As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of individual organizations.
The lines between threat actors will be increasingly blurred
Cyberattacks of all kinds have long been a feature of international conflict. These have been perpetrated by a wide range of parties, some directly controlled and commanded by national governments and some loosely affiliated. Understanding threat actors to counter these attacks is likely to become more difficult.
Over the years, cyber defenders have formed assumptions and developed strategies to counter the activities of state sponsored threat actors of all kinds. In 2025, we expect those assumptions and solutions to be challenged by the accelerating technology and an increasingly volatile threat environment.
It’s a fair bet there will be an uptick in global conflicts in 2025, after a decade of relative peace. These conflicts will take the form of both open warfare and long-simmering disputes, like China’s claim to the South China Seas and its desire to integrate Taiwan. The use of cyberattacks to support and advance these conflicts will evolve, draw in broader participation, and create collateral damage.
Global cybercriminal alliances between like-minded states and criminal groups will evolve, exploiting generative AI and sharing techniques to accelerate their “time to effectiveness.” It will become more difficult to attribute attacks to a particular nation state or its affiliates. Attackers will be emboldened by this difficulty of attribution and continue to favor effectiveness over stealth in their attack techniques.
We also expect state threat actors will continue to build and maintain their operational relay box networks (ORBs), thanks to the widespread deployment and exploitability of IoT and edge devices. This development will, in turn, put pressure on the manufacturers of these devices to fix vulnerabilities quickly and to avoid introducing them in the first place.
Vendors will also come under pressure to deliver clear evidence of good cyber-hygiene to their customers as cyber resilience initiatives like “secure by design” and “secure by default” gain traction as a market response to the uptick in malicious activity.
We also expect to see significant security vendor consolidation, driven by the operational inefficiencies that result from point solutions and a fragmented security stack. These are already making life difficult for under-resourced and overstretched security teams. Reducing complexity helps improve an organization’s risk posture.
AI as a tool, a target, and a threat
In 2025, expect the AI hype to subside, some real-world use cases of generative AI start to emerge, and AI security and safety to mature significantly.
As a result, AI will demand greater focus from CISOs. They will be expected to defend against new IT based attack techniques. They will have to ensure their own AI models are mapped out and that any threats created by these models are mitigated. The security issues thrown up by AI will necessitate stronger partnerships between CISOs and CTOs, and with other members of the leadership team as ethical and governance issues become clearer.
CISOs, and the organizations they serve, will increasingly need to take a wider view to ensure robust cybersecurity, putting greater focus on the security of every component of their supply chains. A security ecosystem is only as strong as its weakest link. Vulnerabilities within the supply chain can create huge ripple effects across any organization.
All these challenges will further increase pressure on security teams, especially those in small and medium sized businesses. They will struggle against larger enterprises in the competition for security talent.
Crowdsourcing for defense
This is a gloomy set of scenarios for cybersecurity in 2025 and beyond, so let’s end on a more positive note—the wisdom of the crowd will become a more important weapon in the cybersecurity arsenal.
The intelligence of the global hacker community will increasingly be leveraged to bridge the gap between the capabilities of security teams charged with protecting organizations and the creativity and persistence of their adversaries. CISOs will address the perceived shortage of cyber professionals by taking more creative routes to improve access to skills.
We expect to see increased adoption of vulnerability disclosure programs, increased recognition of the practical returns-focused value of public and private bug bounty programs, and the expansion of community-driven threat intelligence and disruption activities. Security teams, especially the more resource constrained teams in SMEs, will increasingly turn to crowdsourced security talent for offensive testing and to fill gaps in their defenses in a scalable way.
In short, we expect to see the cybersecurity community collaborating and co-operating in multiple ways to counter ever greater challenges.
Contributing author: Casey Ellis, Founder, Bugcrowd