Beyond Firewalls: Building Cybersecurity Resilience in the Age of AI, OT, and Data

October 2, 2025Seth Robinson, VP of Industry Research, CompTIA

For years, cybersecurity was treated as a specialized function—a layer of technical controls deployed to create a strong, secure perimeter around corporate systems. Those days are over. In today’s digitally transformed organizations, cybersecurity is no longer a secondary objective for the technology team; it is an enterprise-wide capability woven into every business initiative.

CompTIA’s State of Cybersecurity 2025 report describes how three forces are now reshaping this landscape: artificial intelligence (AI), operational technology (OT), and data security. Together, they create new possibilities for efficiency and innovation…but also expand the attack surface. The organizations that thrive in this new environment will be those that approach these three domains with strong skill development across their cybersecurity specialists.

AI: Promise and peril at scale

Artificial intelligence is moving from hype to practice. Most organizations are now testing AI-driven tools to automate workflows, streamline analysis, and enhance decision-making. Yet for cybersecurity professionals, AI represents a double-edged sword.

On the opportunity side, AI can supercharge defensive operations. Machine learning can sift through massive logs to detect anomalies, automate repetitive tasks in incident response, and improve predictive analytics. This allows human experts to focus on higher-value activities like threat modeling and corporate strategy.

On the risk side, the same technology enables attackers to scale up their operations. Generative AI can create convincing phishing campaigns, spoof executive voices, or automate entire ransomware attack chains. It also introduces new vulnerabilities: machine learning models can be manipulated by adversarial inputs, and AI systems themselves can become targets for data poisoning.

While these two dynamics will dictate the future of cybersecurity, most organizations are still early in their AI journey. According to CompTIA’s survey, 70% of companies place themselves in an “education” or “testing” phase for AI adoption, and security capabilities are uneven at best. The result is a skills gap not just in how to deploy AI, but how to defend it.

Key takeaway for CIOs: Treat AI security as a core competency, not a future add-on. Upskill cybersecurity professionals in foundational cybersecurity skills, along with AI system knowledge, so they can spot risks and configure tools appropriately. Build internal expertise now on AI governance, data integrity, and adversarial testing.

Operational technology: From factory floor to boardroom priority

The digitalization of physical infrastructure has blurred the lines between IT and operational technology (OT). What started as isolated supervisory control systems in manufacturing plants or utilities has spread to nearly every sector—think smart buildings, logistics tracking, or industrial automation.

As these systems become connected to corporate networks and the cloud, the attack surface expands dramatically. The stakes are high: a breach in OT doesn’t just mean data loss; it can mean physical damage, safety hazards, or public service disruption. As a result, 94% of companies are now placing a moderate or high degree of focus on their OT strategy.

OT security requires a mindset shift. Traditional IT tools may not work in industrial environments, and OT teams often have different priorities (uptime, safety) than IT teams (confidentiality, patching, scalability). Bridging this gap demands cross-training and collaborative governance.

Key takeaway for CIOs: Integrate OT security into enterprise security strategy. Encourage joint training between OT and IT teams, invest in network segmentation and monitoring tailored for industrial protocols, and ensure risk assessments include physical systems as first-class assets.

Data: The common denominator

Data has become the fuel of modern organizations. From powering predictive analytics to training AI models, it sits at the center of digital transformation. That makes data security both more complex and more critical than ever.

Unlike applications or endpoints, data flows across every department and system. It may be created by one business unit, stored in another, and analyzed by yet another. This distributed ownership creates confusion over accountability and can weaken defenses. The top challenges reported by companies in CompTIA’s research are process-oriented rather than technical in nature: awareness of data locations, decision processes around data retention, and knowledge of the regulatory environment.

Leading organizations are taking a lifecycle approach: securing data from creation to storage to analysis, classifying sensitivity levels, and defining clear access policies. They’re also embedding privacy and compliance requirements at every stage—a necessity as regulations tighten globally.

Key takeaway for CIOs: Elevate data security to a board-level discussion. Establish dedicated data security roles or teams, unify policies across business units, and implement automated data classification and loss prevention tools. Make sure every employee understands how their role affects data security.

The skills imperative: Building a team for the future

Across AI, OT, and data, one issue looms largest: talent. Technology can only go so far without skilled people to deploy, monitor, and improve it. Yet demand for cybersecurity professionals far outpaces supply. CompTIA’s CyberSeek tool, developed jointly with NIST and Lightcast, found that there were over 514,000 U.S. job postings with cybersecurity-related skills between May 2024 and April 2025. This represents a 9% jump from nearly 470,000 postings in the previous year.

Many organizations still recruit cybersecurity talent from mid-career infrastructure professionals, but this approach is no longer sustainable. As specialization deepens, businesses need a pipeline of early-career talent, reskilled employees from other disciplines, and cross-functional training to bridge skill gaps.

A skills-based approach is the path forward. This means:

Assessing current skills more accurately rather than relying on outdated job descriptions.
Investing in certifications and training that validate granular competencies.
Creating career pathways that allow employees to grow from foundational security roles into specialized positions in cybersecurity analysis or penetration testing.
Improving communication skills among cybersecurity staff to connect technical risks with business objectives, increasing executive buy-in.

Key takeaway for CIOs: Partner with HR and learning teams to build a cybersecurity talent pipeline. Upskill existing staff where possible, and use certifications to validate progress. Treat cybersecurity workforce development as an ongoing strategic initiative, not a one-off project.

The new cybersecurity mandate

Cybersecurity has always been about protecting confidentiality, integrity, and availability. But in an era of AI-powered threats, digitized physical systems, and data-driven decisions, the scope is broader and the stakes are higher. The organizations that succeed will be those that move quickly to understand the impact of new tech trends while developing a robust talent pipeline.

This is not just an IT challenge; it’s a leadership challenge. CIOs who align cybersecurity strategy with business objectives, prioritize skill development, and embed security into every layer of their digital architecture will be best positioned to navigate the threats and opportunities ahead.

Stay ahead of emerging threats. Download the CompTIA State of Cybersecurity 2025 report for essential insights on AI, OT, and data security.