By James Todd, CTO at Adarma
As we rapidly near the close of 2024, it’s time to look ahead at the key cybersecurity trends that will shape 2025. Emerging threats and new challenges are set to redefine how businesses build resilience and enhance performance, so it’s crucial to start planning now. At Adarma, we’re closely monitoring these developments and the actions organisations must take to stay ahead. That’s why our Threat Intelligence Team has compiled a list of the top cybersecurity predictions for the coming year.
Artificial Intelligence (AI) is rapidly becoming a double-edged sword in cybersecurity. Cybercriminals are expected to increasingly exploit AI to launch more advanced attacks, such as AI-powered phishing and ransomware, which will surpass traditional defences. One instance of this saw a finance worker pay out $25,000,000 after a deepfake call with their supposed Chief Financial Officer. To counter this, staff training and development will be key. People are often the weakest link in ransomware, and organisations must adapt their training to ensure staff are equipped to deal with potential AI attacks, including deepfakes. In terms of detection and response, organisations will continue to leverage AI to drive efficiency and accuracy in threat detection and mitigation, enabling targeted intervention through advisory-aware predictive analysis informed by established and evolving threats.
Zero Trust Architecture (ZTA) will be the cornerstone of enterprise security by 2025, especially as hybrid and remote work becomes the norm. ZTA requires continuous monitoring and verification of users and devices to ensure secure access. Forrester Research predicts that 75% of large enterprises will adopt ZTA, reinforcing security across all layers of the organisation.
Quantum computing, once a theoretical concern, is now a pressing issue for cybersecurity. It has the potential to break today’s encryption methods, leaving sensitive data vulnerable. Organisations will need to shift to post-quantum cryptography to safeguard their information. KPMG highlights that a majority of businesses are extremely concerned about quantum computing’s ability to disrupt current cybersecurity protocols.
Statista predicts that the number of Internet of Things (IoT) devices will reach 75 billion by 2025, creating a massive attack surface for cybercriminals. Organisations must focus on securing their internal systems and IoT-enabled devices across smart cities, vehicles, and home networks to prevent breaches in these expanding environments.
Critical national infrastructure (CNI), which includes energy grids, healthcare facilities, and water supply systems, will continue to be primary targets for state-sponsored cyberattacks. These systems were historically viewed as ‘safe’ due to their isolation from the internet. However, they are now increasingly connected via IP networks, exposing often outdated technologies that are vulnerable to exploitation by committed and opportunistic adversaries. Governments are expected to be more active in enforcing stronger cybersecurity laws and fostering collaboration between public and private sectors to protect these essential services.
The future of authentication is passwordless. Biometric systems such as facial recognition and fingerprint scanners will likely replace traditional passwords, making authentication more secure and user-friendly. Gartner predicts that by 2025, more than 50% of the workforce will use passwordless authentication methods, improving both security and user experience. However, with the rapid advancement of AI and the increasing sophistication of deepfake technology, there is growing speculation over whether voice recognition and fingerprint systems will continue to provide an adequate means of authentication.
As organisations increasingly depend on third-party vendors, supply chains have become prime targets for cybercriminals over the past several years. Businesses must shift away from simple binary questionnaires and checkbox compliance towards more comprehensive security strategies to address vulnerabilities within their supply chains. The World Economic Forum has indicated that 45% of organisations expect to face significant cyberattacks on their supply chains by 2025.
With new privacy laws emerging globally, organisations will need to bolster their data protection practices and factor the implications of control enhancements into their strategic programmes. Non-compliance with regulations such as General Data Protection Regulation (GDPR) could result in hefty fines of up to 4% of annual revenue. Deloitte estimates that privacy regulation compliance spending will grow by 22% annually until 2025, pushing organisations to prioritise robust privacy frameworks.
As businesses increasingly adopt multi-cloud environments, securing cloud workloads will be a major challenge. Gartner estimates that 95% of new digital workloads will be cloud-native by 2025. Yet, 99% of cloud security failures will be due to misconfigurations, underscoring the urgent need for better cloud security practices.
Ransomware attacks will become more sophisticated with AI helping to improve the effectiveness of phishing attempts as well as increasing the scale, speed of delivery and reach of ransomware. Tactics like “double extortion” where attackers demand ransom and threaten to release sensitive data, are on the rise. Cybersecurity Ventures forecasts that global ransomware damages will exceed $265 billion by 2031, and the cost of cybercrime overall is set to reach $10.5 trillion annually by 2025.
Adarma provides customised cybersecurity solutions to assist businesses in achieving future-ready cyber resilience. We protect organisations in the FTSE 350, including those in CNI and other regulated sectors. We offer effective threat detection and incident response, acting as an extension of your team to enhance your security posture and optimise your security investments for maximum risk reduction.
Our approach enables organisations to decrease cyber risks by implementing effective threat intelligence, exposure management, and detection and response capabilities. We offer tailored threat intelligence, technological solutions, and strategic consultations catering to our customers’ specific security requirements and business goals. Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.