Cyber trends for 2025

Cyber risks and liabilities – trends for 2025

As the new year begins, the cyber-security landscape continues to pose challenges for organisations across sectors. According to trust management platform Vanta, cyber-security threats are the number one concern for more than half of organisations. These concerns are not unfounded; half of UK businesses and almost a third of charities reported experiencing cyber-security breaches or attacks in the government’s 2024 Cyber Security Breaches Survey. Organisations may best manage their digital exposures by staying abreast of the latest cyber-threats and trends. The following are projected cyber trends for 2025:

Ransomware

Cyber-criminals may leverage artificial intelligence (AI) and automation to create sophisticated ransomware attacks this year. These enhanced techniques may help threat actors spread ransomware across networks, making early detection critical. Additionally, ransomware attacks may target supply chains to cause maximum destruction. Staying ahead of evolving tactics will be crucial in 2025.

AI

Threat actors may use AI to create phishing emails with flawless grammar and highly adaptive malware that can evade systems in 2025. However, organisations will increasingly utilise AI to manage threat intelligence data, helping them respond to incidents more efficiently.

Quantum computing

Although in its early stages, quantum computing may develop in 2025, with the potential to challenge traditional encryption standards. This poses threats to data security, especially for sectors that rely on encryption to protect sensitive data, such as health care and finance.

Cyber trends – Reducing supply chain exposures

A report by consulting firm RSM UK found that 78% of cyber-attacks reported by businesses in a 12-month period stemmed from a supplier or third-party breach. Yet, just 11% of businesses have reviewed the cyber-security risks posed by their immediate supply chains, according to the government’s 2024 Cyber Security Breaches Survey. With these startling statistics in mind, it may be prudent for employers to take steps to reduce their organisations’ supply chain exposures in 2025 and beyond. Consider the following three tips:

Incorporate cyber-risk management into supplier contracts. Employers should establish clear security expectations with suppliers. Specifically, organisations should ask their suppliers to confirm how they will report cyber-incidents, safely store customer data and comply with other security best practices before they begin working together.
Minimise access. Employers should share the bare minimum of data necessary for suppliers to accomplish their duties. To further enhance data security, employers could work with suppliers to identify vulnerabilities and address cyber-security gaps.
Monitor suppliers’ compliance. Employers should implement robust supply chain risk management procedures and track supplier adherence. They could consider adopting a “one strike and you’re out” policy with suppliers that experience cyber-incidents or fail to meet compliance guidelines.

Cyber trends – Cloud security management practices

Cloud computing refers to a pay-per-use service that equips users with on-demand access to a range of IT resources (e.g. databases, software, servers, networking and analytics tools, and artificial intelligence applications) via the internet. By leveraging cloud-based platforms, organisations can minimise the need to purchase and maintain physical data centres and servers, ultimately streamlining their digital infrastructures and allowing for greater IT flexibility.

Cloud-related threats were the number one cyber-security concern among businesses in the PricewaterhouseCoopers International Limited’s 2024 Global Digital Trust Insights Survey.

Although cloud computing can provide several benefits, it also carries unique cyber-exposures. Without proper safeguards in place, organisations could be susceptible to cloud-based cyber-attacks and associated losses. To maintain a strong security posture and help prevent large-scale losses, employers should consider these five cloud security management best practices:

Perform security audits. Employers should conduct regular cloud security audits to identify vulnerabilities. This may entail documenting the types of digital assets stored within cloud-based platforms and reviewing which parties can access these.
Ensure proper access controls. Organisations should have robust access control policies that only permit approved users to utilise the cloud resources they need for essential tasks—known as the principle of least privilege. Additionally, organisations should leverage multifactor authentication, which requires users to input two or more credentials to verify their identities before accessing cloud-based platforms, to prevent unauthorised access to sensitive data.
Encrypt sensitive data. Employers should help keep data concealed and secure by encrypting confidential files and information stored within and transported through cloud-based platforms. Proper management of encryption keys is also crucial.
Educate staff. Employers should incorporate cloud security management tactics in their routine cyber-security training programmes. Key topics to cover during such training include digital exposures stemming from the cloud, common cloud-based cyber-attack methods, and incident detection and response protocols.
Monitor cyber–threats. Employers should leverage advanced threat detection tools to continually monitor cloud-based platforms, enabling prompt investigation of any emerging cyber-threats. In doing so, organisations can establish a baseline for typical cloud interactions and activities, making it immediately evident when unusual events arise.

In addition, securing robust cyber-insurance can ensure financial protection against losses arising from cloud-based cyber-attacks.

Information provided by Zywave with contribution by Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.

Get in touch

Log in