With a constant power struggle between attackers and defenders cybersecurity is a fast-moving area. That makes it notoriously hard to predict what might happen, but that doesn't stop us trying. Here are what some industry experts think the cybersecurity world has in store for 2025.
Sasha Gohman, VP, research at Cymulate, thinks ransomware will become obsolete. "Ransomware may become obsolete due to the fact that decrypting your important files may become a feasible task with quantum computing. On the other hand, ransomware operators may then choose to encrypt your important files with quantum-resilient encryption."
Dr Ric Derbyshire, principal security researcher at Orange Cyberdefense, thinks we'll see operational technology coming under attack. "OT will become an increasingly popular target for hacktivist groups next year and the year after, with hacktivists already responsible for 23 percent of attacks targeting these systems with OT-specific tactics, techniques, and procedures. This has been on the horizon for decades but we are reaching a tipping point as hacktivists are posturing, states are pre-positioning, and criminals are finding ways to monetize OT attacks."
Mark Bowling, chief information security and risk officer at ExtraHop, echoes this view. "With more aggressive nation-state hacking, advanced persistent threats, and coordinated infrastructure attacks, it's clear that cyberattacks are more often disrupting our economy, and more industries are recognizing that they have targets on their backs. In 2025, we will see the private sector start to continually work to get involved in efforts to boost information sharing to help industries get ahead of attacks amid rising geopolitical tensions. With more industry participation in ISACs (Information Sharing and Analysis Systems), we'll see a bigger effort in fostering a proactive cybersecurity culture, further enabling organizations to share information, resources and ultimately stronger defenses."
Pascal Geenens, director of threat intelligence at Radware, thinks threat intelligence will be needed to combat hacktivism. "Threat intelligence is crucial in helping organizations gather insights on the threats they are facing and assess the risks so they can prioritize resources and budget to ensure adequate protections. This early warning system will be particularly important in 2025 when it comes to strengthening defenses against hacktivist collectives, whose political and religious ideologies have become the driving force behind a surge in malicious attack campaigns globally. We expect to see these hacktivist-backed threats continue to ramp up in response to ongoing worldwide geopolitical conflicts. The hacktivists' tools and tactics will vary by collective along with the geographies and market verticals they target. Threat intelligence will be invaluable in helping organizations sort out these details and prepare specific actions to prevent and monitor attacks when they are imminent."
Mike Arrowsmith, chief trust officer at NinjaOne, thinks ransomware will continue to target legacy systems to maximize ROI:
Legacy industries and organizations that have been around for decades and are responsible for managing a unique blend of hardware and software across continents -- think airlines, railways, energy production, and the like -- will be a top target for ransomware attackers in 2025. These organizations move large sums of revenue, and their systems generally aren't the most modern. Also, due to the sheer size of the business, they typically have smaller IT teams in-house and employ more outside services and third-party partners to help maintain those systems. This exposes them to more methods of attack, which bad actors are increasingly taking advantage of to secure massive paydays.
As ransomware attackers get even more creative and targeted (thanks to AI), having a good backup system in place will be critical for success. If organizations -- legacy or otherwise -- don't have a means to restore to a good known state, before a malicious payload was distributed to the systems in question, they're going to find themselves paying hefty ransoms more often than not.
Andrius Buinovskis, cybersecurity expert at NordLayer, believes AI will lead to more sophisticated attacks. "With the help of AI, ransomware attacks will become faster and more accurate. Due to automation, the number of ransomware attacks will likely increase because they will be easier to deploy, meaning that more businesses will be put at risk. Additionally, ransomware-as-a-service was the fastest growing threat in 2024, and it will continue to pose a challenge for businesses in the upcoming year as well, so a comprehensive prevention strategy is a must."
Stefan Tanase, cyber intelligence expert as CSIS, also thinks AI is set to change cybercrime. "Advancements in artificial intelligence will revolutionize cybercrime. Generative AI will automate reconnaissance, develop adaptive malware, and facilitate highly targeted phishing campaigns. Deepfakes, now capable of real-time manipulation, will enable convincing impersonations for fraud, social engineering, and misinformation campaigns. These attacks will challenge both technical defenses and human trust in familiar voices and faces."
This view is shared Patrick Appiah-Kubi, portfolio director, Cloud Computing, Cybersecurity Technology and Information Assurance, School of Cybersecurity and Information Technology at UMGC. "The rise of AI has enabled cybercriminals to plan more scalable and sophisticated attacks. This trend is expected to increase in 2025 as more advanced attack tools emerge, powered by AI's capabilities. Attackers will continue to leverage AI to conduct highly sophisticated and refined attacks that will be difficult for IDS/IPS to detect and prevent. They can also use AI to automate vulnerability discovery and create highly precise, error-free phishing emails. AI allows attackers to launch thousands of targeted phishing attacks simultaneously, customizing each one for maximum impact. Additionally, AI-enabled malware will become more complex, making it harder for IDS/IPS to detect them."
Matt Hillary, CISO of Drata, predicts businesses will need to show return on investment from their cybersecurity:
Traditionally, the rationale for investing in cybersecurity has boiled down to warnings by some of the most capable story-telling CISOs that bad things -- like compliance fines and reputational harm -- will result if breaches or other impactful security incidents occur.
Increasingly, however, business leaders want to know exactly how much value cybersecurity solutions offer, and how much they stand to lose if they underinvest in security. They'll also want to know which solutions they're paying for that aren't delivering a reasonable ROI.
To that end, expect to see a greater focus on quantifying the ROI of cybersecurity, privacy and GRC investments. For example, if you don't manage data privacy risks for a certain type of application, what will the fallout be -- measured in specifically quantifiable terms, like Annualized Loss Expectancy (ALE)? Those are the types of questions I think businesses will want to answer in 2025 and beyond to ensure that investments at the tactical level match the strategy and risk appetite of the organization.
John Hughes, SVP and head of Network Security Business Group at Enea says. "Cybersecurity will become even more integrated into broader organizational strategies in 2025, especially as cybersecurity becomes a boardroom priority. With cyber threats growing more sophisticated -- fueled by the rise of accessible AI-powered techniques -- the risks now extend beyond data breaches to include advanced forms of fraud. Our research revealed that 61 percent of enterprises still face significant losses from mobile fraud, with smishing (SMS phishing) and vishing (voice phishing) among the most damaging. These threats are only set to escalate in the year ahead."
Mark Lambert, ArmorCode CPO, thinks there will be concerns around GenAI. "Security teams will face heightened concerns regarding the use of GenAI, with a significant portion fearing the potential loss of customer data. A recent ArmorCode and ESG study found that security teams are concerned about using GenAI securely, with 43 percent fearing lost customer data via GenAI. A growing emphasis on securing GenAI applications will lead to the development of new protocols and best practices to mitigate these risks."
David Richardson, VP of endpoint at Lookout, thinks deepfakes will be used in phishing toolkits. "In 2025, I expect to see hackers' mobile phishing toolkits expand with the addition of deepfake technology. I can easily see a future, especially for CEOs with a celebrity level status, where hackers create a deepfake video or vocal distortion that sounds exactly like the top leader at an organization to further pursue attacks on corporate infrastructure, either for monetary gain or to share information with foreign adversaries."
Bitwarden CCO, Gary Orenstein, thinks small to midsize businesses and highly regulated industries like healthcare and energy will be most highly targeted. "Due to resource constraints, slower adoption, and the high value of sensitive information they typically store, SMBs and highly regulated industries will be most at-risk in 2025. These sectors often prioritize access over security, creating exploitable vulnerability gaps. Remote workers will also continue to be a threat vector for bad actors, as home security postures are generally less robust compared to enterprise environments."
Peter Horadan, CEO of Vouched, thinks passkeys will mean a steep learning curve for users. "While the introduction of Passkeys is set to revolutionize online security, the real story of 2025 will be the significant learning curve consumers must overcome to use them effectively. Unlike traditional passwords, Passkeys rely on cryptographic key pairs and function fundamentally differently. Consumers will need to understand what a Passkey is and how it differs from a password -- not just in theory, but in everyday practice. This shift isn't merely about adopting a new login method; it's about embracing a new paradigm in digital authentication. While Passkeys promise enhanced security and a smoother user experience, they also introduce complexity that consumers must navigate. The challenge lies not in the technology itself, but in educating the public to ensure they understand and trust this new system. The transition will require effort, curiosity, and a willingness to engage with unfamiliar concepts. As we edge closer to a passwordless future, 2025 will be the year we focus on bridging this knowledge gap, making sure that the benefits of Passkeys are accessible to all without compromising security."