Cybersecurity Predictions for 2025: Emerging Threats, AI Challenges, and Key Trends

As the cybersecurity landscape continues to evolve at a rapid pace, organisations face a host of new challenges in 2025. With the rise of advanced technologies like AI, shifting attack tactics, and increasing reliance on third-party services, security teams must adapt quickly. In this article, we’ll explore the key cybersecurity predictions for the year ahead, highlighting areas where organisations can expect the most significant changes.

1. AI Adoption Slows for Security Teams

In 2024, artificial intelligence (AI) and generative AI (GenAI) were hailed as transformative tools for security teams, promising to streamline processes and enhance threat detection. However, 2025 may see a dip in adoption rates for AI-driven security solutions. According to Forrester Research, GenAI’s use in security is expected to decrease by 10% as Chief Information Security Officers (CISOs) step back from their enthusiasm. The primary reasons cited for this shift include the high costs of AI tools, limited perceived benefits in security operations, and frustration with their current functionality. While AI models have proven useful in automating repetitive tasks like reporting and analysis, they have not yet delivered substantial improvements in incident response or threat mitigation, causing security teams to reassess their approach.

2. Guardrails and Regulations for AI and GenAI

As AI continues to gain traction across industries, the push for regulations and guardrails will intensify in 2025. Experts like Melinda Marks from Informa TechTarget emphasise the importance of proactive security measures to prevent AI from spiraling out of control. As AI models such as GenAI become more integrated into development and operational processes, securing the code and ensuring the integrity of AI-driven systems will be crucial. Security professionals are expected to play a key role in setting the groundwork for safe AI use, ensuring that AI innovations do not inadvertently expose organisations to new vulnerabilities.

3. The Rise of Initial Access Brokers (IABs)

Cyber threats are evolving in increasingly sophisticated ways, with Initial Access Brokers (IABs) emerging as a growing concern. These intermediaries specialise in breaching networks and selling access to threat actors who then carry out malicious attacks, such as ransomware or data exfiltration. Deloitte’s Cyber Threat Intelligence team forecasts that IABs will continue to grow in prominence throughout 2025. In October 2024 alone, IABs were responsible for nearly 400 instances of illegal network access being listed on underground forums. As organisations look to secure their networks, the rise of IABs could make threat prevention more challenging, especially for less technically-savvy attackers.

4. Increased Reliance on MSPs and MSSPs

The need for specialised security expertise is prompting more organisations to turn to Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) in 2025. With the growing complexity of IT environments and a shortage of skilled in-house security personnel, many companies are seeking external support to bolster their defenses. Maxine Holt from Informa TechTarget notes that MSSPs will play a critical role in managing nonhuman identities, such as IoT devices, microservices, and servers. The number of nonhuman identities currently outnumbers human identities by 50-to-1, making it increasingly difficult for organisations to manage security internally.

5. Security Tech Rationalisation

As cybersecurity tool sets proliferate, organisations are facing tool overload. Many security teams use more than 30 tools on average, leading to inefficiencies and increased costs. In response, CISOs are expected to embark on "security tech rationalisation" in 2025, a process of evaluating their security stack to eliminate redundancies and maximise the value of existing tools. According to Max Shier, CISO at Optiv, security leaders will need to ask critical questions about their current tech, such as whether tools are aligned with the organisation's future needs and whether product roadmaps include necessary features. This process could take years to fully implement, but it promises to streamline security operations and reduce costs.

6. Patience and Persistence in Attacks

The evolving nature of cyberattacks means that threat actors are becoming more patient and strategic. While traditional attacks are often quick and opportunistic, advanced persistent threats (APTs) are becoming increasingly common. For instance, the Volt Typhoon attacks, attributed to a Chinese state-sponsored group, showed how attackers can maintain access to critical systems for years without taking immediate action. In 2025, organisations will need to focus on building cyber resilience rather than just preventing attacks. Phil Lewis from Titania suggests that advanced techniques like microsegmentation and macro segmentation will be crucial in preventing lateral movement and data exfiltration, making it more difficult for attackers to exploit vulnerabilities over extended periods.

7. Open Source Software Attacks on the Rise

As open source software (OSS) becomes increasingly prevalent in software development, it has also become a prime target for cyberattacks. According to Sonatype, over half a million malicious OSS packages were discovered in 2023 alone. The Open Source Security Foundation (OpenSSF) predicts that open source attacks will continue to rise in 2025. This issue is exacerbated by the fact that many developers lack security training, and organisations often fail to properly vet open source components. To mitigate risks, experts recommend conducting regular security audits, leveraging vulnerability scanning tools, and working closely with vendors to ensure the security of open source software.

8. Cloud Security Challenges Persist

While cloud adoption continues to grow, many organisations still face significant security challenges, particularly with multi-cloud environments. Jim Broome from MSP DirectDefense points out that many organisations transitioned to the cloud hastily during the COVID-19 pandemic, which led to poor visibility and oversight of sensitive data. As cloud security posture management becomes a priority in 2025, organisations will need to enhance their ability to monitor, secure, and respond to potential threats in the cloud. Without proper visibility and response mechanisms, data and applications in the cloud will remain vulnerable to exploitation.

9. Virtual CISOs and Consultants Gain Popularity

In 2025, more organisations may turn to virtual Chief Information Security Officers (vCISOs) or external CSO consultants as a solution to their security leadership needs. As security breaches become more frequent and high-profile, some CISOs feel that they lack the support needed to manage the responsibility. Jeffrey Wheatman from Black Kite suggests that many CISOs are exploring vCISO and consultant roles, offering their expertise on an on-demand basis. This trend reflects the growing need for flexible, specialised security leadership in an increasingly complex threat landscape.

10. AI Agents Become New Targets

As more organisations implement AI agents-autonomous systems designed to assist with decision-making, customer support, or research-cybercriminals are likely to target these agents in 2025. Shimon Modi from Dataminr warns that as AI agents become more integral to business operations, they will attract increasing attention from threat actors seeking to exploit vulnerabilities in these systems. As AI agents become more autonomous and sophisticated, ensuring their security will be crucial to protecting organisational assets.

Conclusion

The cybersecurity landscape in 2025 will be shaped by a combination of technological advancements and evolving threat tactics. While AI and cloud adoption will continue, organisations must be prepared to address the challenges these technologies present, such as AI security risks and cloud visibility issues. At the same time, the rise of new threat actors like IABs and advanced persistent threats will require organisations to adopt more resilient security strategies. By staying proactive, prioritising security tech rationalisation, and seeking external expertise when necessary, businesses can better navigate the complex and rapidly changing cybersecurity environment.