Three steps to modernise cyber security strategies with leading CTO Andrew Lawrence

Can your cyber security infrastructure handle sophisticated threats or is your tech living in the past?  

For Chief Information Security Officers (CISOs) and technology officers, this presents both challenges and opportunities. Traditional approaches are no longer enough to stay ahead of the curve, companies are now looking to modernise their cyber security infrastructure to handle the advanced threats derived from AI. 

In a recent discussion with Andrew Lawrence, Chief Technology Officer at 6clicks, we explored the cyber security outlook for 2025, shedding light on the critical shifts organisations must make to protect themselves effectively. From AI advancements to the growing importance of regulatory compliance, here’s what security and technology officers need to know to modernise their strategies for the years ahead.

The rising cyber threat landscape

Cyber security threats are becoming more complex and frequent, particularly as geopolitical tensions escalate around the globe. Nearly 60 percent of organisations state that geopolitical tensions have affected their cybersecurity strategy, finds a 2025 report by World Economic Forum. With conflicts involving major cyber players such as Russia, China, and North Korea, along with the rise of well-funded criminal organisations, businesses face an ever-expanding threat surface. These threats are not just more frequent but also increasingly sophisticated, leveraging AI to launch automated and highly targeted attacks.

This evolving threat landscape necessitates a shift in how we approach cyber security. 

“Governments and organisations are taking this seriously, moving away from simplistic governance and risk management approaches to more sophisticated, continuous monitoring solutions,” Lawrence says.

With cyber criminals using AI to their advantage, it’s essential for security teams to adopt a similarly advanced approach to combat these threats.

AI is creating a dynamic approach to combat advanced threats

One of the most significant technological developments impacting cyber security is AI. With the potential to revolutionise how security professionals detect and respond to threats, AI is leading the charge by analysing vast amounts of data in real-time. AI-driven tools can also help identify patterns and anomalies that might otherwise go unnoticed and automate routine tasks – such as patch management and threat detection – which allows security teams to focus on more complex issues.

However, AI also poses its own set of risks. Hackers are leveraging AI to create more advanced phishing schemes, craft hyper-personalised attacks, and even automate the exploitation of vulnerabilities. As AI tools become more widely available, both good and bad actors will increasingly use them, making the cyber security landscape even more fragile.

For organisations, this means adopting AI should be part of their broader cyber security strategy, not just a standalone solution. AI can help improve the efficiency of existing security measures, but it should be paired with a robust understanding of its risks and limitations.

Continuous compliance monitoring: A new standard

Compliance has always been a critical part of cyber security, but as regulatory requirements grow in complexity and scope, organisations must adopt more sophisticated compliance strategies. In the past, compliance efforts often relied on annual audits, static reports and manual processes. Today, organisations must move toward continuous compliance monitoring.

“Organisations are moving towards continuous penetration testing and continuous compliance monitoring, using advanced tools to ensure they stay on top of regulatory requirements,” says Lawrence.

This ongoing approach not only ensures that companies meet compliance standards but also helps them stay agile in the face of evolving regulations.

Advanced AI tools can play a key role in helping organisations streamline compliance processes. These tools can automatically map between different regulatory frameworks, ensuring that companies meet all necessary requirements without the burden of manually cross-referencing multiple standards.

Three key steps for modernising security strategies

To keep up with these changes and ensure robust cyber security in the years ahead, Lawrence outlines three critical steps that technology and security officers should take:

1. Understand regulatory frameworks: Ensure a clear understanding of the regulatory frameworks that apply to your organisation. Beyond compliance with general cyber security regulations, businesses must also consider customer contracts and specific industry standards. Navigating the growing web of regulations can be complex, but understanding these frameworks is essential for compliance and security.
   

2. Leverage the right tools: With the growing complexity of cyber security threats and compliance requirements, organisations need tools that can help them manage both. AI-powered platforms, such as those offered by companies like 6clicks, can help businesses map between various compliance frameworks and automate many of the manual processes traditionally associated with security and governance. Investing in the right tools can streamline operations and significantly reduce the burden on security teams.
   

3. Take compliance seriously: Compliance is not just about avoiding penalties – it’s about building trust with customers and improving operational efficiency. By embracing regulatory frameworks and leveraging them to guide security practices, organisations can simplify their approach to cyber security and build stronger, more resilient systems. As Lawrence points out: “Regulation is a good thing. It gives you a framework to operate within, and you don’t have to invent that framework yourself.”

Building trust with customers

In addition to securing systems and meeting compliance requirements, organisations must also focus on building trust with their customers. In a crowded cyber security space, trust and credibility are invaluable assets. 

Lawrence shares how 6clicks builds trust by being the first to use its own platform and by achieving certifications like ISO 2001 and ISO 2701. 

“We practise what we preach,” he says, underscoring the importance of demonstrating commitment to security through action.

This trust is further reinforced through customer success initiatives. By listening to customer feedback and continuously improving the product, Six Clicks has shown that it is dedicated to not only securing its own systems but also helping its clients achieve the same level of protection.

The future of cyber security

Looking ahead, the possibilities for cyber security are endless. As AI continues to evolve, so too will the tools and processes that organisations use to secure their networks. The next few years will likely see new innovations that will make cyber security easier, more efficient, and more effective. For CISOs and technology officers, staying ahead of these trends will be key to maintaining robust security.

Modernising cyber security strategies is about changing how organisations think about security. By embracing AI, continuous compliance monitoring, and a more proactive approach to risk management, businesses can better prepare themselves for the challenges of 2025 and beyond. 

“The journey is ongoing, and there is much potential for innovation and improvement,” says Lawrence.

The future of cyber security is exciting. Organisations that stay ahead of the curve will be well-equipped to navigate it.

Authored by Jessica Phillips, Senior Social Media and Communications Specialist at AZK Media.