Every year, sometime around November, the cybersecurity industry enters what many of us think of as prediction season.

Vendors start publishing their “Cybersecurity Predictions for Next Year”, “Top Threats CISOs Must Prepare For”, or “The Future of Security Operations”. The cadence is almost ritualistic and it often continues well into January.

If you’ve been in the industry long enough, you can probably predict the predictions.

And after reading enough of them, one thing becomes clear: Many of these pieces are not really about forecasting the future. They’re about shaping it.

In theory, cybersecurity predictions are supposed to help practitioners prepare for what’s coming. Technically, operationally, and strategically.

In practice, many prediction reports are strongly influenced by what the vendor needs the market to believe. That shouldn’t be a surprise: they start to come in November – or even October! – to be aligned with the budgeting and planning season of the vendors’ target customers.

Most vendor predictions support at least one of the following:

1. Reinforcing today’s value proposition

   “The most important problems next year are exactly the ones we already solve.”

2. Pre-justifying tomorrow’s roadmap

   “This trend is inevitable and we just happen to be building for it.”

3. Shaping how buyers think about security

   “Stop evaluating tools the old way. Think in this new framework where we win.”

That doesn’t automatically make predictions useless, but it does mean they’re not neutral.

This edition of Cybersecurity & Business is sponsored by:

I’m not making this argument from the outside.

When I was Chief Business Officer at ESET, I used to oversee the creation of predictions content. I know how these pieces are shaped: not just by research and threat intelligence, but also by messaging discipline, positioning, and business priorities.

My personal take after reading far too many of these over the years:

• The more mature a company is, the more substance there tends to be behind its predictions (better data, broader telemetry, more internal debate). But even then: take them with a grain of salt.

• Challengers and newer vendors, in my experience, lean much more heavily into predictions as a way to move the conversation in their favor.

The most useful way I’ve found to read predictions is this: They’re not primarily a window into the future; they’re a window into the vendor.

Below are two real prediction pieces from well-known vendors. I’ll refer to them as Vendor Q and Vendor S, not to obscure facts, but to keep the focus on patterns rather than brands.

Example 1: Vendor Q – predictions from an AI-SOC vendor

Vendor Q’s core positioning, simplified: autonomous SOC investigation, reduced analyst workload, faster outcomes.

Once you understand that, several of their “predictions” start to read differently.

Prediction #1: Automated remediation becomes standard

Framed as a market trend, this prediction conveniently extends the narrative from investigation to remediation.

That does two things at once:

• It reinforces the current message (“autonomy is the future”).

• It quietly prepares the market for the next logical step in the product roadmap of Vendor Q.

Even if large-scale automated remediation isn’t widely accepted yet, presenting it as inevitable makes future product expansion feel obvious, even necessary.

Prediction #2: SOAR budget reallocation

This is less a prediction and more a budget argument for their target customers.

The implicit message is:

“If you don’t know where to get budget from to purchase our solution, traditional SOAR tools are too complex and expensive. That money should move to autonomous AI SOC platforms instead.”

This reframes the buying conversation away from features and toward economic efficiency, while positioning Vendor Q as the natural beneficiary of that shift.

It’s a prediction, but it’s also a very intentional market re-education effort.

Example 2: Vendor S — predictions from a large security platform vendor

Vendor S positions itself as an AI-driven, increasingly autonomous security platform spanning detection, response, investigation, and automation.

Unsurprisingly, its predictions reinforce that worldview.

Prediction #1: AI will dramatically increase adversary capabilities

This theme appears everywhere, and it doesn’t feel wrong. But it also creates urgency for exactly the type of AI-native, automated defense that Vendor S sells.

The logic is straightforward:

• Attackers automate → humans can’t keep up

• Manual SOC models fail → autonomy becomes mandatory

• Point tools fall short → platforms win

It’s a plausible argument, but also a very convenient one.

Prediction #2: Operational velocity and automation are table stakes

Here, predictions function as platform justification.

If speed and automation are everything, then:

• stitched-together toolchains look risky,

• integrated data + AI + automation stacks look inevitable.

Again, this may reflect real trends (or not), but it also nudges buyers toward evaluating vendors in exactly the dimensions where Vendor S is strongest.

Prediction #3: AI governance becomes critical

This is where predictions can hint at roadmap direction.

By emphasizing non-determinism, guardrails, and enterprise-grade AI, Vendor S implicitly signals future focus areas: explainability, governance controls, auditability. The kinds of features that tend to appear as platforms mature.

What these examples have in common

When you read predictions through a strategic lens, consistent patterns emerge:

• Predictions reinforce the vendor’s “why now”

• They normalize assumptions that benefit the vendor’s model

• They often pre-condition buyers for upcoming features

• They subtly de-emphasize competing approaches or legacy tools

None of this means the predictions are wrong, but it does mean they’re motivated.

This is a quick and useful way I’ve found to extract real signal from prediction reports.

Use the prompt below with any vendor’s predictions and it will help you understand:

• how predictions align with current products,

• where they hint at future roadmap,

• and where they’re mostly narrative shaping.

It’s useful for:

• Practitioners trying to separate signal from marketing

• Vendors analyzing competitor direction

• Industry analysts tracking category evolution

Prompt: Analyze Vendor Predictions Through the Lens of Business Strategy and Value Proposition

You are a cybersecurity industry analyst with expertise in security operations, vendor strategy, and market positioning.

You are given:
1. A cybersecurity vendor’s public material (website, product pages, blog posts, documentation, press releases).
2. A list of predictions published by that vendor about cybersecurity trends or threats.

Your task is to critically analyze how the predictions align with the vendor’s current and future business interests, not just their stated opinions.

Step 1: Identify the Vendor’s Value Proposition and Core Capabilities
Based on publicly available information, extract and summarize:
• Primary value proposition
• Key product features and capabilities
• Differentiation
• Current limitations or implied future gaps

Step 2: Analyze Each Prediction
For each prediction:
• Restate it succinctly
• Assess direct alignment with current offerings
• Identify indirect or strategic alignment with future direction
• Evaluate narrative or mindset shaping

Classify each prediction as:
• Strong direct support
• Moderate/indirect support
• Forward-looking strategic signal
• Weak or speculative alignment

Step 3: Synthesize Strategic Signals
• Dominant themes
• Implied roadmap direction
• Business priorities
• Market positioning intent

Step 4: Critical Assessment
• Evidence-driven vs narrative-driven claims
• Oversimplifications or bias
• Important trends that are missing — and why

Yes; just not in the way they’re usually framed.

Predictions are rarely reliable forecasts of what will happen next year. Any experienced cybersecurity practitioner knows that. They’re often too broad, too incentive-driven, and too selective for that.

But they are valuable as:

• A roadmap signal, what the vendor is likely to build or emphasize next

• A positioning artifact, how they want the market to think

• A budget narrative, where they want spending to move

• A maturity indicator, how evidence-based their thinking really is

The trick is not to dismiss predictions, but to read them correctly.

Treat them as strategy documents wearing a forecasting costume.

And using the prompt above, cut through the fluff and understand the why behind them.

*** This is a Security Bloggers Network syndicated blog from Cybersecurity & Business authored by Ignacio Sbampato. Read the original post at: https://cybersecandbiz.substack.com/p/cybersecurity-predictions-are-a-window