INTRODUCTION
Each October, National Cybersecurity Awareness Month highlights the responsibilities required to keep our digital world secure. In 2025, the campaign carries two connected messages. The Cybersecurity and Infrastructure Security Agency (CISA), helping to protect the nation’s critical infrastructure and guiding public-private security collaboration, is leading with the theme “Building a Cyber Strong America.” Meanwhile, the National Institute of Standards and Technology (NIST), which provides federal standards and frameworks used across multiple industries, is promoting the theme “Stay Safe Online.”
While separate, these themes coalesce under same idea: cybersecurity requires both personal and collective attention to detail. Simply put, digital security relies on the everyday choices of individuals as much as the coordinated planning of the private and public sectors. A surge in ransomware campaigns, high-profile breaches, and AI-assisted social engineering attacks, just to name a few of the incidents from this past year, shows that national resilience starts with awareness and everyday action.
However, in an era of increasing innovation and use of technology like AI and machine learning, it’s more important ever to turn that awareness into practice. Looking across Touchdown’s client network—spanning data security, threat intelligence, AI governance, compliance, and workforce readiness—experts in the cyber trenches have shared how organizations can strengthen both collective and individual efforts to bolster defenses while adapting to modern realities. Their perspectives show how stronger habits, smarter systems, and a culture of shared responsibility build not just safer companies, or even industries, but an overall more secure society.
2025 Cybersecurity Awareness Month Commentary
Sandy Kronenberg, CEO and Founder, Netarx
Social engineering has always been a bad actor’s most reliable weapon. Now AI has supercharged it. Phishing emails, smishing texts, vishing calls, and deepfakes are no longer isolated; they are now blended into coordinated attacks that overwhelm employees and exploit trust across multiple channels.
We’ve seen a 900% increase in deepfake-related cybercrime in the past year. At the same time, phishing remains the primary entry point for the majority of breaches, and voice-clone scams are growing at a rate of 66% year-over-year. Attackers stitch these together: a phishing email primes an employee to expect a call, the call comes from a voice-cloned “executive,” and a smishing text with a malicious link reinforces it. This choreography leaves little room for doubt, unless the proper defenses are in place.
Traditional tools aren’t designed for this. Malware scanners won’t detect a video puppeteering your CFO. Secure email gateways can’t flag a convincing message that passes authentication checks. Awareness training, while valuable, can’t prepare someone for a synthetic voice that sounds exactly like their boss giving urgent instructions. The gap is at the human layer of trust.
Cybersecurity Awareness Month is the time to move beyond awareness alone. Leaders need to close that gap with real-time, AI-powered validation that cuts across email, messaging, voice, and video. Fraud losses tied to deepfakes are projected to exceed $25 billion annually by 2026. The cost of waiting is far higher than the cost of acting now.
Dr. Srinivas Mukkamala,CEO, Securin
“As artificial intelligence continues to accelerate bad actors’ skills, organizations are finding themselves outpaced by this growing threat. Adversaries are now using AI to identify weaknesses, automate phishing campaigns and chain exploits at a scale that manual operations never allowed. Defenders cannot afford to respond with yesterday’s playbook. As I have said before, you must fight AI with AI; you must fight machine speed with operational speed.
Traditional security models often fixate on individual flaws. AI changes that equation by amplifying what I call “toxic combinations;” linked CVEs, CWEs and misconfigurations that may seem minor in isolation but, when combined, form critical points of failure. Addressing these requires secure-by-design engineering, systematic AI red teaming to uncover hidden vulnerabilities, and clear labeling frameworks that give organizations visibility into how AI systems function.
Cybersecurity Awareness Month is not just about awareness. It is a reminder that resilience comes from adaptation, and that adaptation must keep pace with the AI-driven threats shaping today’s digital landscape.”
Sandeep Singh, Senior Director, Security Strategy and Operations at HackerOne
“Across the cybersecurity industry, researchers are evolving just as quickly as the risks they face, driven in large part by the use of AI. As we observe Cybersecurity Awareness Month, it’s important to recognize that AI isn’t replacing human expertise; it’s amplifying it.
With the rise of AI, we’re seeing the emergence of the ‘bionic hacker’ – a security researcher who uses AI to amplify human creativity and skill. These security researchers aren’t being replaced by AI; they’re harnessing it to supercharge reconnaissance, triage, pattern recognition, and exploration of complex attack surfaces.
HackerOne research found that 70% of researchers now describe themselves as AI-native, leveraging AI tools to enhance their hunting abilities and accelerate testing, making it possible to identify risks and threats more efficiently than ever before. At the same time, AI adoption across industries is surging. In the past year alone, the number of AI systems included in security testing grew by 270%.
The stakes have never been higher, and human expertise remains as crucial as ever. Cybersecurity Awareness Month is no longer just about spotting phishing emails or practicing online safety. It is about preparing for a future where human creativity and AI work side by side to secure the internet.”
Averell Gatton, Director of GenAI, Protegrity
Generative artificial intelligence has entered widespread enterprise adoption, but its security architecture remains underdeveloped. Large language models and multi-agent systems process substantial volumes of sensitive information. Their ability to accelerate research, automate decision workflows, and generate insights has expanded rapidly, yet the increase in functionality comes with a massive increase in attack surface from potentially jail broken agentic systems. In this context, data security has become an essential tool in the GenAI age.
Recent research underscores the scale of these concerns. Enterprises are reacting by blocking 18.5 percent of AI and machine learning transactions, a 577 percent increase over a nine-month period, according to Zscaler. This pattern illustrates growing caution as many companies adopt defensive measures in the absence of formalized AI governance policies.
Security integration into the development pipeline is emerging as an essential ingredient in production AI systems. Techniques such as field-level encryption, tokenization, and privacy-preserving design allow rapid development of AI systems while reducing exposure of regulated data. Embedding protection at every stage of the model lifecycle provides a foundation for building systems that are both operationally useful and compliant with regulatory standards.
Cybersecurity Awareness Month highlights how rapidly the balance between innovation and protection is shifting. The effectiveness of AI technologies will increasingly depend on whether security is treated as an inseparable part of their design.
Richard Bird, CSO, Singulr AI
Cybersecurity Awareness Month should be much more than a reminder about phishing emails. In 2025, awareness should mean visibility into how employees are actually using AI, guardrails and security controls to keep autonomous systems from running amok, and promoting a culture that balances responsible decisions with innovation.
The details on why these steps matter are in the data: the 2023 Verizon DBIR found that 74% of breaches still involved the human element, 83% involved external actors, and 95% were financially driven.
Traditional awareness programs haven’t gone far enough to shift those numbers, and now the risks have increased exponentially. Agents that can act at machine speed, combined with employees adopting AI tools without oversight, means that small mistakes can turn into significant exposures at velocities and volumes we’ve never experienced before.
Awareness can’t stop at PowerPoint slides and click-through training exercises. Organizations need modern governance and oversight that adapts to how work is being done inside their organizations today, particularly with AI in the mix. Without it, we’ll continue to recycle the old approaches while the risks continue multiplying faster than we can respond.
Jay Bavisi, Group President, EC-Council
“Artificial intelligence is reshaping every dimension of security. It gives defenders new capabilities, yet it also accelerates the speed and scale of threats. The true measure of preparedness will not come from technology alone but from a workforce that is trained, certified, and ready to apply AI responsibly while thinking with the mindset of an adversary. Certified ethical hackers represent this readiness. They validate defenses in real-world conditions and ensure that organizations remain resilient as the threat landscape continues to evolve. Technology will advance without end, but it is the ethical human mind that ultimately secures the future.”
Dan Bridges, Technical Director – International at Cyware
“Businesses today are connected through an invisible digital network, and while this is great news for ecommerce, it can also lead to a number of unguarded back doors just waiting to be exploited. With the latest attack on European airports highlighting the worrying trend of industry level cyber threats, following successful campaigns on the manufacturing and retail industries, businesses must maintain high levels of vigilance over their entire threat surface landscape.
Too often now, supply chains are coming under fire and falling foul to ransomware threats. These channels are essential to businesses, and yet they can often remain poorly defended. Much like a row of dominoes, once one organization succumbs to a cyberattack, an offensive chain is unleashed upon the industry, with each falling domino serving as the catalyst to topple the next.
Businesses need to present a unified front, working together to improve defenses, fix flaws and mitigate potential vulnerabilities. Through cooperation-based defensive alliances, organizations can work together across threat intelligence platforms (TIPs) and related threat sharing and collaboration capabilities. These platforms act as the heart of an organization’s cyber defenses, gathering information from across multiple sources – from public feeds, to industry reports – and distributing this across internal teams – and externally across community ecosystems, including organizations within your supply chain. These platforms provide businesses with the perfect foundation upon which to build their cyber defenses so they can be better prepared to defend against attackers at all levels of the organization.”
Freddy Kuo, Chairman, Luminys
“National Cybersecurity Awareness Month is an important reminder that true security goes beyond digital. It must also safeguard the physical world. While AI has the power to turn raw data into real-time intelligence, too many physical systems remain passive by simply storing footage without interpreting or acting on it.
That passivity has consequences. Despite three-quarters of organizations identifying physical security as a top priority, 60% still faced breaches in the past five years. As technology advances, so must the processes and governance frameworks that support it.
The solution isn’t more data, it’s smarter systems and aligned action. Smarter security systems demand smarter, updated Standard Operating Procedures (SOPs) to ensure organizations fully benefit from new capabilities and avoid falling behind. We need intelligent platforms that can anticipate and prevent incidents before they occur and ensure that manufacturers, integrators and end users review and strengthen their security practices regularly.
Without that alignment and visibility, even the most advanced platforms can leave blind spots. The future of smarter security depends on advancing both the technology and processes around it, together.“
Ron Reiter, Co-Founder & CTO, Sentra
“One of the most overlooked AI risks today is shadow and duplicate data. IBM has identified it as one of the top cost drivers in breaches, and for good reason. Shadow data is a prime target for attackers because it often exists outside a security team’s visibility. You can’t protect what you don’t even know exists.
This is no longer just a security problem; it’s a business risk. As AI systems become embedded in daily operations, organizations are effectively bringing on digital coworkers they didn’t hire and can’t fully supervise. These systems make decisions, access sensitive data, and move at machine speed, which means risks escalate quickly when governance is missing.
This Cybersecurity Awareness Month, the lesson isn’t only about finding shadow data. It’s about understanding which risks matter most and remediating them before unintended actions can expose sensitive data and/or attackers take advantage. Governance begins with visibility, and controls must follow the data across cloud, SaaS, and on-prem environments. Without that real-time view, leaders are leaving gaps that are easy to exploit.”
Derek O’Neill, Director of Data Privacy and Information Security, Foxit
“Cybersecurity Awareness Month is a reminder that security isn’t just about hackers in hoodies or high-tech firewalls — it’s about the everyday documents we send, share, and store. Think about contracts, medical forms, or financial statements; they often hold the most sensitive information in a business. With AI making it easier than ever to create and move information, the stakes are higher too. And it’s not only about keeping out bad actors — regulations like GDPR and HIPAA mean organizations are expected to handle that data responsibly every single step of the way.
The good news is that technology can help – no huge surprise there! AI can catch things people might miss, i.e., flagging unusual activity, spotting sensitive details that need redaction, or even simplifying compliance reporting. But at the end of the day… it also comes down to basics like encrypting files, limiting access to the right people, and keeping clear records of where documents go. This month is a chance to pause and remember that security and compliance aren’t roadblocks to innovation — they’re what make it possible for people to trust the systems we use every day.”
Yousef Hazimee, Head of Security, LearnUpon
“From increasingly sophisticated attack methods to emerging technologies like AI, cyber threats are evolving fast. That’s why it’s essential for security teams to provide employees with training that’s current, engaging, and easy to apply in their everyday work.
To help employees recognize potential security threats, I encourage organizations to use this Cybersecurity Awareness Month to re-evaluate their training programs. Ask employees for feedback, identify what’s working, and update what’s not.
When creating a security program, it’s always best to design it with your people in mind. For example, what level of technical or security expertise do they already have? And would short-form content work best for employees on the go? Considering these factors ensures you’re giving employees a strong foundation in security; one that helps reduce company-wide cybersecurity risks.
As employees grow more confident and security-aware, their training should grow with them. Providing timely, tailored content not only strengthens your company’s defenses but also shows employees that their time — and their learning — truly matter.”
Javed Hasan, CEO and Co-founder, Lineaje
“Open-source has long anchored the software world, but now AI is becoming its new foundation. Every model, dataset, and pipeline now functions like a dependency, one that can be easily compromised if not properly secured.
There’s so much noise about AI, so it’s easy to focus on innovation and overlook the infrastructure beneath it. But the truth is, sourcing safe AI is as critical as writing secure code — which many developers and security teams are already struggling with. Without visibility into how models are built, we’ll face the same issues we’re plagued with in open-source, which causes 95% of software weaknesses. Open source taught us the cost of assuming trust; AI offers us a rare chance to build it from the beginning.
The next evolution of software supply chain security will be defined by how we secure intelligence. AI won’t be just another tool in the chain; it is the new frontier. This National Cybersecurity Awareness Month, it’s time to treat AI with the same rigor, transparency, and accountability that we are just now starting to hold open-source to.”
CONCLUSION
The takeaways from this year’s campaign are clear, lessons learned around compliance, proactivity, and security extend well beyond the month of October. Staying safe online requires security that starts with individual awareness: employees must carefully handle credentials, verify messages, and question anything that seems urgent or unusual. Becoming resilient in digital defense means adapting that same mindset on the national scale: personal habits add up to organizational readiness and, ultimately, collective resilience.
Whether they focus on managing AI risks, improving threat visibility, or rethinking employee education, each perspective shared reflects how cybersecurity has become an ever-evolving system built on constant learning and shared responsibility.
The number of supply chain breaches and deepfake-enabled fraud in 2025 means that awareness alone is no longer enough. The next phase is about translating awareness into action: educating and training our workforce, and our cyber defenders especially, to verify systems, test response plans, and align technology and innovation with the people who use it.
