News

ESET World 2025: Key Takeaways

Expert Insights from ESET World 2025, live from Las Vegas.

Last updated on Mar 27, 2025
Caitlin Harris
Written by Caitlin Harris
ESET World 2025
This article will cover

As this year’s ESET World conference wraps up and I swap my pumps for a pair of long-haul-friendly sneakers, I’m reflecting on some of the biggest topics from across the show here in Las Vegas. 

Industry thought leaders shared their thoughts on the future of AI in cybersecurity, the need for a unified defense strategy, the importance of sharing intelligence within the cybersecurity community—and, of course, compliance.

Here are our key takeaways from ESET World 2025. 

🎙️Looking for more insights from ESET World? Don’t miss our podcast with ESET’s Robert Lipovsky, Principal Threat Intelligence Researcher, and Jakub Soucek, Senior Malware Researcher, recorded live on the show floor. Subscribe here, or listen below.

1.  🤖 AI Is An Opportunity To Improve Cybersecurity

AI is the topic on everyone’s lips, not just at ESET World but across the entire cybersecurity community. At the show, experts were keen to explore how GenAI can make threat detection more accurate, streamline incident response processes, personalize security recommendations, and encourage end users to work in a more secure way. 

One key takeaway, which I credit to ESET’s CTO Juraj Malcho, is the importance of knowing exactly what your AI tools can do, and to make sure you’re using them effectively. After all, “If you have a hammer an AI model, everything looks like a nail dataset.” In practice, it’s better to identify a problem then find an AI tool that solves that specific problem, rather than investing in an AI tool and trying to apply it to your environment wherever possible. 

Some more food for thought came from CIA’s Chris Kissel, who explored the transition that the cybersecurity community is making from GenAI to Agentic AI. Currently, GenAI guides security teams through investigations, correlates alerts, and updates rules and policies. But by the end of this year, we can expect “the norm” to be using Agentic AI to provide guided or fully automated remediation, implement playbooks, and create policies.  

On a different note, in the very last keynote of the show, ESET’s Tony Anscombe explored the idea of GenAI becoming a future target for ransomware attacks. Specifically, could the future of ransomware be about data insertion instead of exfiltration to prevent GenAI tools from doing their intended job, e.g., by instructing them to give false answers? 

Only time will tell. 

Key Insights: 

  • Juraj Malcho, Chief Technology Officer, ESET: “Whatever can be automated, will be automated […] [AI helps us] do many things today much faster and of much better quality, so you can use the rest of your time doing things that require you to use your brain a little bit more.”  
  • Michal Valko, Chief Models Officer, Member of the Founding Team, and Member of Technical Staff at Stealth AI Startup: “AI is not just about making funny videos; it’s about going deep into the discovery of new threats.”
  • Padraic Harrington, Sr. Analyst, Security and Risk, Forrester: “The whole concept of analyst experience is, ‘How do we interact better with these tools to give the analyst all the information they need at a quick glance, and automate a lot of the tasks along the way?’ Applying this through a single toolset enables them to more quickly detect and respond.”
  • Tony Anscombe, Chief Cybersecurity Evangelist, ESET: “If I ask a small business owner whether they want a human looking at cybersecurity alerts, or the machine to do it for them, they’re going to be focused on running their business, so they’re going to say, ‘I’m quite happy for the machine to do it for me.’” 

2. 💡MDR Helps Close The Security Skills Gap

According to research from IDC, only 27% of organizations are handling their detection and response processes in-house; 73% are at least using some MDR services.

Why is that? 

Because MDR gives teams of all sizes access to enterprise-grade security, without the cost of implementing and maintaining multiple tools or the overhead required to manage them. In fact, many MDR providers eliminate that management overhead entirely by utilizing a combination of AI and human analyst teams to detect and remediate threats for you. 

And what does all this mean for your organization? Well, if you’re not already using an MDR tool in some capacity, maybe you should be—especially if your in-house team is struggling to keep up with alerts, or if you don’t have an in-house team at all. And if you are already using an MDR tool, you can sleep well tonight knowing your environment is secure and you’re saving your organization money. Lovely. 

Key Insights: 

  • Juraj Malcho, Chief Technology Officer, ESET: “It’s absolutely paramount that you focus on prevention. But that doesn’t mean you should ignore detection and response.”
  • Craig Robinson, Research Vice President, Security Services, IDC: “The magic of MDR is that you don’t need to hire those 13 people that are the minimum number of people needed to manage a SOC.”
  • Padraic Harrington, Sr. Analyst, Security and Risk, Forrester: “Some things you can’t control […] There’s only so much you can account for when you’re doing prevention alone.”
  • Tony Anscombe, Chief Cybersecurity Evangelist, ESET: “MDR does the grudge work. If you outsource the things that aren’t interesting, it means your internal team only investigate the things that are interesting. That helps with the skills gap issue as well, because you’re retaining staff because they’re not getting into all those mundane alerts that the MDR provider is taking care of.”

3. 🤝 Collaboration Leads To Better Security Outcomes 

Threat intelligence was a big topic at the show—specifically, the importance of sharing it. When looking for a solution, it can be easy for IT and security teams to become overwhelmed by the amount of competition in the cybersecurity space. It can also be easy to think of security vendors as just that: competitors. But, at the end of the day, we’re all on the same team. 

What does this mean for your business? That it’s okay to ask questions, and it’s okay to ask for support!  

Key Insights: 

  • Richard Marko, CEO, ESET: “It’s not only about the systems, but it’s also about collaboration.”
  • Tony Anscombe, Chief Cybersecurity Evangelist, ESET: “Cybersecurity isn’t about one vendor, it’s about a community of cybersecurity folks that share information and share intelligence for the greater good. We all have the same goal.”
  • Dave Maasland, Owner and CEO, ESET Netherlands, ESET: “Resilience isn’t built in isolation; it’s engineered through collaboration.”
  • Henrique Barnard, dep. Strategic Vendor Manager, Dutch Central Government: “What’s our secret ingredient? Talk to the company you want to do business with!”

4. ✅ Security And Compliance Go Hand-In-Hand

Security and compliance go hand-in-hand, and there were three key compliance trends being discussed on the show floor:

  1. With the rise in GenAI, organizations need to be aware of how GenAI tools are collecting, storing, and using their data. This discovery is no easy feat—particularly if your end users are using unauthorized GenAI apps in the workplace. However, it’s not impossible. We recommend talking to a CJIS-certified expert to help you navigate this challenge, or implementing a GenAI security solution that will help you prevent data exfiltration via GenAI tools.
  2. New cyber incident reporting rules globally are requiring organizations to not only report incidents more quickly, but to report every incident that occurs. While this increases transparency, it’s also raising concerns amongst enterprises that they may lose customers’ trust.  
  3. Data privacy laws are expanding, and the fines for not keeping up with those changes can be catastrophic for organizations. We often hear about the larger enterprises hit with multi-million-dollar fines (Equifax, Marriott, and CapitalOne are recent examples of this)—but what often goes unreported is the SMB that was hit by a smaller, yet equally significant fine, and couldn’t recover from it. The wider impact of that scenario? Competition in the area gets smaller, and prices go up for the customer. 

In terms of governance, we’re seeing cybersecurity frameworks expanding to align better with the current threat landscape, to help organizations tackle the threats that are most relevant to them. 

NIST CSF 2.0, for example, modified the existing categories and subcategories to address specific cybersecurity risks such as supply chain risk, shared and virtualized environments, and software flaws, and the framework also now requires threat intelligence. 

Key Insights: 

  • Chuck Everette, Field CTO, ESET: “Compliance isn’t security, but ignoring it is a security risk.”
  • Jakub Debski, Chief Product Officer, ESET: “Humans are programmed to focus on the most sensational stories. Programs like NIST can help us approach risk more systematically.”
  • Tony Anscombe, Chief Cybersecurity Evangelist, ESET: “Privacy laws like GDPR or CCPA often talk about ‘reasonable security.’ Now, the reason some of the legislation is often grey and doesn’t call out the need for individual tools or technologies specifically, is because if policymakers called everything out specifically, they’d have to rewrite the legislation every week as things get added or change. So, they tend to leverage general terms to try and avoid that, because it can take years and years to become actual legislation.”
  • Henrique Barnard, dep. Strategic Vendor Manager, Dutch Central Government: “Once you have the framework in place, the real work begins in maintaining it.”

Looking For More ESET World Coverage?

You can find more of Expert Insights’ coverage at ESET World over on our LinkedIn page.

🔍 About Expert Insights

Expert Insights saves you time and hassle by rigorously analyzing cybersecurity solutions and cutting through the hype to deliver clear, actionable shortlists. 

We specialize in cybersecurity. So, our focus is sharper, our knowledge is deeper, and our insights are better. What’s more, our advice is completely impartial.

In a world saturated with information, we exist to arm experts with the insights they need to protect their organization.

That’s why over 1 million businesses have used us to inform their cybersecurity research.

Expert Insights’ Cybersecurity Resources

Written By
Caitlin Harris
Caitlin Harris

Caitlin Harris is Deputy Head of Content at Expert Insights. Caitlin is an experienced writer and journalist, with years of experience producing award-winning technical training materials and journalistic content. Caitlin holds a First Class BA in English Literature and German, and provides our content team with strategic editorial guidance as well as carrying out detailed research to create articles that are accurate, engaging and relevant. Caitlin co-hosts the Expert Insights Podcast, where she interviews world-leading B2B tech experts.