The UK’s cyber threat numbers are going up, with both criminal gangs and state actors targeting important infrastructure and organisations. The National Cyber Security Centre warns that the scale of the problem is not fully understood, even with the attacks happening more often and becoming more damaging.
This year, the NCSC handled 430 incidents. These went up from 371 last year. 12 of these were classified as critical, including ransomware attacks that disrupted NHS services and other systems. Ransomware is a real issue, with academia, manufacturing, and charities among the top sectors targeted.
What Is Being Done?
New NCSC chief Richard Horne is pushing for faster action to close the gap between growing threats and current defences. He argues that cybersecurity should not be treated as a box-ticking exercise but as a priority for businesses and public services alike. This includes better protection for supply chains and critical infrastructure.
The government is also promoting schemes like Cyber Essentials, which reportedly reduces the likelihood of cyber insurance claims by 92%. Collaboration with industry and international coalitions, such as the Counter Ransomware Initiative, aims to reduce ransomware payments and improve resilience.
Why Does It Matter?
Cyber-attacks are no longer abstract threats. Incidents such as the ransomware attack on Synnovis, which disrupted NHS blood tests, show how deeply technology is woven into daily life. The British Library’s experience also highlights the risks to access to knowledge and public trust.
Experts believe the UK must step up its defences to prevent further harm. As Professor Alan Woodward of Surrey University points out, the warning is clear: organisations need to act now, or risk facing even more severe consequences in the digital world.
Experts Predict Cybersecurity In 2025
These experts are analysing what they think the cybersecurity space will bring next year, and whether the industry will improve at reducing the amount of attacks as compared to this year. Here’s what they predict…
Our Experts:
- Marcin Kleczynski, CEO and Founder, Malwarebytes
- David Ruiz, Senior Privacy Advocate, Malwarebytes
- Thomas Reed, Director, Cyber Technology, Malwarebytes
- David Bennett, CEO, Object First
- Paul McLatchie, Security Strategy Consultant, Wavenet
- Martin Greenfield, CEO, Quod Orbis
- John Hernandez, President and General Manager, Quest Software
- Nathan Charles, Head of Customer Experience, OryxAlign
- Manuel Sanchez, Information Security & Compliance Specialist, iManage
- Bret Fund, SVP and General Manager, Infosec Institute
- Jason Law, Group IT Director, Avant Homes
- Chaim Mazal, Chief Security Officer, Gigamon
- Galia Beer-Gabel, Partner, Team8
Marcin Kleczynski, CEO and Founder, Malwarebytes
“AI is going to close the talent gap in cybersecurity. No team can do it all but having AI to help prioritise a small team’s risk profile and actions is going to help. AI tools will survey an organisation’s network, flag gaps in security coverage, and prioritise the findings and actions needed to help a small team shore up cybersecurity defences.
Cybercriminals will be laser-focused on finding ways to trick AI systems to infiltrate organisations or bypass security measures. AI tools, such as chatbots now integrated into nearly every website, present a new and vulnerable attack vector. Imagine if a chatbot platform is breached, serving users incorrect information, or directing them to malicious sites or support scams. The rapid adoption of AI tools has made them an attractive target for cybercriminal gangs, who are working to both exploit and crack these technologies for their own gain.”
David Ruiz, Senior Privacy Advocate, Malwarebytes
“The largest opportunity for momentum here, I think, is California’s own AI bill, SB 1047, which already cleared the state’s Assembly and Senate and is simply awaiting signature from Governor Gavin Newsom (he has until Sept. 30). The bill, from my light reading, is totally run-of-the-mill, creating whistleblower protections and requiring AI developers of certain sizes to ensure and test the safety of their models.
“Still, several AI companies and venture capitalists stand opposed. Some claim the bill threatens innovation (it only applies to companies with a revenue of more than $100 million, so that argument is rather hollow unless there’s some mystery $100 million startup), and there were other provisions that got removed in past months.
“The impact here, though, would be one of influence—where California goes, much of the country often follows (at least, in legislation). The state’s own data privacy bill (California Consumer Privacy Act) has influenced legislation in other states, and this bill might do the same.”
Thomas Reed, Director, Cyber Technology, Malwarebytes
“The area to watch for mobile in 2025 will be the alternate app stores for iOS in Europe. They could be safer, due to being much smaller and easier to moderate than Apple’s larger App Store, or they could bring a rise in malicious apps due to poor screening processes. Only time will tell!”
David Bennett, CEO, Object First
“The White House recently called for insurance companies to stop issuing policies that incentivise making ransom payments in the event of cyberattacks, but there is no legislation on the horizon explicitly preventing that. Last year, you predicted that the cyber insurance market would force the hands of companies to adopt better data protection practices. How do you see the cyber insurance market evolving in 2025? I still believe we will see continued (If not accelerated) pressure from insurance companies to ensure their users implement adequate protections to improve data protection and resilience.
“Its in the best interest of the underwriters and honestly the actual companies insured to make sure they are resilient – what’s the point in getting paid out by cyber insurance policy if you have no actual company data left… you have no company!
“A recent ISC2 report found that the cybersecurity workforce grew just 0.1% YoY due to budget cuts, layoffs, and hiring freezes despite a continued global staffing shortage. For context, the cybersecurity industry grew 8.7% in 2022 to keep pace with rising cyber threats. What does this mean for the future of the cybersecurity/IT industry? It’s a challenge that’s only going to get worse. Its incumbent of leadership to implement education of the workforce as a matter of on-boarding and regular compliance training.
“What are ways that companies might be able to address the cyber skills gap? Humans are the #1 problem in nearly all cyber incidents, per the above Cyber resilience needs to be embedded into the training, onboarding and regular cadence of any HR/employee programs – its no longer just an IT function.
“How will C-suite business priorities shift in 2025? Clearly with uncertain nature of the world from the US election, ongoing challenges in geopolitical environments and slowing business growth the C-suite and boards look to cut budgets. And yet companies race out to acquire the latest greatest security technologies , however what the C-suite should be doing is balancing that pro-active protection with a view on full cyber resilience.
“This requires some hard questions to be asked – what is really important to the business and what will keep it running…. That’s usually a core set of data or information – make sure that’s defined and ensure you are following the 3-2-1 data resilient principles with immutable copies.
“Where do you see the biggest opportunity for demand growth in the year ahead? Are there certain industries that may be more prevalent than others? No single vertical really, only that the world needs to wake up and realise they absolutely MUST have a copy of their data that is immutable.
“Are there certain industry expectations that companies will be looking for in their data storage vendors and partners next year? Technology has to be made simpler – the IT industry is amazing with great products, but how many are actually really easy to use and live up to their promises? – Not many.
“What are key trends from this year that have changed companies’ approach to data storage that you think will carry over into 2025? Immutability – finally people understanding why it’s important.”
Paul McLatchie, Security Strategy Consultant, Wavenet
“The threat of cyber-attacks shows no sign of slowing down, and the seismic impact of breaches will continue to derail many businesses. Operational resilience is thankfully gaining traction within many organisations and with that the spotlight is falling on the specific subject of cyber resilience. Organisations are generally adopting a more pragmatic approach in assessing the possibility of a realised cyber-attack, an attitude of “when, not if”.
“More focus is being concentrated on the development of cyber incident response plans, mapping critical processes and aligned responsibilities that will be leveraged in the event of cyber-attack. Not only that but cyber-attack simulation exercises are rising to prominence, organisations taking full advantage of the lessons learned in validating their incident response capability.
“There is also movement towards the “cyber aware C-level”, with businesses improving on their communication of cyber-risk to senior management. Use of targeted key risk indicators (KRIs) and concise, digestible messaging in translating organisational cyber security posture is paying dividends in co-opting C-level support.
“There is never a good time to have a security breach, but detailed cyber incident response plans will separate businesses next year into two groups: those confident in their pre-planning, and those burying their head in the sand.”
Martin Greenfield, CEO, Quod Orbis
“The days of siloed security monitoring are numbered. 2025 will be the year of integrated, intelligent and collaborative cybersecurity.
“The implementation of the EU’s Digital Operational Resilience Act (DORA) will be the biggest change in cybersecurity monitoring and controls for 2025, representing the most significant regulatory shift our industry has seen in years.
“DORA’s mandate for comprehensive third-party risk management will revolutionise how financial institutions approach their supply chain security. Forward-thinking organisations are already embracing AI and automation to scale their monitoring capabilities across their vendor ecosystem. This technological leap isn’t just about compliance—it’s about transforming what could be an overwhelming regulatory burden into a strategic advantage for operational resilience.
“The regulation’s emphasis on sophisticated Threat-Led Penetration Testing and rapid incident reporting will drive significant cultural change. Financial institutions must move beyond viewing other market players as competitors and embrace information sharing as a collective defence strategy. AI will be pivotal here, enabling real-time threat detection and automated response at a scale previously unattainable through traditional monitoring approaches.
“Most crucially, we’ll see the emergence of “assumed breach” as the default security posture, with continuous monitoring and rapid response capabilities becoming paramount. Organisations that fail to adapt to this new reality—and particularly those hesitant to leverage emerging technologies—will find themselves increasingly vulnerable to sophisticated cyber threats next year and beyond.”
More from Tech
- Alternatives To Ring Doorbells
- Retro Rewind: 10 Vintage Tech Gadgets We Left in the Past
- Best Tech and Apps for Preventing Phone Theft
- How Can Crypto and Blockchain Technology Contribute Meaningfully to Tackling Financial Exclusion?
- World Bicycle Day: Tech Used At The 2025 Giro d’Italia
- Meet Ada: The Accurate Carbon Insights Tool
- Tech And Apps For Your Blood Pressure Monitoring
- Spreadsheet SDKs and the Role they Play in Modern Retail Data Management
John Hernandez, President, and General Manager, Quest Software
“The IT “retirement crisis” will impact every organisation in 2025, as people with crucial Microsoft platform skills, such as Active Directory, become increasingly scarce. Given this, more and more organisations will prioritise a strategic approach to better protecting their systems and mitigating the risks of identity compromise. We are already seeing growing interest in strategies such as Identity Threat Detection and Response (ITDR) and expect that investment in this area will only increase in the coming years.
“The industry will recognise an Entra ID adoption ceiling in 2025, due to the persistent need for legacy systems and the management of existing effective policies that will require “pockets” of Active Directory (AD) usage. In this hybrid environment, where Active Directory and Entra ID coexist, organisations will need to adopt a comprehensive approach to address identity security threats. As the complexity of managing identities in such diverse environments increases, implementing advanced solutions like Identity Threat Detection and Response (ITDR) will become essential for maintaining a robust security posture and ensuring compliance with evolving regulations.
“The Microsoft/CrowdStrike outage will make all companies realise outages are inevitable and that seeking an elusive strategy to protect against outages is not a practical solution. Instead, companies will increasingly focus on risk management. This is likely to become a strategic priority in 2025, as it will ensure business continuity and resilience in the face of unforeseen disruptions, ultimately improving overall security.
“In 2025, Copilot will be one of the most innovative products released by Microsoft. Leveraging Copilot across multiple data sources within Microsoft 365 will drive greater adoption of generative AI in organisations from the ground up. Copilot for Security will also become a critical tool by integrating with a broad range of ISV-security plugins. This ecosystem of ISV-plugins will provide specialised tools, enabling Copilot to deliver enhanced, multi-layered threat detection. It will empower organisations to tackle complex security challenges more cohesively and proactively, while alleviating concerns about the secure application of AI across both internal and third-party solutions.
“IT will have to manage an increasingly uncertain world in 2025. Nation-state-driven cyberattacks will become more frequent and sophisticated, targeting businesses and critical infrastructure. These attacks, combined with inevitable widespread outages affecting major service providers and platforms will extend beyond companies and governments, making the impact more personal to consumer lives.
“As a result, IT will be under pressure to strike a balance fortify their systems from being caught in the crossfire of larger global cyber conflicts and outages while also focusing on the basics—like assessing and securing the configurations of their identity systems. Preparing for complex, high-level attacks is essential, but so is ensuring that fundamental defences, such as “locking the doors,” are not overlooked. This dual focus will be crucial in building a cohesive strategy to mitigate evolving cyber threats.”
Nathan Charles, Head of Customer Experience, OryxAlign
“In 2025, we expect to see AI becoming a proactive force in cybersecurity. While AI-powered phishing will remain a top threat, AI will also increasingly be used to anticipate and neutralise attacks. Advanced machine learning models will analyse threat patterns in real-time, identifying risks and responding before they can cause significant damage. We’re entering an era where human reaction times are simply too slow. Automation will be the key to staying ahead of cybercriminals.
“We also predict a surge in the adoption of zero-trust architectures in 2025. With hybrid working becoming the norm, businesses can no longer rely on perimeter security models. Instead, they will shift to zero-trust principles, where every device, user and connection is continuously verified before access is granted. This shift is already underway, but in 2025, we expect it to become a standard practice rather than a forward-thinking strategy.
“Finally, we foresee the continued rise of ransomware-as-a-service (RaaS) as one of the most significant threats. The business of ransomware is becoming more sophisticated, with criminals offering it as a subscription service, complete with 24/7 support. Companies that fail to build robust defences will increasingly find themselves facing costly ransom demands, alongside the reputational and operational damage that follows.”
Manuel Sanchez, Information Security & Compliance Specialist, iManage
1. AI, cybersecurity risk, and regulation – the new triad shaping data governance
“In 2025, data governance will take center stage – in the wake of 2024, a year marked by waves of third-party-driven hacks, data breaches, and outages. The realisation that supply chain risks cannot be pre-empted or mitigated with slap-dash solutions or quick fixes has become clear. Data governance will re-merge as a critical business priority, shaping the future of risk management. Re-assessing vulnerabilities and developing robust data governance strategies will move to the forefront of Security leaders’ agendas.
“The need for and importance of this is already evidenced in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework 2.0 (CSF 2.0), which places newfound emphasis on cybersecurity governance and risk management. The race to adopt generative AI technologies adds another layer of complexity to the data governance challenge. Organisations need to implement governance frameworks that are robust, transparent, forward-looking, and aligned with their cybersecurity risk posture.
“Furthermore, with public awareness of data rights growing, so is the volume of data subject access requests (DSARs). Against a backdrop of generative AI adoption, DSARs will put even more pressure on organisations to develop capabilities to manage and retrieve personal data efficiently. Streamlined data management will be crucial not just for data security, maintaining customer trust and regulatory compliance, in equal measures.
2. From optional to imperative – MFA will underpin security, compliance and governance
“Multi-factor authentication (MFA) thus far a slow burning trend, will gather steam in 2025 in the professional services sectors (enterprises). This rise in adoption will not only be driven by just security, but compliance and governance, as the world moves towards a password-less authentication future.
“The catalyst for MFA adoption comes from multiple fronts. Cyber insurance providers, recognising the critical role of MFA in risk mitigation, are already making it a non-negotiable requirement for policy coverage.
“Government and regulatory bodies are equally influential in this push towards MFA. The UK’s National Cyber Security Centre (NCSC) has taken a bold step by mandating MFA for corporate online services. While data protection compliance doesn’t universally require MFA yet, the winds of change are blowing.
“France’s data protection authority, CNIL, has already outlined specific scenarios where MFA is deemed necessary for legal and security purposes, interpreting the underlying GDPR compliance principles to support MFA adoption. Similarly, ENISA, the European Union Agency for Cybersecurity, has thrown its weight behind MFA, recommending its use for high-risk access to personally identifiable information.
“Microsoft is actively shaping this trend. Already, Microsoft has started enforcing mandatory MFA for all Azure sign-ins. As the dominant technology in the enterprise, Microsoft’s stance on MFA means that user organisations and software providers alike will be compelled to align their systems and practices with this new MFA-centric trend.”
Bret Fund, SVP and General Manager, infosec institute
“It’s not just hackers and bad actors that are a cybersecurity threat – some of the biggest breaches have been caused by employees making simple but avoidable mistakes. Of course, it’s paramount to have a comprehensive strategy for data privacy, AppSec, network access, and more. However, it’s important to train people to recognise threats and take action. This is where traditional security awareness training is evolving to better address these human risks.
“Human risk management should be at the core of an organisation’s risk management strategy, especially in the age of AI. As tech advances, training must be regularly updated to focus on relevant areas, like potential malicious uses of AI, mobile-specific risks, phishing attempts and social engineering. Cyber hygiene in this context takes on a full new meaning. Personalised, in-the-moment, role-based cyber training that integrates with the security operations side of the organisation is what the industry should strive for.
“Using engaging, collaborative and continuous training materials and methods that cater to individual needs and challenges will equip employees with stronger odds of digesting and remembering what they learned when they are eventually met with bad actors or opportunities to engage in risky actions.”
Jason Law, Group IT director, Avant Homes
“For technology leaders, the rising importance of IT sustainability will be a key priority for 2025.
“Those within senior tech positions will need to ensure they fully understand the regulations around IT sustainability and the action required to reduce carbon emissions on behalf of their organisation.
“As part of this, identifying, navigating and implementing the necessary criteria set out across a multitude of legislative publications will become a business-critical task.
“While construction – and specifically housebuilding – tends to retain more traditional operating methods compared to other, more digitally advanced sectors, leveraging technology to minimise carbon emissions will have significant importance.
“Transitioning to cloud-based systems is a logical step to take in this direction. Not only does this reduce physical hardware but also improves energy efficiency, aligning with both sustainability goals and cost-saving initiatives.
“Conducting thorough evaluations of existing and prospective IT supplier’s sustainability credentials can also help reduce or prevent second-hand carbon footprint contributions stemming from the supply chain.
“In line with this, the need for transparency surrounding green initiatives is also apparent. Organisations and their technology leaders need not just talk about their steps toward sustainability but provide demonstrable evidence of their efforts.
“A common misconception is that sustainable practices will always result in a financial or operational sacrifice. In reality, the sustainable option is oftentimes the most resourceful one too.
“Finding this equilibrium between optimising business performance and construction timeframes, as well as maximising sustainability efforts will be a core focus for the construction sector’s technology leaders over the coming year.”
Chaim Mazal, Chief Security Officer, Gigamon
“The biggest AI threat isn’t deepfakes, it’s the quantity and quality of cyberattacks – deepfakes are having a moment, but what they really prove is the bigger issue around how AI is accelerating the volume of higher-quality attacks.
“AI is currently upleveling the capabilities of novice attackers. It also has exponentiated the discovery process of low-level exploitation techniques. As such, organisations need to pay more attention to how to combat the volume of attacks spurred on by AI.”
Galia Beer-Gabel, Partner, Team8
“Fraud prevention and cybersecurity are increasingly intertwined, as cyber vulnerabilities are often exploited to execute sophisticated fraud schemes. Today, effective fraud prevention strategies must encompass cybersecurity measures to address these cyber-driven threats directly.
“Take ‘FraudGPT,’ for example—a tool designed to generate highly convincing scams and social engineering attacks. FraudGPT empowers fraudsters to craft personalised, deceptive messages that can exploit both human and system-level weaknesses.
“This kind of cyber-enabled fraud intensifies the need for strategies like those targeting Authorised Push Payment (APP) fraud, where attackers trick individuals or employees into authorising transactions to fraudsters. Protecting against such attacks requires layered defenses and an understanding of how cyber and fraud risk converge, enabling organisations to counteract fraudsters who continually exploit these cyber vulnerabilities.”
