Cybersecurity Trends for 2025

Artificial Intelligence (AI) has been the buzzword in cybersecurity and business for a few years now, and it will continue to impact security and all phases of business in 2025. While AI is improving efficiency and productivity of businesses across all sectors, we have heard just as many horror stories about AI inflicting damage on individuals and businesses alike.

Cyber breaches are becoming more prevalent, companies are increasing cybersecurity investment

A disturbing trend from the UHY 2025 Middle Market Survey* shows that cybercrime is becoming more prevalent. According to the survey, in 2019, 67 percent of participants had never experienced a cyber breach. Three years later in 2022, 63 percent of participants had not had to utilize their cybersecurity resource as the result of an incident. Responses from the current survey indicated a shift in this trend, with a majority of survey participants experiencing a cyber incident over those who hadn’t; 55 percent indicated they had experienced an incident to 45 percent that said they had not.

In response to this trend, more than three-quarters of participants (79 percent) are planning to increase their cybersecurity spending in 2025, which is slightly more than reported in the previous year.

An increase in cybersecurity spending is a welcome sight, but there are specific areas that leadership teams should focus on going into 2025. These are the trends we are watching heading into the new year.

‘Deepfake detection’ protects businesses against AI social engineering attacks

Bad actors have been and will continue to use AI to create better phishing, vishing, SMA, and other social engineering campaigns. They will also leverage the use of deepfakes. Deepfake technology involves manipulating audio and video to create fake content that appears very real. Deepfakes can be used for social engineering attacks, and impersonating individuals (CEOs and other C-Suite leadership). Organizations at risk will need to invest in deepfake detection tools and strategies to protect their reputation and data integrity. Awareness, education, and analog confirmations are key to combating the deepfake threat.

AI is already being used in organizations, whether leadership is aware or not. AI requires governance. Policies and procedures, guardrails, and oversight are essential to ensuring data security and retaining customer trust. As with all policies, these new AI policies need to be lived, not just written. Leadership’s “tone at the top” creates the culture that informs how policies are implemented throughout a business.

Multifactor authentication becomes an essential security measure

Ransomware and data theft extortion are and will continue to be the most disruptive type of cybercrime impacting the middle market. In 2024, ransomware and extortion schemes have affected more than 100 countries and every industry.

One of the primary modes of entry by bad actors is phishing and social engineering, compromising user credentials. In 2025, two-factor / multi-factor authentication (2FA/MFA) will be an essential security measure for business and individuals. MFA is still not ubiquitous. This allows bad actors easy access with stolen and compromised credentials. MFA has been a fundamental security tool for years, but not all businesses or individuals utilize it. 2025 will be the year that even your grandma and Uber driver talk about MFA.

Read the full article published by Cybersecurity Defense Magazine.