Cybersecurity Predictions: What does the cyberscape look like in 2025?

‘Trust in God but lock your car.’

The world is getting serious about cyber and 2025 will be no exception. Organisations are becoming more accountable, proactive, and aware when it comes to cybersecurity and data protection. 2024 saw many data breaches and with AI enabled tools gaining traction amongst bad faith actors, 2025 is going to be no exception.

As per Kaspersky’s IT Security Economics Report, companies plan to increase their IT security budgets by up to 9% over the next two years.

The same is validated by Tech Data’s Direction of Technology Report for the APJ region which revealed that cybersecurity continues to dominate as the top technology priority, with 43% of infrastructure-focused partners planning to offer security solutions in the next 24 months. The growing sophistication of threats and the dual role of AI—both as a tool for security and a target requiring protection—are driving demand for advanced solutions.

As businesses prepare to gear up for emerging risks in 2025, what are some of those security trends they need to consider? Let’s take a quick look at what cyber industry experts foretell for 2025.

Cyber infrastructure will be centred around a single unified data security platform

“In 2025, our region will face a perfect storm of AI-driven cyber threats, escalating in scale, sophistication, and impact. The days of fragmented security approaches are over—organisations must pivot to unified platforms powered by transparent and trustworthy AI to stay ahead,” mulled Simon Green, President, Asia Pacific and Japan at Palo Alto Networks.

As quantum attacks loom and deepfakes become mainstream tools of deception, businesses will either innovate or risk being outpaced by adversaries. In 2025, the organisations will address increased complexity by reducing the number of cybersecurity tools in use, and shifting to a unified platform, offering enhanced visibility and control. The ongoing cyber skills shortage will continue to accelerate this trend. A unified platform will provide end-to-end visibility and context, spanning code repositories, cloud workloads, networks, and SOCs.

As per Simon, 2025 is the year deepfakes go mainstream in APAC. Savvy criminals will take note and use ever-improving generative AI technology to launch credible deepfake attacks. The use of audio deepfakes will also become more widespread in these attacks, as the available technology allows for highly credible voice cloning.

Further, while quantum attacks on widely used encryption methods are not yet feasible, nation-state-backed threat actors are expected to intensify their “harvest now, decrypt later” tactics, targeting highly classified data with the intent to unlock it when quantum technology advances. This poses a risk to governments and businesses, with the potential to jeopardise civilian and military communications, undermine critical infrastructure, and overcome security protocols for most internet-based financial transactions.

Lastly, Simon stressed there will be increased focus on product integrity and supply chain security in 2025. Specifically, they will conduct much more thorough risk assessments, consider accountability and legal implications of business outages and review insurance arrangements.

In cloud environments, where complexity and scale amplify risks, real-time visibility has become a necessity. Expect to see greater focus on comprehensive monitoring involving continuous tracking of both infrastructure and application performance metrics.

Building agile security systems needs to include our security fundamentals

“Starting in 2025, I think we will see an increasing focus on two aspects of AI security: protecting AI systems and defending against AI-driven attacks. After all, cyber criminals are also looking at how to leverage AI to make their attacks more evasive, more efficient, and more effective. AI will lower the barriers to entry for attackers, accelerating their ability to identify and exploit vulnerabilities,” averred Reuben Koh, Director of Security Strategy, Akamai Technologies APJ.

Reuben stressed that while it is important that we focus on AI, we cannot forget our security fundamentals. Attackers will still come after our API endpoints, and they will still conduct phishing attacks. We need to ensure that patches are deployed in a timely manner, our safeguards are always on, and that people are continuously trained to identify and mitigate malicious activity. Because with or without AI, those threats are not going away.

Containment will overtake prevention as cybersecurity strategy of choice

“The focus in 2025 will finally shift from preventing attacks to mitigating their impact. Organisations are spending increasing time, money and resources on prevention and detection technologies like EDR and are still getting breached, so the focus will move toward a breach containment strategy that emphasises resilience and continuity,” shared Trevor Dearing, Director of Critical Infrastructure, Illumio.

Organisations will begin rigorously assessing minimum viable operations to maintain essential services, mapping out detailed rebuild protocols, and establishing recovery measures to minimise downtime. This will not only protect critical services but also reduce the fallout of any single attack, shifting the security dialogue towards “how fast can we recover” rather than “how do we prevent this?”

Post-breach costs will spike, forcing a focus on recovery tools

Liat Hayun, VP of product and research, Tenable Cloud Security revealed, "As breaches become more frequent, post-breach costs will rise, pushing businesses to think critically about what data has been compromised and rethink their recovery strategies. The average cost of a data breach rose to almost $5 million in 2024 – a 10% increase YoY – but the true damage lies in downtime, reputational damages and regulatory fines, particularly in cloud-heavy industries."

As per Liat, in 2025, businesses will pivot toward more robust post-breach playbooks, focusing on rapid incident response, data visibility, better containment protocols, and enhanced forensic capabilities to minimise fallout. This shift signals a broader evolution in cybersecurity, with organisations embracing a more balanced approach that prioritises both breach prevention and effective recovery.

Geopolitical tensions spur living off the land attacks

“In 2025, we can expect a rise in 'living off the land' attacks, where attackers exploit legitimate tools and processes within an organization’s network to avoid detection. As geopolitical tensions rise, cybercriminals from nations like Russia, China and Iran may increase their use of this technique, spreading across networks, establishing multiple backdoors and ensuring they can re-enter if initial access points are cut off,” shared Kevin Kirkwood, CISO, Exabeam.

As these attacks grow more sophisticated, organisations will need to refine their ability to distinguish between normal operations and subtle deviations, focusing on baseline behavior and anomaly detection. Law enforcement and cybersecurity agencies, including CISA, the FBI and the NSA, will need to bolster their efforts to counter these evolving threats, ensuring they can anticipate and mitigate such stealthy incursions.

AI will democratise malware creation, opening the door for a new class of cybercriminals

“You won’t need to be a coder to create sophisticated malware in 2025—AI will do it for you,” shared Steve Povolny, Senior Director, Security Research & Competitive Intelligence, Exabeam.

As per Steve, Generative AI models trained specifically to generate malicious code will proliferate in underground markets, making it possible for anyone with access to deploy ransomware, spyware and other types of malware with little effort. These “hacker-in-a-box” tools will automate everything from writing to deploying attacks, democratising cybercrime and increasing the volume and diversity of threats.

Zero Trust exits its buzzword era to become a fundamental security necessity

John Engates, Field CTO, Cloudflare averred that Zero Trust will become a fundamental security necessity in 2025.

“Imagine a security system that treats every digital interaction as potentially suspicious, requiring continuous verification – much like a hyper-vigilant airport security checkpoint that doesn't just check your ID at the entrance, but monitors your every move. Zero Trust operates on a simple yet powerful principle: trust nothing by default, verify everything constantly. This methodology has become even more essential as traditional network boundaries disintegrate in our cloud-native, distributed work environments.”

Broad brush cyber regulations legislated with good intent will have a reverse effect in 2025 – creating complexity and having no real impact on stopping attacks

Grant Bourzikas, CSO, Cloudflare revealed, “ In the past few years we have witnessed a cadence of record shattering, significant breaches that have drawn the eye of regulators. But while their attempts to raise the security resiliency of organisations are aimed to be helpful, they are often knee jerk reactions that require unrealistic efforts.”

As per Grant, this is a complete misstep, with much of today’s regulatory efforts ineffective and not focused on the most critical aspects of security controls. Regulators still fail to recognise what will make the biggest difference in moving the needle towards immutable infrastructure.