Security in 2025: From aggressive regulators to full-blown cyberwar
Predictions about the security issues that will matter over the next year.
It's been a good year for cybercriminals and a hard one for defenders - just like always.
As we look forward into 2025, a number of threats are looming on the horizon. To help you prepare, we've collected predictions about the threat landscape in 2025.
The first thing to note is that the financial impact of cyberattacks has escalated significantly in recent years. In 2024, the global average cost of a data breach reached $4.88 million, marking a 10% increase from the previous year and the highest average on record.
In the United Kingdom, the average cost of the most disruptive cyber security breach in the previous 12 months was £1,205 across all businesses. This figure increased substantially for medium and large businesses, averaging approximately £10,830.
It's only going to get more expensive. Here are some of the areas security leaders and other security-minded folks should be looking at to keep those costs to a minimum.
AI supply chain fears
Michael Adjei, Director, Systems Engineering at Illumio
“In 2025, attackers will hone in on AI supply chains. They will seek out the sources, namely providers of GenAI tools and copilots. This will lead to more breaches involving AI companies, with cybercriminals exploiting vulnerabilities in products that expose customer data.
"Attackers will also target the hardware supply chains of AI, such as power sources, to cause significant disruption to operations and services, especially as dependence on GenAI grows.
"As AI integrates into autonomous machines for greater efficiency, malfunctions, particularly in production lines and vehicles, may occur. These glitches could disrupt global supply chains, impact product availability, or, in severe cases, cause injury or loss of life.
"The root of these issues lies in the hidden side of AI, which is often proprietary and doesn't get the level of scrutiny needed to guarantee safety. Vulnerabilities, sloppy coding, and biases tend to only come to light when users interact with generative AI tools. Unfortunately, this also means cybercriminals can spot these weaknesses at the same time."
The Zero Day moment will continue
Raj Samani, SVP and Chief Scientist, Rapid7
"Cybercriminals will continue to exploit zero-day vulnerabilities, expanding potential entry points to bypass traditional security measures
“In recent years our research has found an increase in mass compromise events resulting from zero-day attacks, indicating that these threats will continue to be a headache for organisations in 2025. While zero-days may not always be primary vectors for criminals to deploy ransomware, both state-sponsored and financially motivated groups have leveraged these vulnerabilities to achieve their objective.
"There is no guaranteed way to foresee a zero-day exploit; however, security teams can decrease their chances of falling victim by implementing a robust patch management program and prioritising compensating controls. In addition, Rapid7 recommends that multi-factor authentication be implemented and enforced across the organisation, along with least privilege access to block lateral movement and mitigate risk from credential abuse.”
Deepfakes hit the mainstream
Mike Britton, CIO, Abnormal Security
“While the ‘Year of the Deepfake’ is probably still a couple years away, in the year ahead, we’re going to steadily see more incidents of malicious deepfake activity.
Some of the most immediate and concerning use cases we could see may involve the use of deepfakes in legal proceedings and forensics, as CCTV footage and other evidence become much more easily manipulated.”
“The proliferation of SaaS applications will add fuel to the fire for social engineering attacks. Whereas traditional social engineering saw attackers impersonate trusted contacts via email, we’ll likely see increasing impersonations of legitimate SaaS services, like DocuSign and Dropbox.
"In these attacks, cybercriminals create genuine accounts on SaaS services and trigger notifications from the platform that prompt targets to view a file. Because these messages originate from real accounts, with safe-looking links and no malicious attachments, they typically slip past undetected.
"While it will be important to rigorously vet SaaS vendors and assess their efforts to reduce malicious impersonations, there’s only so much customers can control. Organisations shouldn’t rely exclusively on the vendor’s security practices, and should stay proactive about exercising their own due diligence to protect the business from cybercrime.”
OT security becomes a strategic imperative
Andrew Lintell, General Manager, EMEA, Claroty
"In 2025, the rising tide of state-sponsored cyber threats will make OT security investment an immediate priority for companies across critical infrastructure sectors. The old, siloed model of IT and OT security is no longer acceptable in the face of coordinated attacks targeting the convergence of these environments.
"Companies should prepare to act by establishing joint IT-OT security task forces that report directly to the board, with dedicated resources earmarked for OT-specific threat detection, vulnerability assessments, and incident response. Bridging the cultural divide between IT and OT teams will be key; those companies that foster a strong security culture across these domains will stand better prepared to identify and address gaps in real time.
"We should expect to see budget trends favouring OT-focused investments. Companies that fail to make this shift will likely find themselves outpaced by the evolving threat landscape, while those that take a proactive approach will solidify their defences against state-sponsored and other advanced cyber threats."
The hacktivist threat intensifies
Dr Ric Derbyshire, Principal Security Researcher, Orange Cyberdefense
“OT will become an increasingly popular target for hacktivist groups next year and the year after, with hacktivists already responsible for 23% of attacks targeting these systems with OT-specific tactics, techniques, and procedures. This has been on the horizon for decades but we are reaching a tipping point as hacktivists are posturing, states are prepositioning, and criminals are finding ways to monetise OT attacks.
“With 46% of ‘category 2’ attacks, which directly target OT, resulting in a ‘manipulation of control’ in the past year, hacktivists have found a strategy to get the attention they desire. Utility organisations in conflict areas are especially vulnerable as they remain high-priority targets for bad actors, according to our research.
“On the technological front, the integration of AI will become more prevalent in both OT systems and their cybersecurity, but it will play a supportive role by informing OT operators and cybersecurity analysts until it reaches maturity. Simultaneously, more OT hardware is becoming capable of running containerised solutions and all the major vendors are jumping onto this, facilitating network traffic monitoring at the very lowest levels of the network.
“Another significant development will be the growing discussion around vendor accountability – those that make OT devices and software. There is increasing pressure for them to assume some liability for cybersecurity incidents, potentially spurring talks about regulatory frameworks to enforce such accountability.”
Cyber war will escalate
Dave Spencer, Director of Technical Product Management at Immersive Labs
"Nation state-led attackers have two things that no other type of threat actors have: unlimited time and unlimited budget. This means they more often than not have the resources and time to successfully gain access wherever they want.
"With this said, there are ways to combat cyber warfare. Organisations in regions with conflict should understand the threats that impact them. They can do so by conducting regular threat hunts across their network using the latest threat intel feeds.
"They should also regularly update their telemetry with data enrichment based on their assets, use the most up-to-date techniques, and train their defensive team to be proactive and well-drilled on the processes."
Regulators will keep on regulating
Andre Troskie, EMEA Field CISO, Veeam
“We saw this with Google in 2019, a year after the GDPR came into effect. National regulators will want to set a precedent and show they mean business. If geopolitical tensions continue on the same course next year, the EU will want to ensure Critical National Infrastructure is as resilient to cyber threats as possible. They’ve got the regulation in place, so they will want to show they’re not afraid to swing the hammer for noncompliance.
“It almost goes without saying that leaders will continue to wrestle with regulation in 2025, especially with the arrival of DORA for the finance sector. However, next year's biggest regulation story will be the first major NIS2 penalty. National regulators will give organisations time to become compliant – many countries have even extended their deadline – but expect to see the first big statement fine for noncompliance towards the end of next year.In 2025, we’ll be waiting for the NIS2 hammer to fall."
Have you got a story to share? Get in touch and let us know.
