Including emerging threats
As cybercrime continues to evolve, cybersecurity experts face new challenges each year. Two newly released reports, the World Economic Forum’s ‘Global Cybersecurity Outlook 2025’ and Thales’ ‘Cybertrends 2025,’ provide critical insights into the key factors influencing the cybersecurity landscape.
The two reports highlight the significant threats posed by geopolitical conflicts, the rise of generative AI (GenAI), complex supply chains, and the proliferation of shadow IT.
The growing threat of cybercrime
Cybercrime remains a massive and growing concern, driven not only by the enormous financial rewards for criminals but also by political and ideological motives. According to a 2024 estimate, cybercriminals generated a staggering $1.03 trillion, equivalent to the GDP of many small nations.
This financial incentive is fuelling an ever-growing wave of cyberattacks. However, it’s not just the money that drives these attacks—many are politically motivated, as evidenced by ongoing geopolitical tensions.
In response, businesses are ramping up their cybersecurity efforts. Both the World Economic Forum’s report and Thales’ Cybertrends 2025 highlight four critical factors shaping the current threat landscape:
Geopolitical tensions: Escalating conflicts such as the Russia-Ukraine war and the Israel-Hamas conflict have spurred a rise in cyberattacks, often blurring the lines between hacktivists, cybercriminals, and nation-states.
Complex supply chains: As supply chains grow, organisations face increased risks as vulnerabilities in supplier networks can be exploited.
Use of advanced technologies by cybercriminals: The rise of generative AI and other cutting-edge technologies has opened new doors for cybercriminals to innovate their attack methods.
Rising compliance burdens: Due to increasing regulatory demands, businesses struggle to meet ever-evolving compliance requirements.
While these threats present significant challenges, there’s a silver lining: the growing adoption of new tools and improved training is helping organisations better defend themselves.
Key cybersecurity trends for 2025
Here are 25 key trends identified in the research that highlight the future of cybersecurity.
1. Cyber threats are rising
A staggering 72% of organisations report an increase in cyber risks, underscoring the growing scale of the problem.
2. $1 Trillion to cybercriminals
Cybercrime cost businesses and governments $1.03 trillion in 2024, with some countries suffering losses equivalent to 3% of their GDP.
3. Cybercrime is an Industry
The massive profitability of cybercrime has attracted organised crime groups. An estimated 220,000 individuals work in online scam farms across Southeast Asia.
4. Cybersecurity insurance market to double
The global market for cybersecurity insurance is projected to grow from $14 billion in 2023 to $29 billion by 2027, reflecting rising concerns about cyber risk.
5. Costly outages
In 2024, a software glitch at CrowdStrike led to $5 billion in losses, highlighting the immense financial impact of a single cybersecurity breach.
6. Ideology fuels attacks
Geopolitical conflicts, particularly the Russia-Ukraine war, have increased cyberattacks driven by political and ideological motivations.
7. Geopolitics impacts enterprises
Nearly 60% of organisations report that geopolitical tensions have influenced their cybersecurity strategies, with many CEOs citing cyber espionage as a primary concern.
8. Social engineering attacks are on the rise
With 42% of organisations falling victim to social engineering attacks in the past year, this method remains a major cybersecurity risk.
9. AI: The biggest threat of 2025
66% of organisations anticipate AI will be the most significant factor influencing cybersecurity threats in the coming year, though only 37% have processes to use AI securely.
10. Prompt injection attacks and GenAI
Hackers are now exploiting GenAI through prompt injection attacks to extract sensitive data, posing a growing threat.
11. Deepfake threats escalate
The trade of deepfake tools on the dark web has surged by 223% from Q1 2023 to Q1 2024, making deepfake-related cybercrimes a pressing concern.
12. New cybersecurity roles created by AI
91% of Chief Information Security Officers (CISOs) believe AI will create new cybersecurity roles to handle emerging threats.
13. AI-assisted CISOs
AI is positioned as a copilot for CISOs, helping them identify threats and support decision-making in an increasingly complex cyber environment.
14. Small firms at greater risk
35% of small organisations believe they are five times more vulnerable to cyberattacks than large enterprises, with the gap in cybersecurity capabilities widening between small and large firms.
15. Public sector vulnerabilities
38% of public sector respondents feel their cyber resilience is lacking, compared to just 10% in medium-to-large private-sector organisations.
16. Developing nations need better defences
There is growing concern about the vulnerability of critical infrastructure in developing nations, with 36% of African and 42% of Latin American respondents lacking confidence in their countries’ cyber defences.
17. Supply chain risk: CEOs’ top concern
Over half of CEOs in large organisations view supply chain risks as their biggest cybersecurity challenge, driven by rising complexity and lack of transparency in supplier security practices.
18. Regulations offer some relief
78% of private sector leaders feel that cyber and privacy regulations help mitigate risks, although more streamlined and consolidated rules are needed.
19. Fragmentation of cyber laws
76% of CISOs feel that fragmented cybercrime laws make it harder to ensure compliance, while 69% struggle with the complexity of regulations and third-party vendor compliance.
20. Cyber skills shortage
Two-thirds of organisations report moderate-to-critical skills gaps, with only 14% confident they have the right talent to defend against emerging threats.
21. Ransomware remains the most significant fear
57% of CISOs say ransomware is their primary concern, highlighting the continued dominance of this threat.
22. Rise of Cybercrime-as-a-Service (CaaS)
The rise of CaaS makes it easier for non-experts to launch cyberattacks, further complicating detection and response efforts.
23. Infostealers: The latest weapon
Infostealers are now commonly used by cybercriminals to capture sensitive data, including credentials and one-time passwords, with prices for such tools as low as €5.
24. Surge in zero-day vulnerabilities
State-sponsored hackers are increasingly targeting zero-day vulnerabilities, flaws unknown to software vendors, making them a significant focus for 2025.
25. Shadow IT threat amplified by IoT
As the Internet of Things (IoT) expands, so does the risk of Shadow IT, where unapproved devices are integrated into corporate networks without IT oversight, broadening the attack surface.
While the cybersecurity landscape is rife with challenges, organisations respond with better preparedness, advanced tools, and increased awareness. The key to mitigating the risks lies in proactive planning, continuous training, and staying ahead of emerging threats like GenAI and complex supply chain vulnerabilities. With the right strategies in place, businesses can better navigate the cyber risks of 2025.
Image: Geopolitical conflicts, the rise of GenAI, complex supply chains, and the proliferation of shadow IT are significant threats in 2025. Credit: Saksham Choudhary
