The holiday season is not only a time to celebrate and look back on the year that was but also to begin looking to the next 12 months and what they may hold. Making predictions is always a dicey practice, particularly in an ever-evolving industry like cybersecurity and its cat-and-mouse existence, where security pros react to something new bad actors are doing, and vise-versa.
Still, there are themes that can be expected to hold true given what is known about trends and that will shape the cyber landscape in 2025, and experts in the field have spent the past several weeks passing around their expectations. Unsurprisingly, generative AI – whose tentacles are rapidly expanding into seemingly all parts of life and business – is expected to play an important role for threat actors to hone their attacks and threat intelligence experts to bulk up their protections.
As Dan Rasmussen, senior vice president and general manager of the Enterprise Division at Hughes Network Systems – an MSSP Alert MSSP 250 company – said, “as AI-enabled cyber threats become mainstream, cybersecurity will become the #1 priority across industries. Cybersecurity will rapidly transition to ‘machines fighting machines,’ as AI will go beyond simply helping humans to also helping itself.”
The cybersecurity field is rife with worries and possibilities, but below are some of the top themes cited by cybersecurity pros as 2024 gives way to 2025.
1. The Rise of Generative AI: Friend and Foe
Both hackers and defenders are furiously adopting generative AI for their own uses in hopes of countering each other. For bad actors, AI will enable them to expand their arsenal of threats. Zscaler CSO Deepen Desai said generative AI will drive more effective and realistic vishing (voice phishing) attacks – and lead to more identify compromise, ransomware, and data exfiltration – while Proofpoint predicts the rise of AI agents will enable hackers to better manipulate private data in AI models. Darren Shou, chief strategy officer for the RSA Conference (RSAC), expects digital trust will be even more threatened as generative AI drives a “staggering increase in fake digital identities by easily creating convincing profiles that contain fabricated personal details that bypass KYC [know your customer] and biometric checks.” Shou pointed to the high-profile fake IT worker scams by North Korea as examples.
That said, AI also improves defenses. Menlo Ventures investor Feyza Haskaraman said organizations need to combine advanced AI tool with skilled security teams. In addition, “SOC [security operations center] teams will find their perfect ally in AI, revolutionizing everything from initial threat investigation to Tier 1 incident resolution.”
MSSPs will play a key role, Hughes’ Rasmussen said, adding that “a surge in GenAI, an escalating need for technology support, and a lack of relevant talent has created a perfect storm for self-help IT. Self-help IT solutions will aid in streamlining business functions while creating a competitive advantage for organizations.” AI also is enhancing software testing capabilities and processes, giving developers the ability to release applications that are safer and with fewer security flaws, said John Funge, managing director at DataTribe, a cyber startup foundry.
2. Ransomware Is Here to Stay
Helped by AI, ransomware, the scourge of organizations, is only getting more refined. Art Ukshini, associate threat researcher at identity security provider Permiso, said AI will enable groups to better analyze larger amounts of public and stolen data, automate attack steps, make decisions during attacks, and craft “tailor-made ransomwares” to determine the perfect ransomware amount.
Zscaler’s Desai said a trend to watch is the move by ransomware groups to be less disruptive in their attacks, stealing data and holding it for ransomware but not causing major business disruptions by encrypting data. These encryption-less attacks allow the criminals continue to extort money from victims while keeping a lower profile, which means less media and law enforcement scrutiny.
3. Healthcare Still in the Crosshairs
Hospitals, clinics, and other healthcare facilities rank up there with manufacturing, education, and energy organizations as primary ransomware targets – as illustrated by high-profile attacks on such companies as Change Healthcare and Ascension in 2024 to steal huge amounts of personal data – and that trend will continue into 2025, Desai said. That will push healthcare organizations to use AI and decentralized identity to modernize their identity security protocols, RSAC vice president of research Petros Efstathopoulos said.
“As AI-powered tools become central to healthcare, AI-driven IAM [identity and access management] will be crucial for securely managing human and machine identities,” Efstathopoulos said. “While decentralized digital identity approaches are still in the early stages, they offer a glimpse of a more secure, interoperable future for the industry.”
4. The Role of Geopolitics
“2024 has demonstrated that state-aligned cyber espionage operations are deeply intertwined with geopolitical dynamics,” Proofpoint wrote. “In 2025, APT [advanced persistent threat] operations will continue mirroring global and regional conflicts.” Most cyber-espionage campaigns in the lead-ups to major conflicts focused on such known state sponsors as Russia, China, and Iran. However, a variety of bad actors whose efforts are focused on regional conflicts will accelerate their efforts in the coming year as they seek “the asymmetric advantage cyber provides.”
In tandem, expect a rise in hacktivism by collectives “whose political and religious ideologies have become the driving force behind a surge in malicious attack campaigns globally,” said Pascal Geenens, Radware; director of threat intelligence. Geenens added that the key to protecting against such groups is intelligence into them to create an early-warning system that will help prioritize resources and budgets.
5. More Regulations = More Compliance Opportunities
The Biden Administration has been aggressive in pushing out cybersecurity regulations and standards, but it’s expected that a President Trump will pull back on many of those efforts. That will lead states to do what they’ve historically done in such instances: Fill the void with their own laws and companies will need to more proactive, said BreachRx CEO Andy Lunsford.
“With over 50 state-level laws applicable to data privacy and security, businesses face a fragmented compliance landscape that could become more intricate and costly as states enact their own measures,” Lunsford said. “Companies must prepare for this evolving complexity by strengthening their incident response capabilities and ensuring they are equipped to navigate a web of diverse requirements.”
Maurice Uenuma, vice president and general manager of the Americas and a security strategist with data erasure software maker Blancco, said the “a patchwork of data privacy regulations” – more than 20 states have such laws – will grow the compliance issues facing organizations. Stronger governance processes will be necessary.
6. The Changing Nature of CISOs
CISOs were thrust into the spotlight in recent years, in part by the personal liability the federal government has tried to tie the position for data breaches. However, a July decision by a federal court judge to dismiss most of the charges against SolarWinds CISO Timothy Brown relieved some of that pressure. Exabeam CISO Kevin Kirkwood said he sees a shift in 2025 of the CISO role shifting from the target of blame to becoming a key partnering in managing and explaining data breaches.
“Instead of taking blame for breaches, this role will need to articulate the nuances and complexity of a breach if one occurs, defensive strategies and decisions around risk management,” Kirkland said.
However, pressure remains. Cloudflare Chief Security Officer Grant Bourzikas said that within 10 years, every company will have used AI in their businesses or gone extinct. CISOs have to figure how to enable AI and not just block it. But innovation around the emerging technology is happening so fast that few CISOs understand the it or the risks that come with, which means many companies are unprepared, which gives threat actors an advantage.
Some vendors also are expecting the threat toward virtual CISOs (vCISOs) to grow as the regulatory field gets complicated. Chad Fullerton, vice president of information security at MSP ECI, said regulations will drive compliance workloads and that “businesses will look to vCISO services to help them address hundreds of hours of new compliance obligations.”
7. Protecting the Supply Chain
The 2020 attack on software maker SolarWinds was a hard lesson on how damaging attacks on the software supply chain can be, a lesson that’s been reinforced by attacks on such vendors as Okta and Progress, with its MOVEit transfer tool. Isuf Deliu, threat research manager for Permiso, said such attacks will increase in 2025 as threat actors exploit flaws in third-party software, cloud services, and key suppliers.
“By compromising large providers, attackers will gain access to broader victim networks, amplifying the scale and impact of their campaigns, Deliu said.
That worry also will reach into AI, said Exabeam Chief Product Officer Steve Wilson. Concerns about AI focus on data, jobs, and safety, and those data worries could lead to the use of machine learning bills-of-materials (ML-BOM), similar to those for other software.
“Organizations will need to disclose what data their models are trained on, ensuring transparency about its sources and safety,” Wilson said. “Regulations are likely to demand that companies prove they legally own and have responsibly acquired training data to mitigate risks of unauthorized or low-quality sources. This shift could lead to an expanded ML-BOM framework that not only lists components but also provides comprehensive documentation about the provenance, quality, and compliance of each data source used in AI models.”
8. APIs a Growing Target
Attacks on APIs, the increasingly important bits of software that have become the connective tissue of modern business world, will continue to increase, said Uri Dorot, senior solutions lead at Radware. It’s not a surprise: As applications become more interconnected and complex, the number of APIs and their interactions will grow, which creates opportunities for attackers to exploit security flaws, Dorot said.
However, AI promises to improve API security by detecting and blocking malicious activities in real time and ensuring only reliable policies are applied. In addition, “integrating Gen AI into SOC management not only helps handle the overwhelming amount of traffic and data and increasingly sophisticated API attacks, but also dramatically improves mean time to resolution by providing rapid on-the-fly root-cause analysis, insights, and recommendations,” he said.
These are only a handful of many expectations for cybersecurity in 2025. Security pros also warned of more insider and adversary-in-the-middle (AiTM) attacks, mid-market and SMBs coming under greater threat as AI democratizes phishing capabilities, and ISPs seeing more AI-generated campaigns. The underlying theme is AI will play a central role in both launching and defending against attacks, enterprises need to prepare, and MSSPs can play a central role.
