Cybersecurity continues to be top of mind for organizations everywhere as 2025 begins. In 2024 alone, hackers attacked hospitals and other health care organizations, telecom giants, supply chains, and more. Even government entities haven’t been spared in these attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that the Treasury Department breach disclosed recently did not impact other federal agencies. However, the breach is part of a broader wave of state-sponsored cyberattacks that have targeted U.S. government systems and other critical infrastructure.
Here, security experts share their predictions for incoming threats in 2025:
Cybersecurity remains center stage: With security risks evolving every day, organizations must stay ahead by seeking robust security measures including endpoint protection, multi-factor authentication, zero-trust frameworks, and employee training to create a culture around cybersecurity. Automation and AI will also come into play as new solutions emerge to help organizations stay proactive and one step ahead bad actors and security breakdowns.—Mark Lee, founder and CEO of Splashtop
AI-powered cyberattacks will get more sophisticated and evasive: As we progress even further into the age of AI, cyberattacks will become increasingly more sophisticated and more convincing than ever. AI has been, and will continue to be used in catastrophic ways across the security landscape, prompting the need for responsible AI usage policies and AI guardrails at every organization. These challenges involving AI are complex, and will require comprehensive solutions that offer a holistic view into AI usage, data governance, and more. Along with managing AI, it will be essential to utilize AI technology to ‘fight fire with fire,’ as the speed at which these risks will grow will outpace the available manpower. Integrating new capabilities and understanding the ever changing and expanding threat landscape will be essential in remaining vigilant in this unprecedented era of cyberattacks.—Law Floyd, chief of security operations, Telos Corporation
Endpoint security will move to a zero-trust reality: Recent data indicates that zero trust adoption is accelerating, with 61% of organizations worldwide having implemented a zero trust initiative, up from 24% in 2021. This significant increase underscores the shift towards zero trust as a fundamental security strategy. The traditional “castle and moat” security approach is no longer sufficient in an era where endpoints are spread across homes, co-working spaces, and offices. In 2025, zero trust architecture (ZTA) will dominate endpoint security strategies.—Carl Gersh, SVP global marketing at IGEL
Hardware-level encryption: With the rapid progress of quantum computing and the new post-quantum cryptography (PQC) guidelines from NIST, expect to see more SSDs and other flash-based devices with built-in hardware encryption capabilities, such as PQC digital signing, to protect sensitive information. Given their parallel nature, adoption should be swift in the coming years.—Phison U.S.'s CTO Sebastien Jean
DevSecOps rises in importance: As we move into 2025, successful cybersecurity strategies will depend on integrating cybersecurity into the core of business operations. To make collaboration between cybersecurity teams, development teams, and the business successful, leaders need data-backed insights rather than anecdotes. We’re hearing a lot about DevSecOps. However, it’s not just a buzzword. It’s a shift from treating cybersecurity as an isolated, reactive process to a framework that integrates security from the beginning through to the end. For DevSecOps to thrive, development and security teams must understand each other’s needs and prioritize security from the outset of any project. Cybersecurity has to be embedded as an upfront business requirement, not just a checklist item or a governance box to tick off. Integrating cybersecurity early on in the development process must include a realistic understanding of potential attack vectors and reporting back on how they’re managed. This will be critical to building a cyber-resilient organization going forward.—Theresa Lanowitz, chief evangelist, LevelBlue
Confidential computing meets cloud: In 2025, organizations will focus on securing data while it’s in use via confidential computing and cloud secure enclaves, closing a critical gap in data protection. This will represent a major shift in how organizations protect sensitive data, turning privacy from a reactive safeguard into a core pillar of digital operations.—Fred Rivain, CTO, Dashlane
AI targets SaaS: SaaS applications will continue to face increasingly sophisticated threats as adversaries exploit advancements in technology—especially AI. AI will enable threat actors to more easily uncover SaaS vulnerabilities and misconfigurations, bypass traditional security measures, and craft more convincing phishing campaigns.—Justin Blackburn, senior cloud threat detection engineer at AppOmni
In 2025 we’ll see increased use of AI by attackers: Bad actors will continue to leverage AI in their campaigns, building on its success in sophisticated phishing attacks—their primary use case to date. However, they will refine and expand AI’s role across the entire kill chain. This will enhance the sophistication of their malware and ransomware, while increasing the speed and uniqueness of their attacks. AI’s potential to identify and weaponize zero-day vulnerabilities will bring bad actors closer to an end-to-end, AI-driven attack process. Supply chain attacks, particularly through cloud and SaaS services, will remain a critical avenue for exploitation. Many third parties inadvertently expose the attack surface of organizations, increasing their susceptibility to breaches. Even correctly configured systems will be at risk due to zero-day vulnerabilities. While a fully automated kill chain is unlikely to materialize by 2025, AI is undeniably effective in these scenarios. As a result, the concerning trends we saw in 2024—rising breaches, higher ransomware payments, increased data loss, and more zero-day vulnerabilities—will worsen. Bad actors are not deterred from targeting critical verticals such as healthcare, local governments, and national infrastructure. These sectors remain vulnerable due to outdated, less resilient cybersecurity technologies and the prohibitive costs or disruptions involved in upgrading their defenses. A new frontier in this battle may emerge as attackers exploit a growing weak point: employees' home environments. Many home internet networks, routers, and connected devices are plagued by zero-day vulnerabilities that vendors often fail to patch promptly—if at all. Even when patches are available, they are rarely installed automatically, leaving these systems exposed to exploitation.—Carl Froggett, CIO, Deep Instinct