Estimated reading time: 5 minutes

Every year, cybersecurity experts face new vulnerabilities. Two new reports outline the threat of geopolitical conflicts, GenAI, complex supply chains, shadow IT and more…

Why is cybercrime so hard to defeat? There’s an obvious answer. It is very lucrative.

Indeed, according to one estimate, scammers may have siphoned away $1 trillion in the past year alone. That’s equivalent to the GDP of some nations.

So, there’s a huge financial incentive for the scammers and the spammers to keep working. That said, many cybercriminals are not even doing it for the money. Instead, they’re motivated by ideology or politics. This is all contributing to a worsening risk landscape. 

Two new reports – the World Economic Forum’s Global Cybersecurity Outlook 2025 and Thales’ Cybertrends 2025: What are key cyber trends to watch in 2025?  – suggest there are four main factors driving the space today. 
 
•    New geopolitical tensions
•    Complex supply chains 
•    The use of new technologies by cybercriminals
•    The rising compliance burden for organisations

But it’s not all bad news. The reports also reveal that a rising number of enterprises feel well-placed to defend themselves – thanks to new tools and better training. 

 

There’s a lot to digest in the research. To make things simpler, we crunched the data to surface 25 key trends for 2025…
 

#1. The cyber threat is rising

72 percent of respondents to the Global Cybersecurity Outlook (GCO) survey report a rise in cyber risks. 
 

#2. $1 trillion to the scammers

Cybercriminals earned $1.03 trillion in 2024. This cost some countries 3 percent of their gross domestic product (GDP). 
 

#3. Cybercrime is an industry

Cyber-enabled fraud is so profitable it has attracted organised crime. It is estimated that 220,000 people have been forced to work in online scam-farms in South-East Asia.
 

#4. Cybersecurity insurance is set to double

The size of the global market for cyber insurance will grow from $14 billion in 2023 to $29 billion in 2027.
 

#5. One outage: $5bn in losses

In 2024 a faulty update to CrowdStrike’s cloud-based security software caused $5 billion in losses. It showed the chaos that can result from an outage. 
 

#6. Ideology is driving more attacks

Geopolitical conflicts – especially the Russian invasion of Ukraine and the conflict between Israel and Hamas – are fueling more crime. The line is blurring between hacktivists, cybercriminals and states.
 

#7. Geopolitics is affecting enterprises too

Nearly 60 percent of organisations say geopolitical tensions have affected their cybersecurity strategies. One in three CEOs say cyber espionage and loss of sensitive IP is their top concern.
 

#8. Nearly half of companies have been socially engineered

When cybercriminals cannot beat tech defences, they can always trick humans into giving them the keys. Social engineering is a huge problem. 42 percent of organisations experienced a successful attack in the past year.
 

#9. AI is this year's biggest threat

66 percent of organisations expect AI to have the most significant impact on cybersecurity in the year to come. But despite this, just 37 percent have processes in place to deploy the tech safely.
 

#10. The new GenAI threat: Prompt Injection Attacks

Hackers now use prompt injections to trick GenAI systems into leaking sensitive data. They are a serious threat as there is still no foolproof way to address them. 
 

#11. The AI deepfakes are here

Deepfakes have been discussed for years. Now, they have arrived. There was a 223 percent rise in the trade of deepfake-related tools on the dark web between Q1 2023 and Q1 2024.
 

#12. AI will create new cybersecurity roles

AI is changing the way everyone works – including cybersecurity teams. 91 percent of chief information security officers (CISOs) expect AI to generate novel roles in the space.
 

#13. Introducing the AI CISO assistant

Many believe AI tools can serve as security advisers – like a co-pilot to the CISO – spotting threats and aiding decision-making.
 

#14. Small firms believe they are 5x more vulnerable to attacks

35 percent of small organisations feel they cannot secure themselves against cybercrime. By contrast, only 7 percent of large enterprises think the same. 
 

#15. The public sector is more vulnerable 

When it comes to cyber defences, there’s a huge gap between the public and private sector. 38 percent of public sector respondents feel they lack resilience, compared to just 10 percent of medium-to-large private-sector organisations.
 

#16. Developing nations need better defences

Cybercrime at the state level is a rising concern. The good news is that just 15 percent of respondents in Europe and North America lack confidence in their country’s critical infrastructure defences. More worryingly, this proportion is 36 percent in Africa and 42 percent in Latin America.
 

#17. CEO’s biggest worry? The supply chain 

54 percent of large organisation leaders say supply chain is the biggest barrier to achieving cyber resilience. The problem is rising complexity and a lack of visibility into the security levels of suppliers.
 

#18. Regulations make companies feel safer…

78 percent of leaders from private organisations feel that cyber and privacy regulations effectively reduce risk in their ecosystems.
 

#19. …But regulation needs to consolidate

Cybercrime laws might help, but there are too many of them. The research found that 76 percent of CISOs say fragmentation is affecting their ability to maintain compliance. Meanwhile 69 percent find regulations too complex and struggle to know if third-party suppliers are compliant.
 

#20. More cyber skills needed

Two out of three organisations report moderate-to-critical skills gaps. Only 14 percent of organisations are confident they have the people and skills they need.
 

#21. Ransomware is the CISO's biggest fear

57 percent of CISOs named ransomware is the biggest cybercrime concern, compared with 22 percent for supply chain disruption.
 

#22. Cybercrime-as-a-Service (CaaS) is spreading

CaaS is on the rise, allowing individuals without technical expertise to commit cybercrime. This model makes malware harder to detect as there are so many different perpetrators, each using different techniques and behaviour patterns.
 

#23. The infostealer is the cyber criminals’ new weapon 

Infostealers take credentials from compromised devices, browsers, cookies, and logins. They can even steal one-time passwords (OTPs), and can be bought for as little as €5. 
 

#24. Zero-day vulnerabilities have surged

A zero-day vulnerability is a flaw in software that is unknown to the programmer/vendor. State-sponsored actors are investing more resources into finding these flaws in 2025.
 

#25. IoT boosts the Shadow IT threat

The IoT will continue to increase the attack surface in 2015. A particular problem is Shadow IT, where ’things’ are integrated into corporate networks without the knowledge of IT teams.