What are risk and security professionals prioritizing in 2025? To find out, we surveyed more than 100 industry stakeholders across a wide array of sectors about how they’re using their limited time and resources in the year ahead.
The results, compiled from responses gathered at industry events, on LinkedIn, and through Turnkey's monthly newsletter, reveal a fascinating shift in how organizations are approaching security. Forward-thinking companies are increasingly embracing their security teams as catalysts for innovation, dedicating attention and investment in automation and digital transformation to advance business performance. Others maintain a more traditional approach in which security is recognized as important but remains siloed from broader business ambitions.
Where Security Teams Are Focusing Their Energy
Our survey findings highlight a balanced approach to security priorities for 2025, with ‘Reduce effort with automation’ and ‘Be audit and compliance ready’ virtually tied at the top (26% and 24% respectively). These results demonstrate how security teams are tasked with simultaneously improving efficiency and addressing regulatory demands.
An equal emphasis on automation and compliance readiness signals a mature security posture—one that values both operational excellence and governance. Automation reduces manual effort, freeing security teams to focus on strategic initiatives. At the same time, maintaining robust compliance frameworks builds trust with customers and regulators.
Following closely behind, ‘Protect your SAP transformation’ and ‘Achieve Digital Enterprise Resilience’ garnered 15% and 14% of responses, respectively. As businesses continue to modernize their core systems, especially with SAP ECC support coming to an end in 2027, security professionals are clearly recognizing that safeguarding these critical infrastructure changes is essential for maintaining business continuity while enabling transformation.
Digital Enterprise Resilience—the capacity to withstand disruption while achieving business growth—represents security's evolution from a purely defensive function to a business enabler. Organizations prioritizing Digital Enterprise Resilience understand that security isn't just about preventing and responding from incidents; it's about creating a foundation that supports sustained growth even in challenging circumstances.
Rounding out the priorities are ‘Eliminate blind spots’ at 11% and ‘Realize license cost savings’, at 9%. The focus on eliminating blind spots reflects organizations' need for comprehensive visibility into their security landscape—enabling them to proactively identify risks, assess vulnerabilities, and address potential security gaps before they escalate into actual issues. Meanwhile, license cost optimization has taken on new significance, particularly for organizations transitioning to RISE with SAP. Under the new FUE licensing model, costs are directly correlated to roles and authorizations. This creates an interesting dynamic where better security practices can lead to significant cost savings.
The Path Forward: Security as a Growth Catalyst
What these priorities reveal is an opportunity to elevate security from a reactive defensive measure to a proactive business enabler. While many security teams are still perceived as the "department of no," there is evidence that companies are recognizing how security teams actively contribute to stability and business growth.
For organizations looking to align their security strategy with industry trends, these results offer valuable guidance. The balanced distribution suggests that a multi-faceted approach, rather than a singular focus, will yield the greatest returns. By investing in automation while maintaining compliance readiness, organizations can create space for innovation without sacrificing protection.
As we move further into 2025, successful security leaders will continue to evaluate and adjust these priorities based on their specific business context. The key is maintaining open communication with business stakeholders to ensure security initiatives remain aligned with broader objectives and contribute meaningfully to the organization's resilience and success. Turnkey's approach of uniting people, protection, and performance helps organizations navigate this transition, transforming security from a cost center into a foundation for sustainable growth and Digital Enterprise Resilience.
Ready to transform your security priorities into drivers of business growth? Contact Turnkey today to discuss how our independent risk and security consultants can help.
