Cybersecurity Trends for 2025

Artificial Intelligence (AI) has been the buzzword in cybersecurity and business for a few years now, and it will continue to impact security and all phases of business in 2025. While AI is improving efficiency and productivity of businesses across all sectors, we have heard just as many horror stories about AI inflicting damage on individuals and businesses alike.

Cyber breaches are becoming more prevalent, companies are increasing cybersecurity investment

A disturbing trend from the UHY 2025 Middle Market Survey* shows that cybercrime is becoming more prevalent. According to the survey, in 2019, 67 percent of participants had never experienced a cyber breach. Three years later in 2022, 63 percent of participants had not had to utilize their cybersecurity resource as the result of an incident. Responses from the current survey indicated a shift in this trend, with a majority of survey participants experiencing a cyber incident over those who hadn’t; 55 percent indicated they had experienced an incident to 45 percent that said they had not.

In response to this trend, more than three-quarters of participants (79 percent) are planning to increase their cybersecurity spending in 2025, which is slightly more than reported in the previous year.

An increase in cybersecurity spending is a welcome sight, but there are specific areas that leadership teams should focus on going into 2025. These are the trends we are watching heading into the new year.

‘Deepfake detection’ protects businesses against AI social engineering attacks

Bad actors have been and will continue to use AI to create better phishing, vishing, SMA, and other social engineering campaigns. They will also leverage the use of deepfakes. Deepfake technology involves manipulating audio and video to create fake content that appears very real. Deepfakes can be used for social engineering attacks, and impersonating individuals (CEOs and other C-Suite leadership). Organizations at risk will need to invest in deepfake detection tools and strategies to protect their reputation and data integrity. Awareness, education, and analog confirmations are key to combating the deepfake threat.

AI is already being used in organizations, whether leadership is aware or not. AI requires governance. Policies and procedures, guardrails, and oversight are essential to ensuring data security and retaining customer trust. As with all policies, these new AI policies need to be lived, not just written. Leadership’s “tone at the top” creates the culture that informs how policies are implemented throughout a business.

Multifactor authentication becomes an essential security measure

Ransomware and data theft extortion are and will continue to be the most disruptive type of cybercrime impacting the middle market. In 2024, ransomware and extortion schemes have affected more than 100 countries and every industry.

One of the primary modes of entry by bad actors is phishing and social engineering, compromising user credentials. In 2025, two-factor / multi-factor authentication (2FA/MFA) will be an essential security measure for business and individuals. MFA is still not ubiquitous. This allows bad actors easy access with stolen and compromised credentials. MFA has been a fundamental security tool for years, but not all businesses or individuals utilize it. 2025 will be the year that even your grandma and Uber driver talk about MFA.

Companies look inward to limit malicious insider attacks

According to IBM and Ponemon Institute’s 2024 Cost of a Data Breach Report, malicious insider attacks cost $4.99 million – the highest cost compared to other attack vectors. An insider is a user that is authorized to be in the environment and the user account is not compromised via a phishing or social engineering attack. Insider attacks can appear in different forms such as data tampering, account manipulation, or a leak of sensitive information. Organizations should focus on enhancing their monitoring and detection capabilities; striking a balance between trust and vigilance. As always, employee training and awareness is essential in mitigating these risks.

Incident response plans help mitigate vendor risk

Organizations have become more and more dependent on third parties, cloud infrastructure, and cloud service providers. As we have seen over the years, a single vendor vulnerability can cause costly data breaches, compliance violations, and financial losses. Organizations in the middle market are in a tight spot regarding vendor management. They are not big enough to influence the vendors upon whom they rely, yet their customers require proper security, confidentiality, and privacy controls to be in place. In 2025, organizations need to maintain robust incident response plans. Regular security audits and penetration testing of third-party infrastructure also provide data points needed to manage the vendor risk.

Government intervenes to protect businesses

UHY anticipates that 2025 is the year of cybersecurity regulation. Landmark rules like the US SEC’s cybersecurity rules, the EU’s Cyber Resilience Act (CRA), the Digital Operational Resilience Act (DORA), and the UK’s proposed Cyber Security and Resilience Bill require companies to assume greater responsibility for managing, mitigating, and reporting cybersecurity risks and incidents.
Cybersecurity is essential to maintaining customer trust and growing a business. Cybersecurity protects the possibility.

*UHY’s 2025 Middle Market Survey gathered insights from over 275 middle market business owners from a variety of industries, including automotive, construction, energy, financial services, healthcare, not-for-profit, real estate, staffing, and technology. Most participants represented companies between several million to more than $500 million in revenue and ranged in size from 20 to more than 1,000 employees across the United States. Data collection for this survey took place in 2024.

Read the full article published by Cybersecurity Defense Magazine.