Phishing remains the number one concern for Chief Security Officers (CSOs), according to Trustwave, as cyber leaders continue to battle one of the most persistent threats in the industry.
With phishing attacks responsible for one in four cybersecurity breaches, Trustwave’s Alex Lloyd-Edwards and Nick X argue that many organisations need to return to cybersecurity fundamentals to combat the risk effectively.
Speaking on the Life’s a Breach podcast, the duo highlighted the importance of strong email security strategies, emphasising that phishing remains the biggest headache for security leaders in 2025.
Alex, who has over 20 years of experience in cybersecurity, stressed the need for businesses to move away from focusing on flashy security investments and instead ensure their basic cyber hygiene is robust.
“CSOs are being presented with an array of high-end security solutions, but at the end of the day, phishing remains the biggest entry point for attackers. Instead of chasing the next big innovation, companies need to ensure their fundamental protections – such as email security – are in place and effective.”
Trustwave, which has recently joined Cyberfusion Distribution, has developed a collaborative security solution with Microsoft, delivering 99.99% effectiveness in preventing phishing threats. Alex explained that this layered email security approach helps reduce the decision-making burden on employees, limiting the risk of human error.
“It’s about taking that decision-making process out of the hands of end users and ensuring the phishing emails never reach them in the first place. Our technology works to throttle down the number of phishing attempts that get through, allowing organisations to focus on operations rather than constantly firefighting threats.”
A shift in mindset: vendors should work with Microsoft, not against it
Nick reinforced this message, arguing that vendors should see Microsoft as a complementary security partner rather than a competitor.
“Too many vendors position themselves against Microsoft when, in reality, working alongside them is the more effective strategy. Many organisations already have substantial Microsoft investments, and they need partners who enhance – not replace – that ecosystem.”
By leveraging Microsoft’s infrastructure alongside Trustwave’s expertise, organisations can create a more resilient security framework that reduces the risk of phishing attacks while improving overall operational efficiency.
Key cybersecurity trends for 2025
Alongside phishing, offensive security is emerging as a major trend for 2025. Alex outlined the growing need for penetration testing, red teaming, and vulnerability scanning, ensuring organisations can proactively identify weaknesses before they are exploited.
“We’re seeing a significant shift towards offensive security, driven in part by evolving compliance requirements. Regulations such as NIS2 in Europe are forcing organisations to adopt best-practice security measures, and we expect similar frameworks to be introduced in the UK soon.”
Alex warned that businesses must start preparing for these changes before regulatory deadlines to avoid last-minute compliance scrambles.
The final trend highlighted was the ongoing debate around ‘build or buy’ when it comes to cybersecurity investment.
“Many businesses are questioning whether they should outsource security operations or build their own internal teams. The reality is that most need a hybrid approach—what we call a ‘co-managed SOC.’”
Trustwave has seen growing demand for co-managed SOC solutions, which allow organisations to scale their security capabilities in line with evolving threats.
“For some companies, it’s about enhancing their existing teams without replacing them. Others need full-service management. The key is having a flexible approach that adapts to the customer’s specific needs.”
As cyber threats continue to evolve, Trustwave’s integration with Cyberfusion Distribution ensures partners can access best-in-class cybersecurity solutions, built to meet the real-world challenges faced by CSOs.
Listen to the full discussion on the Life’s a Breach podcast.