I am. After carefully watching the patterns and shifts in our industry, I predict this will be a year of extraordinary opportunity in crisis management for the business community. Here’s what I see unfolding:

• 2025 will be the year organisations finally fully embrace digital intelligence in crisis management. I predict we’ll see AI-powered early warning systems become standard practice, not just nice-to-have tools. Those who master how AI influences search algorithms and news distribution will lead the pack in crisis response.
• My boldest prediction? By the end of 2025, crisis management capabilities will be a standard KPI for board evaluations. We’re already seeing this shift begin, and it will accelerate dramatically. Organisations are realising that resilience truly starts at the top.
• 2025 will mark the end of siloed crisis management. I’m seeing signs that organisations are ready to embrace crisis management as a complex discipline that transcends traditional PR. This means integrating specialised expertise across stakeholder management, operational resilience, and strategic decision-making.

I’m preparing my clients for this shift by:

• Building comprehensive digital monitoring frameworks
• Developing board-ready crisis measurement tools
• Creating integrated crisis response systems that bridge traditional departmental boundaries

Kathryn Goater & Anthony Caruana, Co-CEOs, Media-Wize

Diversity, equity, and inclusion will continue to be an important part of PR campaigns in 2025.

In 2025 we will see the rise of powerful new technologies with growing challenges around credibility, authenticity, and evolving media consumption habits. The rapidly accelerating use of generative AI in copywriting and pitch automation to the continuing battle against misinformation means businesses must stay agile to keep up and safeguard their reputation.

Here are some of the key PR trends that will shape the year ahead, along with the potential risks and strategic considerations for organisations, marketers, and comms teams.

1. Misinformation and the battle for truth

With misinformation spreading faster than ever, businesses communicating publicly need to be on alert and quickly clarify and correct any inaccuracies about their brand, products, and services in traditional and social media. PR, marketing, and social teams need to be proactive in monitoring traditional media, social platforms, and review sites and only respond if facts are incorrect. There is a careful line between feeding the trolls and correcting misinformation.

2. Gen AI and automation

Many PR and marketing teams are already using Gen AI to help write all forms of copy. Tools like ChatGPT, Copilot, Gemini, and Jasper make it easier than ever to generate quick copy for press releases, blog posts, articles, and media pitches. AI can also automate the task of outreach to journalists and podcast hosts.

But embracing these tools without understanding the risks can lead to trouble. AI can help streamline tasks, but it lacks the nuance, creativity, and relationship-building skills critical to effective communication. AI is known to hallucinate and make up facts, statistics, and studies that can land clients and brands in reputational hot water. It doesn’t understand the wider context, organisational goals, or the shifting social climate and public opinion. While it helps kick off research and generate ideas, a human needs to carefully fact-check everything. And journalists can spot AI copywriting a mile off and frequently call it out.

3. Election year and the risks of political engagement

2025 is an election year in Australia so politics will inevitably shape public discourse. Weighing in on political issues, even with the intent to be edgy or provoke viral conversation, can be risky. Public perception can shift rapidly, and taking a controversial stance could alienate customers or provoke backlash. Even if an organisation has a genuine commitment to a cause, commenting on political matters can backfire. In an increasingly polarised environment, businesses should consider staying neutral or focusing on issues where they can make a positive, non-partisan impact.

4. New social media platforms

Social media users can be fickle and move from platform to platform. As X (formerly Twitter) loses favour, and Facebook increasingly skews to an older demographic, new platforms like BlueSky and Threads can give PRs and brands early mover advantage in campaigns.

5. Diversity, equity, and inclusion impacts

Diversity, equity, and inclusion will continue to be an important part of PR campaigns in 2025. Consumers are increasingly holding brands accountable for their social and environmental impact, as well as their hiring strategies, pay parity, female speaker representation at events, and other outward-facing activities. Be mindful of the language, visuals, spokespeople, and partnerships you forge and consider the social context.

6. The acceleration of pay-to-play

In many verticals in Australia, placing on merit opinion or thought leadership is increasingly difficult to secure. Many publications have moved to pay-to-play models in the fight for their survival amidst dwindling advertising revenue. PR and marketing teams need to factor this into 2025 budgets to also demonstrate they are supporting the ongoing viability of trade press.

Vinay Samuel, CEO and Founder of Zetaris

2025 will see the demise of reliance on chat-bots and funding for chat-bot projects will diminish

1. Given the extreme level of geopolitical and economic uncertainty, Australian businesses operating in the United States and globally in 2025 will redefine business models that are rapid-pivot ready. Plan B will be locked and loaded as a secret shadow business model.
2. 2025 will be known as the year of ‘The Automation of Everything’. Automation of every facet of business will accelerate, and the role of the human in the loop will be further refined. Soft skills like problem-solving, thinking outside the box, communication, collaboration, and teamwork will be prized more than ever before as more recognition of AI’s current limitations are more widely understood.
3. As the use of AI accelerates globally in 2025, Zetaris predicts more Australian organisations will totally rethink their business models and strategic approaches. They will unlock AI capability in new ways and increase the speed of AI market opportunities and revenue streams. This will result in senior business leaders allocating more specific goals and KPIs to derive more value from AI projects.
4. Zetaris reports that 2025 will see the demise of reliance on chat-bots and funding for chat-bot projects will diminish. Australian organisations will be shifting quickly from a chat-bot focus to projects that target more mature role-based AI capabilities.
5. Customer experience and the customer journey throughout the whole touchpoint lifestyle will be redefined using AI as the main interface in 2025 and beyond. AI at the edge will become critical to meeting customer experience goals, which will drive massive infrastructure demand in the form of compute at the point of inference (at the edge).
6. 2025 will see the acceleration of data projects leveraging lakehouse technologies to fuel AI’s widespread adoption, including at source where the data is created. A shift towards a federated model of data management in 2025 will see the emergence of the ‘atomic lakehouse’ as the industry shifts further away from the centralised model, towards the notion of many data stores, streams, lakes, and databases, and files being coordinated and analysed for AI and other decision support models.
7. In 2025, we will see a continued emphasis as organisations strive to align more strategically to environmental reporting and align brands more strongly with sustainability initiatives. This will include a stronger focus and unlocked funding to turbocharge development of more sustainable technology architectures that reduce the complexity and compute time to extract real-time, rapid, and accurate data insights and reduce electricity duplication and waste.

Tesserent’s Cybersecurity Predictions for 2025

Australian businesses and governments will continue to find it difficult to retain cybersecurity talent

Amongst the key trends, Jason Plumridge, Chief Information Security Officer, Tesserent warns that we will see escalating social engineering attacks, but this time powered by AI. AI will also be leveraged to step up attacks on critical infrastructure.

1. Rise of social engineering – powered by AI: AI is providing cyber-criminals with the tools to quickly and convincingly craft phishing emails. Social engineering will be a key attack vector consumers and businesses need to watch out for in 2025.
2. More cyber-attacks fueled by AI: The rapid speed at which cyber-criminals are deploying AI means they can execute more attacks with greater velocity and precision. Tesserent warns this trend will continue to accelerate in 2025. The number of AI-based tools for cyber criminals will increase in 2025 and drop in price on the dark web, further democratising the use of this technology by threat actors.
3. The good guys will use AI to fight back: Tesserent predicts that AI will continue to advance as a core element of data analysis, threat monitoring, and orchestrated and automated response as part of an organisation’s security program throughout 2025.
4. More attacks will be leveraged against Australian critical infrastructure: Tesserent expects there will be increasing attacks that threaten Australian critical infrastructure and utilities in 2025 with these attacks supported by AI.
5. Public and private sector will continue to struggle to hold onto cybersecurity talent: Tesserent expects that Australian businesses and governments will continue to find it difficult to retain cybersecurity talent in an increasingly competitive environment. More government departments and private sector enterprises will continue to outsource as a result.

Scott Rawson, Managing Director of Instant Products Group

I believe more companies will start looking at fresh, alternative ways to recruit the talent they need.

As the founder and Managing Director of a construction services company, there are three key areas I believe will be a focus for businesses in 2025:

• WFH vs In-Office: I believe we’ll continue to see an increase in workers returning to the office—with some WFH flexibility—as companies encourage in-office attendance. This shift will bring flow-on benefits to city centres, as the vibrancy of Monday to Friday work life returns.
• Global Teams and Outsourcing: Amid ongoing skills shortages and a tight labour market, I believe more companies will start looking at fresh, alternative ways to recruit the talent they need. Onboarding team members who live and work overseas will become more commonplace, supported by technological advancements, allowing companies to tap into a global talent pool. This is a strategy Instant Products Group has successfully employed for around 10 years, with our global team continuing to grow.
• Continued Rise of AI: As AI continues to develop, businesses will find an increasing number of ways to automate a range of processes, freeing up skilled staff for more intensive work. The rapid speed at which the technology is advancing will create more opportunities for its adoption across a broader range of industries.

Shannon Karaka, Country Lead ANZ at Payroll Expert Deel

2025 will mark a transition toward full automation and predictive analytics.

2025 will be the year businesses wake up to the cost of inefficient payroll. As we approach 2025, a critical trend is emerging: businesses are waking up to the hidden costs and risks of relying on outdated, manual payroll systems. Recent data from Deel reveals that 71% of HR and finance professionals use up to five different tools for payroll. Expect a growing realisation among employers about the cost, time, and error-prone nature of manual payroll, which will drive a shift toward SaaS-based unified platforms.

Payroll is increasingly global (but no one’s cracked the code yet): In an era where workforces are more global than ever, payroll systems face increasing pressure to keep up. Managing diverse regulatory, tax, and currency requirements across multiple jurisdictions is no small task, and existing payroll systems are struggling to meet these demands. While many providers claim to offer global coverage, most rely on networks of local partners to handle compliance and payments. This patchwork approach often results in inconsistencies, inefficiencies, and gaps in service.

We’ll start to see a rise in demand for alternative pay options in AU: In 2025, we expect two trends to emerge: a demand for ‘real-time’ access to wages over traditional payroll cycles and a rise in alternative payment options such as digital wallets and cryptocurrency, particularly among tech-savvy, remote, and globally distributed workforces. Governments will likely issue guidance or introduce regulations to ensure these new payment methods are implemented fairly and transparently. As the demand for flexibility in payroll grows, businesses will need to adapt to meet evolving employee expectations while navigating a rapidly changing regulatory landscape.

Compliance will remain a constant: As we head into 2025, compliance will remain a critical focus for businesses, with increased scrutiny on wage accuracy and underpayment prevention. New laws to stop wage theft will take effect in January 2025, imposing criminal penalties for intentionally underpaying wages and benefits under the Fair Work Act 2009. Companies will need to ensure their payroll calculations are correct and follow the new rules.

AI and automation will take centre stage in 2025: Artificial intelligence and automation are poised to transform how businesses approach payroll and workforce management. The majority (93%) of companies expect to need more AI skills in the next two to three years. Meanwhile, 38% of businesses already hire AI workers for finance and payroll. This shows a clear shift toward solutions using AI.

In payroll, 2025 will mark a transition toward full automation and predictive analytics. Advanced AI tools will streamline payroll processes, forecast expenses, identify anomalies, and recommend strategies to optimise budgets and spending. This trend is just beginning.

David Wiseman, Vice President – Secure Communications at BlackBerry

The use of apps like WhatsApp, Signal, and similar services for sensitive communications will continue to come under scrutiny

Cybersecurity outages, espionage attempts by foreign actors, and AI-led misinformation were significant concerns in 2024, and this will continue to escalate in 2025. The recently introduced Australian Cyber Security Act reinforced the government’s commitment to cyber resilience, bolstering national security and protecting businesses and people from cyber threats. This is crucial as Australia heads toward the federal elections next year.

Recent reports of Chinese espionage groups allegedly targeting the cellphones of former President Donald Trump, Senator JD Vance, and Democrat staffers are just one example of adversarial activity targeting the fabric of democracy globally. Information from politicians’ phones can be invaluable to foreign intelligence agencies attempting electoral interference or other objectives that threaten national security.

This scenario exposes vulnerabilities in telecommunications infrastructure, as metadata generated by ‘free’ apps for voice calls and messaging can be easily traded, fuelling ‘wire-tapping-as-a-service’ markets. This underscores the harsh reality that trust placed in uncertified apps does not extend to protecting metadata. Government agencies, political figures, and their teams must mitigate risk with military-grade, secure communications solutions, which will be critical to maintaining election and democratic integrity.

David’s top 3 picks for 2025 cyber predictions are:

1. Telecom Networks as the New Stratum for Threat Actors: Attackers are expected to target telecom and internet service provider (ISP) networks more aggressively, using ‘supply chain’ attack methods and lessons learned from recent US telco-network hacks. Secure communications must be a critical component of supply chain security, especially in high-risk sectors like government, defence, healthcare, finance, and critical infrastructure.
2. Mobile Messaging Apps: There Is No Such Thing as ‘Free’: Mobile spying is on the rise. The use of apps like WhatsApp, Signal, and similar services for government and sensitive communications will continue to come under scrutiny—especially as Australia prioritizes data and communications sovereignty during the election year. Governments and critical industries must leave no breadcrumb trail or stored metadata for attackers to harvest.
3. Identity Spoofing Will Escalate as AI, Deepfakes, and Exposed Metadata Fuel Sophisticated Attacks: Gen AI learns from voice and text, as well as imagery, which can afford attackers real-time information to target victims immediately. Recent US network breaches have shown how widely accessible user metadata and real-time communication information have become, making it easier for miscreants to tailor attacks based on the calls or communications you’ve just made.

Melissa Williams, CEO, Learning Dimensions Network

I urge Australian businesses to consolidate and focus on our own backyard

Having recently immersed myself in workplace cultures across Europe and the USA, I’ve observed stark contrasts. The US, fueled by its political landscape, is hurtling towards a ‘go big or go home’ mentality. Boldness and rapid action will be paramount in 2025, especially for Australian businesses aiming to crack the American market. Align your offerings with the shifting sands of US policy, but be prepared to embrace risk and scale quickly, or stay put.

In contrast, Europe, much like Australia, leans toward sustainability and harmonisation. While the US focuses inwards, Europe’s gaze is external, seeking collaboration and balance. This resonates with Australia’s own risk-averse, regulated environment.

For 2025, I urge Australian businesses to consolidate and focus on our own backyard. However, remain agile and ready to seize opportunities. The key lies in leadership—are you bold enough to take the leap when the moment arrives?

Nick Schneider, President and CEO at Arctic Wolf

In 2025, addressing security challenges will require an integrated approach

• Exciting New Ventures: Arctic Wolf’s Cylance Acquisition
  Arctic Wolf’s strategic acquisition of BlackBerry’s Cylance® endpoint security capability will enhance its portfolio, providing world-class endpoint protection. The integration of Cylance will help combat alert fatigue and reduce risk exposure for clients through unified security operations.
• Platformisation vs Best-of-Breed Wars Intensify
  2025 will witness a shift toward integrated, comprehensive security platforms as organizations demand more unified solutions. The consolidation trend is expected to continue, focusing on delivering efficient data management and protection.
• Cyber Risk as Business Risk
  Organizations must understand that cyber risk is not just an IT concern but a broader business issue. In 2025, addressing security challenges will require an integrated approach involving procurement, hiring, and overall business strategy to mitigate risks effectively.

Sharon Melamed, Managing Director, Matchboard

• Expansion into IT Outsourcing Services
  Matchboard, known for helping businesses with Call Centre, Back Office, and Sales outsourcing, is launching IT outsourcing services to address the increasing global demand for IT talent. The IT outsourcing market is expected to grow significantly, and Matchboard plans to tap into countries like the Philippines, India, and Eastern Europe to fulfill this need.

Jake King, Director of Engineering at Elastic Security

We expect an uptick in disinformation, deepfakes, and state-sponsored hacking

• AI’s Expanding Role in Cybersecurity
  AI will play a pivotal role in enhancing cybersecurity by streamlining threat detection and automating responses. However, threat actors will also harness AI, making attacks like phishing and malware more sophisticated. Organizations integrating AI into their security strategies will gain a competitive edge in countering cyber threats.
• Increasingly Sophisticated Cyber Threats
  Ransomware, phishing, and spyware attacks will evolve, with adversaries leveraging exposed credentials and targeting cloud environments. Sophisticated malware campaigns are expected to rise, requiring constant vigilance and advanced monitoring to secure systems.
• Election and Democratic Integrity
  During the 2025 Australian federal elections, we expect an uptick in disinformation, deepfakes, and state-sponsored hacking as adversaries exploit political uncertainty. Cyber defenses must be agile and responsive to counteract these threats effectively.

Kyle McLaughlin, General Counsel at Secureframe

• AI Regulations Will Continue to Become More Complex
  As AI becomes more pervasive, businesses will need to evolve their governance and compliance strategies to address new privacy and security challenges. Robust AI-specific controls, along with traditional risk assessment practices, will be critical in developing comprehensive frameworks.
• AI Scaling Workforce Efforts
  AI will continue to automate traditionally labor-intensive tasks, and Managed Service Providers (MSPs) will play a crucial role in helping businesses navigate this evolving landscape, balancing automation with security controls and human oversight.

Shrav Mehta, CEO and Founder at Secureframe

• AI and Its Impact on Cybersecurity
  AI will both enhance the ability of attackers to create sophisticated phishing campaigns and improve defense mechanisms through automated security control monitoring. The key to success will be proactive security measures that anticipate and counter threats before they materialize.
• Zero Trust Evolution
  While Zero Trust remains central to security strategies, 2025 will see a shift toward continuous security validation and contextual access control, providing a more dynamic, real-time response to threats.

Chris Gibson, CEO, FIRST

The increasing sophistication of ransomware, including double extortion tactics, will pose significant challenges

• AI in Cybersecurity
  AI’s role in cybersecurity will be pivotal in threat prediction, threat modeling, and automating responses to security events. AI-driven systems will analyze vast data sets to identify anomalies quickly, enhancing overall cybersecurity resilience.
• AI Threats and Ransomware Evolution
  AI will be used by attackers to develop more convincing phishing attacks and sophisticated malware. The increasing sophistication of ransomware, including double extortion tactics, will pose significant challenges in 2025.
• Critical Infrastructure Threats
  Attacks on critical infrastructure, including power grids, healthcare systems, and transportation networks, will continue to rise. These attacks will require increased public-private sector collaboration and readiness to respond rapidly to potential disruptions.

As businesses prepare for 2025, the integration of AI in cybersecurity, the consolidation of security platforms, and a broader understanding of cyber risks as business risks will define the industry’s evolution. Companies must focus on continuous adaptation to emerging threats, while also enhancing their internal processes and security measures to address vulnerabilities.

Steve Brady, Vice President – Australia and New Zealand

The future of user experience is not just about technology—it’s about creating intelligent, intuitive connections

The AI revolution will hinge on edge computing. To unlock AI’s true potential, edge computing must bring the compute power closer to where it’s actually needed.  Edge computing represents a paradigm shift, dramatically reducing latency and enabling a new generation of sophisticated, responsive applications. Imagine autonomous vehicles making split-second decisions, interactive gaming with zero perceptible delay, and real-time video processing that responds instantaneously. These innovations become possible when compute resources are strategically positioned near their point of use. That’s why the future of AI is not just about raw computational power, but about smart, distributed computing that brings intelligence closer to where it’s most impactful.

AI is the double-edged sword of cybersecurity. On the one hand, it powers advanced threat detection, anomaly detection, and automated response systems, enabling defenders to stay ahead of emerging threats. On the other, it is being weaponised by attackers to create more sophisticated and adaptive exploits. We are entering an era where AI systems will battle AI systems, with human security teams orchestrating strategies to maintain the upper hand. This shift underscores the need for continuous innovation in AI-driven security solutions, as static defences become increasingly inadequate.

Zero Trust exits its buzzword era to become a fundamental security necessity. Imagine a security system that treats every digital interaction as potentially suspicious, requiring continuous verification – much like a hyper-vigilant airport security checkpoint that doesn’t just check your ID at the entrance, but monitors your every move. Zero Trust operates on a simple yet powerful principle: trust nothing by default, verify everything constantly. This methodology has become even more essential as traditional network boundaries disintegrate in our cloud-native, distributed work environments.

Connectivity and the ever-expanding space-based Internet will face new challenges and growing pains with machine-to-machine traffic.Connectivity itself is undergoing a profound transformation. As space-based internet services gain traction and billions of IoT devices come online, networks must now handle not only human-to-human communication but also an ever-growing flood of machine-to-machine API traffic. Meeting this challenge calls for designing networks with security, reliability, and performance baked in from the start. These attributes become indispensable as data flows multiply and diversify, demanding an infrastructure that can gracefully scale, adapt, and maintain trust at the edges of our increasingly interconnected world.

AI will transform the user experience and how we interact with our favourite technologies. Imagine retail platforms that intuitively understand your preferences before you articulate them, or educational tools that dynamically adjust to your unique learning style in real time. These experiences are made possible by sophisticated AI algorithms that leverage comprehensive yet ethically-sourced data. Critical to this transformation is robust infrastructure that ensures seamless, consistent experiences across devices and locations. Emerging technologies like edge computing are key to this vision, bringing computational resources closer to users and enabling faster, more responsive interactions. The future of user experience is not just about technology—it’s about creating intelligent, intuitive connections that feel almost magical in their precision and personalisation.

Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.