‘I don’t think the industry is really prepared,’ Trainor says

LAS VEGAS — The incoming administration has made for rough waters in every corner of the political sphere, and the evolving cybersecurity and privacy regulatory landscape is no exception as a panel of experts discussed during ISC West 2025. 

Moderated by host Min Kyriannis, CEO, AMYNA Systems, “Cybersecurity and Privacy Regulations in 2025: Navigating the New Landscape Under the New Administration” discussed key policy shifts, emerging challenges, and strategies for compliance in a rapidly changing environment spurred on by advancements, both positive and negative, from AI development. 

“The upside of a hyperconnected world is how we can share information and how we've learned from remote work you can kind of do your job anywhere in the world,” said Brian Karas, head of sales and marketing, Actuate. “But that also means anyone else can develop these technologies with AI. I think our risk is massively increased with these tools and it's everywhere.” 

“AI and quantum computing, the speed and sophistication of which the attacks occur, is something that will grow so fast that I don’t think the industry is really prepared,” added James Trainor, senior vice president of Aon. Kyriannis noted that even the bad actors operate using call centers now, indicating the level of sophistication in perpetrating modern cybercrime.  

There’s also the issue with ongoing industry regulation and how the response has become segmented across a variety of countries with disparate laws and expectations regarding data management and platform operation. Karas said that the environment has made it difficult for businesses to say they can offer their products and services globally, or at least, that they can’t offer the same products or services they might to other countries.  

Even within the U.S., privacy policies and compliance vary by state. That can lead to a situation where you won’t learn about certain niche policies until you face a lawsuit, according to Sandy Jacolow, CTO/SVP, Empire State Realty Trust. He encourages affected parties to read privacy and data policies thoroughly, and to consider the origin of their devices carefully before incorporating them into their networks. 

“Inevitably what they are coming back with is high-risk cameras in Asia,” Jacolow said. “And there is no way for you to confirm what the firmware is doing, what it’s sending back, and at that point you have to assume any of that data is property of China.”