The 2025 cybersecurity trends point to another high-stakes year. From the omnipresent AI helping both attackers and defenders to growing regulatory pressure, here’s what to expect – and how to stay one step ahead.
From a cybersecurity standpoint, 2024 was a pretty wild ride. Around this time last year, we were mapping out the trends it might bring, spurred by the largest data breach in history. It turned out that it wasn’t the only record of the year – 2024 also gave us the largest IT outage of all time, which we also didn’t fail to address.
Twelve months have gone by, and while some of last year’s trends remain just as relevant, new challenges also appear on the horizon. Hopefully, by building awareness around these topics and continuing to make security a priority, we just might keep 2025 from serving up any more “largest-ever” incidents.
On that note, let’s dive into the 2025 cybersecurity trends. Buckle up, because the ride is only getting faster.
AI between heaven & hell
There’s hardly a corner of the digital world AI hasn’t transformed, or at least disrupted, and cybersecurity is no exception. In this space, artificial intelligence is a tool for both sides of the fence, serving attackers as well as defenders.
AI in cyber defense
A key defense area in cybersecurity is tracking and analyzing massive volumes of data in real time to spot suspicious behavior – something AI excels at. By instantly processing network traffic, user activities, access logs, and various Indicators of Compromise (IoC), AI-powered security systems can detect anomalies, identify threats, and generate actionable intelligence far faster than humans can.
AI security systems process network traffic, user activities, access logs, and Indicators of Compromise (IoC) in real time, identifying threats faster than any human ever could.
This job is performed by various advanced tools that have successfully integrated AI into their solutions. Beyond detecting threats, they’re also evolving to include capabilities such as:
- Learning from historical attack patterns
- Predictive analytics to anticipate attacks
- Automated responses to specific types of attacks
- Vulnerability scanning on autopilot
And this is just the beginning. AI’s potential stretches toward advanced threat detection, autonomous security systems, proactive threat hunting, and AI-driven incident response – all on the horizon and ready to redefine what’s possible in cybersecurity.
AI in cyber attacks
The WEF Global Cybersecurity Outlook 2025 notes that:
Nearly 47% of organizations cite adversarial advances powered by generative AI (GenAI) as their primary concern, enabling more sophisticated and scalable attacks. In 2024 there was a sharp increase in phishing and social engineering attacks, with 42% of organizations reporting such incidents.
Why manually craft social engineering attacks when AI can churn out endless variations with minimal time, effort, or investment? And it’s not just emails – deepfake attacks have also skyrocketed in 2024, with Entrust reporting one attempt every five minutes on average.
Pair that with McAfee’s study showing that 70% of people are unsure whether they can tell the difference between a cloned voice and the real thing, and you’ve got real cause for concern in the upcoming years.
And when it comes to threats to AI and ML systems themselves, OWASP ML Top 10 is a valuable resource for those interested in security testing and exploring the wealth of attack scenarios. The list covers input manipulation, model poisoning, and more critical vulnerabilities.
Reining in AI?
As AI continues to grow in power and influence, so do the calls to regulate it. The potential for misuse, alongside the security and ethical risks it presents, has prompted a wave of new frameworks and legislation.
Trump’s rescinding of the Biden Administration’s executive order underscores how politics, artificial intelligence, and cybersecurity are becoming deeply intertwined.
For example, the International Organization for Standardization (ISO) has introduced ISO 42001, providing organizations with a framework for managing risks associated with AI-powered systems.
The EU’s AI Act, which entered into force on August 1, 2024, establishes a harmonized regulatory framework for AI across member states. It categorizes AI systems based on risk levels – minimal, limited, high, and unacceptable – and imposes corresponding requirements. High-risk AI systems, especially in sectors like healthcare and law enforcement, face stringent obligations to ensure transparency, data governance, and human oversight. The Act also bans certain practices, such as real-time remote biometric identification in public spaces, with limited exceptions.
In the US, in the absence of comprehensive federal AI legislation, individual states are stepping in, such as Colorado with its AI Act. In 2023, the Biden Administration issued an executive order on AI regulation, only to be rescinded on Trump’s first day back in office. This underscores how politics, AI, and cybersecurity are becoming deeply intertwined and leaves us wondering how this story will unfold in the year ahead.
While we still have a long way to go, it’s clear that steps are being taken in the right direction.
Moles in the supply chain
As businesses fortify their defenses against direct attacks, hackers are shifting focus to a more indirect route: the supply chain. By exploiting vulnerabilities in third-party suppliers and service providers, attackers can slip through the cracks and gain backdoor access to sensitive IT systems.
One recent example of this growing threat is the Cyberhaven Chrome Extension hack, where an employee’s account was hacked in a phishing attack. This allowed attackers to publish a malicious version of Cyberhaven’s Chrome extension so they could steal browser cookies and authentication sessions. The irony here is that the extension’s very purpose is preventing unauthorized data exfiltration.
Another notable incident occurred in December 2024, when the US Treasury fell victim to a cyberattack attributed to a Chinese state-sponsored actor. The hackers exploited vulnerabilities in a third-party remote tech support product, demonstrating the risks of relying on external vendors. Experts predict these types of breaches will only increase in 2025.
To combat these threats, businesses must take proactive steps to assess and monitor their suppliers, ensuring they meet strict security standards. Key measures include:
- Implementing robust supplier risk management practices
- Securing the software development pipeline
- Keeping software and systems up to date
- Enforcing strong access controls
By finding and addressing their security vulnerabilities, organizations can better protect themselves from becoming the next victim of a supply chain attack.
Disorder in the cloud
Cloud adoption continues its steady rise, cementing its role as a key component of modern business operations. According to G2’s recent report on cloud statistics:
- 94% of enterprise organizations use cloud computing.
- Over 60% of all corporate data resides in cloud storage.
Attackers can easily take advantage of vulnerabilities in the cloud, especially if one assumes the “shared responsibility model” actually means “the provider is 100% responsible for security.”
However, as businesses increasingly lean on the cloud, its security challenges become harder to ignore. Over the years, we have identified several cloud security threats that vigilant attackers can see as low-hanging fruit:
- Misconfigurations (e.g., overly permissive access controls or publicly exposed storage) remain the primary entryway, accounting for more than 30% of cloud data breaches.
- Weak authentication and credential reuse make it easier for attackers to gain unauthorized access.
- Inadequate monitoring and poor backup practices create blind spots and vulnerabilities ripe for exploitation.
Together, this can be a perfect storm for attackers to exploit, especially if one assumes the “shared responsibility model” actually means “the provider is 100% responsible for security.”
But it’s not all doom and gloom. The zero trust security model, which operates on the principle of “never trust, always verify,” is gaining widespread adoption. This approach enhances network security and reduces the risk of unauthorized access by requiring continuous verification of users and devices, regardless of their location.
Additionally, Cloud Security Posture Management (CSPM) tools, such as Microsoft Defender for Cloud), are becoming essential for identifying vulnerabilities and maintaining secure cloud configurations. By combining these with Identity and Access Management (IAM) practices, organizations can ensure that only legitimate users interact with cloud resources.
In 2025, DevSecOps teams worldwide will be keeping busy architecting and implementing cloud environments that are more resilient to these challenges, ensuring businesses can harness the cloud’s benefits without compromising security.
The ransomware threat
According to Google’s Cybersecurity Forecast 2025:
Ransomware, data theft extortion, and multifaceted extortion are, and will continue to be in 2025, the most disruptive type of cybercrime globally – both due to the volume of incidents and the scope of potential damage for each event.
The numbers from 2024 back this up. Comparitech’s Randsomware roundup: 2024 end-of-year report reveals that nearly 200 million records were compromised last year, and over $133 million was paid in ransoms, with the average payment reaching a staggering $9,5 million. Finance and healthcare institutions bore the brunt of these attacks, with attackers deploying more than two dozen ransomware strains to exploit vulnerabilities in these sectors.
And that’s just what’s been reported. The true scale of ransomware incidents is outside anyone’s reach. One thing is clear, though: the ransomware economy is thriving, and its upward trajectory will likely continue in 2025.
Regulations, regulations, regulations
Cybersecurity regulations are evolving rapidly, keeping businesses, governments, and individuals on high alert. As cyber threats grow more sophisticated, global and regional frameworks like the European Union’s NIS2, DORA, and CRA are pushing private companies and public institutions to rethink their cyber defenses.
In the US, a significant step was taken on January 16, 2025, with an executive order mandating adherence to minimum security standards. The order addresses a wide range of priorities, including anticipating foreign cyberattacks and preparing for the emerging threats posed by quantum computing.
While they may be demanding, these regulations serve an important purpose: fostering a culture of vigilance, accountability, and proactive risk management. Cybersecurity is no longer a siloed concern – it’s a shared responsibility across all sectors.
Infinum recommends: how to stay cyber-safe in 2025
Knowing what’s trending in the cybersecurity space is important, but staying safe requires action. Here are five key recommendations from Infinum’s cybersecurity team to help secure your systems in 2025:
1
Start with regular risk assessments.
In today’s threat landscape, fostering a culture of security is non-negotiable. Run It’s never too late to begin conducting risk assessments. Regularly perform penetration testing (or let us do it for you) and vulnerability assessments of your applications, networks, and infrastructure. Don’t forget to evaluate third-party and supply-chain security risks – these proactive measures go a long way in identifying potential vulnerabilities before attackers do.
2
Build a security-first culture.
In today’s threat landscape, fostering a culture of security is non-negotiable. Run regular and up-to-date cybersecurity training for all employees, use phishing simulation tools, and maintain basic cyber hygiene. These steps are the actual low-hanging fruit for strengthening your defenses and building resilience across your organization.
3
Integrate security into every stage of development.
For software development companies (or the ones you partner with), implementing a Secure Software Development Lifecycle (SSDLC) and fostering a DevSecOps culture ensures security is never left for last in the endless cycle of changes, upgrades, and patches.
4
Test and refine your incident response and business continuity plans.
Policies alone aren’t enough. Ensure your incident response and business continuity plans are up-to-date and have been tested in real-world scenarios. The time to discover gaps in your plan is before a disaster strikes.
5
Prioritize collaboration around security.
While it may be tempting to delegate security to a specialized team, effective cybersecurity depends on strong communication and alignment across management and technical leadership. After all, cybersecurity is everyone’s business.
Make 2025 the year of resilience
The cybersecurity landscape will only become more dynamic in 2025. Regardless of your industry or company size, meeting this year’s challenges will demand adaptability, expertise, and constant vigilance.
If you’re looking for a partner to help you navigate these complexities – or to tackle specific activities from our recommendation list (we offer most of them) – head over to our Cybersecurity page for more information. Together, we can make 2025 a safer year for your business.
