Skip to content

Top 10 Bold Cybersecurity Predictions for 2025

Insurance crises, dangerous deepfakery, extortion events, stricter data regulation…. Our experts’ predictions for the threats we may be facing next year are enough to keep you up at night. But we’ve got tips and resources for each, so you can rest easy.

Perspective

Buckle up for 2025.

The fast-changing cybersecurity landscape is already tough enough to navigate, and now we’re tracking some truly next-level threats headed our way.

With AI-assisted cyberattacks on the rise, it’s essential to know how exposed your organization really is. Here’s how – get a comprehensive risk score in just 5 days.

Consider some of this year’s most disruptive breaches, and that’ll give you some clues as to the cybersecurity predictions to come.

In 2024, more than 1 billion records were stolen, hurting private citizens and corporate reputations alike. Shadow AI – that elusive form of generative AI that early adopters at your org are already experimenting with – continued to find its way into enterprises everywhere, presenting dilemmas for IT departments that they hadn’t seen since lightly secured mobile devices burst on the scene and employees started using them at work. And, of course, ransomware continued to be a very brutal thing, hitting healthcare providers particularly hard.

You can bet those trends will continue into the new year – but there’s more: Focal Point asked some of the sources we’ve interviewed recently if they had any edgy predictions for what’s coming down the pike. Here are some of their most thought-provoking hot takes, and some tips and resources we’ve gathered to prep you for 2025…and beyond:

1. Biometrics will fall flat on its face

Biometrics has been hailed as the holy grail of authentication, but Roger Grimes, a renowned authentication expert at KnowBe4, a security awareness training firm, thinks that’s hooey.

Say goodbye to the myth of fingerprints as ‘unique’ identifiers — they’re almost as easily hacked as passwords.

Roger Grimes, veteran authentication expert, KnowBe4

“Biometrics will be proven not to be a good authenticator,” he says, because modern technology like generative AI makes it far too easy to spoof a face, retina, or fingerprint. Those movies where thieves cut off the thumb of a bad guy and use it to scan their way into an impenetrable bank vault take on a whole new meaning with digital technology, he says.

“Today, I can take 30 seconds of your video and create a deepfake that robs your bank,” says Grimes.

A new Institute for Security + Technology report validates that, stating, “The rise of convincing deepfake technology poses a severe threat to traditional authentication systems that rely on visual or auditory cues for verification. Biometric authentication systems that use facial recognition or voice analysis have already been compromised by deepfake technology in several cases.”

So, what’s next? Companies and governments will likely move toward multifactor authentication (MFA) and other forms of enhanced identity and access management (IAM), perhaps combining biometrics with hardware keys like YubiKeys, he says. Bottom line: Biometrics alone just isn’t secure enough. Gartner predicts that by 2026, attacks using AI-generated deepfakes on face biometrics will lead to 30% of enterprises no longer considering such identity verification and authentication solutions to be reliable in isolation.

[Read also: MFA is super effective but not infallible – hackers are using three sneaky tactics to get around it]

“Say goodbye to the myth of fingerprints as ‘unique’ identifiers – they’re almost as easily hacked as passwords, as soon as hackers start concentrating on them,” Grimes says.

2. AI-powered tools become double-edged swords

Erik Avakian, former CISO for the Commonwealth of Pennsylvania and now a cybersecurity counselor, predicts we will see an increase in the use of AI-powered automation and personal productivity tools in corporate environments. Incorporating these tools that mimic human tasks will boost productivity but will also add security and privacy risks, he says.

“As these tools and capabilities are integrated into enterprise business environments, they could have unintended and lasting consequences,” Avakian warns. “Exploiting the features and capabilities of the tools could lead to unauthorized privilege access to sensitive data or intellectual property, or it could be exploited through malicious injection and misuse, such as the injection of wrong (intentional or unintentional) commands without a user’s intent.

Before adopting AI-powered tools in production, Avakian advises organizations to establish a strong foundation in AI and data governance, security strategy (fight fire with fire by boosting your security with automation and AI), privacy policies, employee training, and thorough testing procedures – all aligned with business objectives. Without this groundwork, these tools could expand the organization’s risk footprint, as their effectiveness relies heavily on the quality and security of the data they process, he says.

[Read also: Ultimate guide to AI cybersecurity – benefits, risks, and rewards]

3. Ransomware payments face global regulation

Ransomware isn’t just an IT issue anymore; it’s now a national security threat, according to Kirsten Bay, CEO of Cysurance, a cyber insurance provider. Given the recent surge in ransomware-as-a-service attacks (which will only increase thanks to AI), Bay foresees a crackdown on ransom payments through a globally coordinated regulatory framework.

“Extortion events are a global threat to national security,” says Bay. This means more formal tracking and potential penalties for unreported ransom payments, especially in crypto.

While regulations may not eradicate ransomware, they could slow it down by cutting off criminals’ revenue streams. Expect governments to push companies harder to report ransom incidents, with penalties for those that don’t. This might mean new legal and compliance hurdles for businesses as they handle ransom negotiations.

[Read also: The ultimate guide to ransomware defense]

4. Data sovereignty and “data embassies” go mainstream

Countries, especially in the European Union, are becoming increasingly protective of their citizens’ personal data, giving rise to data embassies – secure data hubs outside a country’s physical borders.

Smaller sovereign countries are realizing they can’t always protect on-prem data.

Frank Dickson, cybersecurity analyst, IDC

The idea behind data embassies is that by moving digital assets outside of one’s own borders, where a government might not have the means to fully fend off intrusions, to more secure facilities in other countries, you make them “inviolable and thus exempt from search, requisition, attachment, or execution,” according to the Datasphere Initiative. Estonia, for example, moved its digital assets to neighboring Luxembourg in 2016 to protect them from attacks allegedly coming from Russia.

IDC sees this an ongoing trend and predicts that by 2026 (OK, it’s not exactly a 2025 prediction but there could be movement on this next year), five sovereign countries will establish data embassies in the EU.

“Smaller sovereign countries are realizing they can’t always protect on-prem data,” says Frank Dickson, an IDC cybersecurity analyst. It makes sense. After all, how do you maintain the sovereignty and consistency of your governmental data if you’re struggling to protect your own borders?

For U.S. companies operating globally, this trend means stricter rules around where data can be stored and processed, Dickson says. Compliance with EU and G7 frameworks on data sovereignty will likely become non-negotiable, requiring firms to rethink their infrastructure strategies. Failure to comply could mean massive fines and business restrictions across the Atlantic, he concludes.

[Listen also: In this podcast episode, ISACA’s Safia Kazi gives a quick primer on why it pays to take data privacy seriously]

5. Cyber insurers clamp down on claims

The honeymoon phase for cyber insurance will come to an end.

Expect more aggressive adjustments and stricter terms for claims.

Scott Godes, partner and co-chair, Barnes & Thornburg

Scott Godes, a partner and co-chair at Barnes & Thornburg, predicts that insurers will limit payouts for cyber claims, especially around ransomware and data privacy breaches. “Expect more aggressive adjustments and stricter terms for claims,” he says.

What does this mean for businesses? Insurers are tightening the rules. If your company can’t prove a bulletproof security posture, don’t expect a hefty or even payout when you get hacked.

Instead, stay on guard for the possibility your insurer will file suit to avoid paying you, arguing you didn’t do your due diligence and didn’t adequately disclose what you were doing to protect your data. CISOs need to focus more attention on documenting everything they do – all of their security measures – or risk having an insurer cut them off at the knees when a costly cyber incident occurs.

[Read also: Though they’re expected to rise, cyber insurance rates right now are dropping, and we’ve got consumer tips on how to take advantage of this (perhaps short-lived) trend]

6. AI-powered attacks undermine critical infrastructure

We’ve seen plenty of ransomware attacks, but just wait: Next year, if not sooner, those attacks could reach new heights by weakening critical infrastructure.

It’s not just disruption anymore; it’s destruction.

Erik Avakian, former CISO, Commonwealth of Pennsylvania

Avakian believes attackers will increasingly go after physical systems, from power grids to water supplies. (Especially at risk: small utilities and energy companies.) We’re already seeing strong indications of hackers, allegedly tied to hostile governments, stepping up assaults on U.S. critical infrastructure. In March, the FBI warned Congress that Chinese hackers had penetrated deeply into U.S. cyberinfrastructure looking to cause harm. And in early October, American Water, the largest water utility in the United States, was hit by a cyberattack that forced the company to take down systems. The culprit wasn’t identified but was thought to be sponsored by a nation-state.

“It’s not just disruption anymore; it’s destruction,” Avakian warns.

These AI-driven attacks could compromise entire supply chains, creating havoc that goes beyond data loss. Imagine the panic if an AI-powered worm could physically destroy hardware, leaving companies scrambling for recovery. Governments and private sectors will have to strengthen cyber-physical security or face the consequences.

[Read also: We warned of hacking threats to water systems last spring – check out our roundup of cybersecurity resources]

7. U.S. firms brace for more EU privacy requirements on AI

IDC predicts that by next year, the EU and G7 will adopt a framework allowing individuals to block the use of personally identifiable information (PII) in AI, regulate where that information can be geographically stored, and correct erroneous information. Such a prediction would presumably go beyond what’s contained in the recently enacted EU AI Act. This broad, risk-based framework will govern the development, deployment, and use of AI systems in Europe.

According to IDC’s Dickson, this prediction will hit U.S. companies doing business in Europe hard if they aren’t prepared for it. To his mind, preparation means having technologies in place to prevent PII from being uploaded and used by large language models (LLMs) powering AI chatbot tools like ChatGPT, Gemini, or Microsoft Copilot.

“If an EU resident has the right to block the use of their data, you’re going to have to make sure that your customer data platforms (CDPs) can automate the blocking of that data,” he says. “If you slip up, those kinds of regulations have a lot of teeth, and violating them could get extremely expensive.

[Read also: How to prepare for the EU’s AI Act – start with your risk level]

8. Cyber reinsurance retrenchment causes a coverage crisis

Rising ransom payments and business email compromise (BEC) incidents are pushing reinsurers to back off. Cysurance’s Bay expects a “cyber reinsurance retrenchment” that will limit the funds available to insurance companies, shrinking the scope of cyber coverage available for businesses.

For companies, this means potentially higher premiums, lower coverage limits, and stricter security requirements to even qualify for insurance – even if overall rates continue falling. Reinsurers will require proof of a strong security posture, so businesses will need to validate their defenses rigorously, Bay says.

This shift could make cyber insurance harder to obtain just as it’s becoming essential, she adds.

[Listen also: In this must-hear podcast, Corvus Insurance’s Peter Hedberg explains why it pays to make friends with your cyber insurer (and how to do it)]

9. Decentralized cyberdefense goes mainstream

As centralized cybersecurity systems struggle to keep up with evolving threats, 2025 will mark the rise of decentralized, community-driven cyberdefense networks, says Sean O’Brien, founder of Yale Privacy Lab, who believes this shift will be a game-changer.

We’ll see rapid growth in decentralized cyberdefense networks leveraging blockchain, open-source software, and P2P technology.

Sean O'Brien, founder, Yale Privacy Lab

“We’ll see rapid growth in decentralized cyberdefense networks leveraging blockchain, open-source software, and P2P technology,” he predicts. These networks, or “observatories,” will allow enterprises to pool resources, much as organizations do when constructing whole-of-state cybersecurity programs, and share defense mechanisms in a trustless, distributed way, he says.

What’s the impact? This approach could mitigate the risks of single points of failure inherent in centralized systems, creating a more resilient defense against sophisticated attacks. For companies, this means tapping into community-driven resources and real-time threat intelligence that can adapt faster than traditional models. By 2025, decentralized defenses might be the answer to breaking free from outdated, easily compromised cybersecurity frameworks.

[Read also: A practical guide to build a whole-of-state cybersecurity strategy]

10. Attackers take advantage of haphazard AI implementations

Johannes Ullrich, dean of research for the SANS Institute, notes not all AI implementations are the same. Indeed, many organizations in the rush to adopt generative AI for business and operational purposes might not deploy the technology with security issues at the forefront of their minds.

“Attackers may figure out that AI/ML-based defenses have specific blind spots due to incomplete and biased training data used to create these models,” says Ullrich. “In some cases, if AI models are used to respond automatically, threat actors may be able to trick the models to act on behalf of the malware.”

Avakian says the potential for these kinds of attacks points to a need for robust AI governance. CISOs must ensure that AI integrations are secure and compliant, he says. That means developing new policies around data handling, security, and compliance – without stifling innovation.

With AI-driven processes touching nearly every part of business, from HR to customer service, companies will need robust frameworks to keep things secure and efficient, Avakian adds. Those who ignore AI governance could pay for it in data breaches and hefty regulatory fines.

[Read also: The 3 biggest GenAI threats (plus 1 other risk) and how to fend them off]

Wendy Lowder

Wendy Lowder is a freelance writer based in Southern California. When she’s not reporting on hot topics in business and technology, she writes songs about life, love, and growing up country.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW