Cybersecurity Predictions for 2025

This week, the National Cybersecurity Alliance released its predictions for cybersecurity challenges in 2025. Cybersecurity events experienced in 2024 are only expected to escalate, including high-profile ransomware attacks, such as those targeting Change Healthcare, critical infrastructure breaches like the Chinese telecom hack, and identity theft. The FTC reported nearly 850,000 identity theft cases in the first three quarters of 2024, which is on track to surpass figures from previous years.

The rise of AI-powered tools continues introducing promise and peril to the landscape. “In the last year, we have seen AI enhance productivity due to its ease of use and widespread acceptance,” said Ron Bebus, CIO of PrivaPlan. “However, it’s not just the good guys using it; the bad guys have discovered that it can boost their productivity, too.”

4 Challenges on the Horizon

1. Ransomware will escalate. It continues to evolve, targeting critical suppliers on which entire industries depend. The 2024 attacks on CDK Global, which disrupted automotive services, and Change Healthcare, which paralyzed health care providers nationwide, vividly illustrated the devastating ripple effects when a single supplier is compromised. A significant ransomware attack on other widely used critical suppliers is likely, further emphasizing the fragility of interconnected systems and the necessity for risk analysis in this area.
2. Identity theft will evolve. Identity theft is diversifying, with stolen identities increasingly used to create fraudulent cryptocurrency accounts and manipulate financial systems. AI adds complexity, enabling criminals to bypass identity verification by mimicking human behavior or creating synthetic identities. Deepfake technology and AI-generated documents may easily fool automated checks. These evolving tactics could make stolen identities even more damaging.
3. Critical infrastructure is under threat. Geopolitical tensions, especially with China, might encourage cyber threat actors to showcase their capabilities against critical infrastructure. Economic pressures and global power dynamics could drive state-linked attackers to demonstrate their skills, potentially exposing vulnerabilities in essential systems such as energy grids, water supplies, and transportation networks.
4. AI-powered scams are expected to rise. The commoditization of AI tools has reduced the barriers to entry for sophisticated social engineering attacks. In 2024, scams utilizing AI-generated content to craft convincing romance, investment, and fraud schemes experienced a notable increase. As these tools become even more accessible, a significant surge in financial losses associated with such scams is projected this year.

Mitigating Cybersecurity Challenges

The key to success is addressing immediate threats while cultivating long-term resilience. By empowering users with smarter security defaults, embracing innovative solutions, and investing in cybersecurity on a national scale, many challenges on the horizon can be mitigated.

For health care entities, the proposed rulemaking published on January 6, 2025, to strengthen the cybersecurity of electronic protected health information (ePHI) under the HIPAA Security Rule is a significant step in this direction. Learn more in our recent article, Strengthening ePHI Security: Insights on the Latest HIPAA Rulemaking.

While the stakes have never been higher as cyber threats evolve rapidly, the National Cybersecurity Alliance indicates there is reason for cautious optimism. Advances in defensive technologies, international collaboration, and increasing awareness of cyber risks suggest that progress is achievable.

“PrivaPlan has increased user training through phishing testing and security training programs in 2024,” said Bebus. “Moving forward, we are raising the bar in teaching users to be on the lookout for AI-based threats. The fakes are getting better, and our responses to these fakes must also improve.”