U.S. tariffs could slow IT spending worldwide. Many Americans are okay with a data center next door. Supply chains could start making decisions on their own. AI is both a dangerous cyber threat and a great cyber defense. And ransomware continues to morph.
That’s some of the latest from leading IT market watchers. And here’s your research roundup:
Tariff Tremors
Uncertainty related to President Trump’s tariffs has led IT market watcher IDC to lower its estimate for global IT spending this year.
At the start of this year, IDC had expected global IT spending to rise by 10% this year. Then, in March, the company lowered that, saying spending would grow by just 5%. Now IDC, citing rising uncertainty over tariffs, is hedging its bet, pegging growth at anywhere from 5% to 9%.
Regardless of the exact impact on overall IT spending, IDC feels confident that tariffs will indeed have an impact on the IT industry.
In an April blog post, four IDC analysts wrote, “New tariffs will have an inflationary impact on technology prices in the U.S., as well as causing significant disruption to supply chains.”
The impact of tariffs should be felt most immediately in compute, storage and network hardware as well as datacenter construction, the IDC analysts wrote, adding: “Even sectors such as software and services will be affected if tariffs are longer lived.”
Data Center NIMBY? No
Seven in 10 Americans say they’re comfortable with a data center being built within a few miles of their home—that is, if it’s done sustainably and with community input.
That’s from a survey of 600 U.S. adults conducted for Modine, a provider of thermal-management products.
The survey’s key findings include:
- Nearly half of U.S. adults (47%) say they’d be fine with a data center being built within five miles of their home.
- Americans’ top concerns about having a data center nearby are: increased energy demand (cited by 63% of respondents); noise pollution (60%); and lower property values (52%).
- About six in 10 respondents (62%) say they’d like local data-center owners to contribute to community initiatives such as schools and infrastructure.
- Slightly over half the respondents (55%) favor tax breaks to encourage responsible data-center development.
Agentic AI & Supply Chains
You may have already heard the term agentic AI. It refers to the idea that artificial intelligence systems can operate autonomously, without human intervention.
IT research firm Gartner predicts that fully half of all supply-chain management solutions will include agentic AI capabilities, and by as soon as 2030. This means future supply-chain systems will use intelligent agents to make and act on decisions, all without a human’s oversight.
Further, these agentic AI systems will provide what Gartner calls a virtual workforce. AI agents will assist, offload and augment human work along with more traditional software applications.
Gartner also says agentic AI systems could help supply-chain managers improve efficiency and contribute more to their organizations’ profit growth. Mainly, by enhancing resource efficiency, automating complex tasks, and introducing new business models.
“AI agents will autonomously complete tasks without relying on explicit inputs or predefined outcomes,” says Kaitlynn Sommers, a senior analyst at Gartner. “Agents will continuously learn from real-time data and adapt to evolving conditions and complex demands.”
AI: Both Cyber Friend and Cyber Foe
AI is both the greatest threat to cybersecurity and cybersecurity’s greatest defense, say management consultants McKinsey & Co.
AI is reshaping the cybersecurity landscape, write four McKinsey analysts in a new blog post. This technology brings new opportunities, as well as new threats.
For one, conducting a cyberattack is relatively fast and easy with AI. Criminals can use AI to create convincing phishing emails, fake websites and deepfake videos. They can also use machine learning to observe an attack, then modify their tactics based on the results, making future attacks more effective.
But AI is also what McKinsey calls a “game changer” for cybersecurity defense. Organizations can use AI to detect, react to, and recover from attacks with greater speed. And AI-driven anomaly detection can help organizations detect cyberattacks before they escalate.
Integration of AI into cybersecurity solutions is vital, McKinsey says. Especially because more than nine in 10 AI capabilities will come from third-party vendors. With integration, AI can be added to mainstream cyber tools such as zero trust, SASE and security-posture management.
The State of Ransomware: Slightly Worse
Ransomware is getting worse. In 2024, the percentage of users worldwide who were affected by ransomware increased by nearly half a percentage point, says security firm Kaspersky in 2025 “State of Ransomware” report. That may sound like a small increase, but ransomware criminals focus on quality of their victims rather than the quantity.
The frequency of attacks varies greatly by geographical region, Kaspersky finds. The highest rate is found in the Middle East, where nearly one in 100 users (0.72%) were attacked in 2024. Next worse was APAC, with an attack rate of 0.6%. The global average was 0.44%.
“Ransomware is one of the most pressing cybersecurity threats facing organizations today,” says Dmitry Galov, head of a Kaspersky research center. “Building cyber awareness at every level is just as important as investing in the right technology.”
New ransomware trends identified by Kaspersky:
- AI use: Ransomware groups are using AI tools to enhance development and evade detection. One example is FunkSec, a group that uses AI to take a contrarian approach to ransomware; instead of attacking a few high-value targets, FunkSec makes many attacks for low ransoms.
- Ransomware-as-a-Service: Criminals who lack technical development skills can now just buy a ransomware package on the dark web. There are even ransomware platforms that offer malware, tech support and even revenue-sharing affiliate programs.
- Unconventional vulnerabilities: Attackers are increasingly targeting overlooked entry points. These include IoT devices, smart appliances and misconfigured hardware. In this way, the bad guys can capitalize on expanding attack surfaces created by interconnected systems.
- LLM proliferation: Criminals can take advantage of large language models sold on the dark web, which lower the technical barriers to creating malicious code, phishing campaigns and social-engineering attacks. One example is LowCode, which provides an AI-assisted drag-and-drop interface for software development.