Artificial intelligence is at the center of Experian's annual breach forecast due to its enabling capabilities.
Michael Bruemmer, vice president of global data breach resolution at information services company, said that while ransomware and breaches affecting the supply chain dominated 2024, he expects AI-related cyber incidents to "become a major headline-maker in 2025."
AI is being adopted in some way by a majority of companies but research has shown that AI's capabilities and dangers are not fully understood by the C-suite. Bruemmer said AI has been used in some way in three-quarters of hacks, leading Experian to name AI in four of five of predictions in its Data Breach Industry Forecast.
Data centers have been a target of cyberattacks, and the power to run them has grown with the rise in generative AI use. Experian said ChatGPT uses 10 times more electricity than a standard Google search, representing a new attack surface for hackers to disrupt a nation-state's cloud infrastructure by attacking the power need for it.
The younger generation may lead the way. AI-savvy teens and twenty-somethings will continue to be drawn to the cyber-disruption business via online gaming and social media.
"Don't underestimate the seriousness of this," Bruemmer said, adding that the average age of someone arrested for cybercrime is 19.
But don't count out employees, who have always been a source of cyber risk from within. The education of employees on AI may also lead to more insider threat from someone taking advantage of the new knowledge and training for fraud or disruption.
AI-drive fraud is already making one defensive step obsolete. Encryption's protection is losing out to the growing sophistication of AI-driven fraud. Experian predicts criminals will soon be able to create undiscernible proof-of-life documents. The firm recommends government agencies use dynamic identification to replace drivers' licenses and social security cards.