Fene Osakwe is one of Africa’s most sought-after cybersecurity advisors, best-selling author, global speaker and cyber mentor.

2024 has been a challenging year, and it appears 2025 will bring more of the same. Several factors influence this, including an increase in the creation of digital assets to better serve customers, a growing online presence and heightened regulation. The Digital Operational Resilience Act (DORA) will play a significant role in Europe, especially as more developing countries implement legislation and demonstrate a greater appetite for technology.

Digital transformation and cloud adoption continue to rise, with artificial intelligence (AI) and large language models (LLMs) being leveraged for efficiency. However, with advancements in technology come new risks. I’ll discuss the top cyber risks that organizations should watch out for and mitigate in 2025.

Fear Of Missing Out (FOMO) Vs. Current Realities

Many professionals and organizations are eager to adopt AI, creating models and building machine learning capabilities. While these developments are beneficial, they shouldn’t come at the expense of essential security governance and vulnerability management practices.

Currently, there is a trend of neglecting foundational security measures such as patch management, user access management, high availability and timely vulnerability remediation. The global IT outage in July 2024 was a reminder for all about the effect of change management gone wrong. Foundations are crucial; ignoring them puts the entire structure at risk.

Legacy Systems

In the rush to embrace AI, many organizations overlook their legacy systems—often remnants from mergers and acquisitions (M&A). As companies grow through acquisitions, these legacy systems may become weak links in the cybersecurity chain. Management must have an intentional strategy to have a security advisor present during M&A conversations.

Spear Phishing

Cybersecurity professionals often say people are the weakest link. Traditional phishing emails might target many with the hope that a few will click on a malicious link. In contrast, spear phishing is a more targeted approach that focuses on specific individuals—often executives. Attackers gather detailed personal information to craft convincing emails, making victims more vulnerable to exploitation.

A May 2023 Barracuda report found that spear phishing emails make up less than 0.1% of all email-based attacks yet cause 66% of all breaches. Managing the information individuals put online has to be a priority for organizations in 2025.

Third-Party Risks

In my 2023 predictions, I emphasized that third-party risks would continue to rise, and 2025 will be no different. The July 2024 IT outage highlighted this vulnerability. In 2025, I foresee an increase in third-party liability clauses within contracts to hold third parties accountable in the event of a breach or operational disruption.

Prompt Injection

As chatbots become increasingly popular, prompt injection attacks—where malicious prompts are embedded in training data to manipulate AI outputs—pose a significant risk. According to OWASP, this is a top risk concerning LLMs. A key preventive measure is to regularly update and fine-tune LLMs to better understand malicious inputs and edge cases.

Nation-State Threats

With ongoing global conflicts, cyber warfare tactics are escalating. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted how various countries are shifting their focus from ground combat to cyber operations—seeking tactical plans, confidential information and intellectual property.

Increased Regulations And Fines

Regulations will continue to be enforced in 2025, such as the EU AI Act, DORA and the Personal Information Protection Law (PIPL) in China, among others worldwide. Regulatory bodies are implementing these measures to protect data subjects from cyber breaches. Consequently, organizations will face more compliance requirements, increasing the risk of fines and compliance fatigue.

Ransomware

Ransomware will remain one of the most prevalent cyber threats. I believe the trend of double extortion will evolve into triple extortion, where hackers could demand payments in multiple ways—one payment for system access, another for data leakage, and a third to prevent a DDoS attack. This model creates a difficult dilemma for victims, forcing them to choose between paying the ransom to avoid data exposure and business disruptions or refusing and risking those consequences. I expect we will see this evolution in 2025.

Expect 2025 to be an active year on the cybersecurity front. As these threats increase, organizations will seek more security professionals with the expertise needed to mitigate evolving risks, manage compliance and maintain operational integrity. Wishing everyone a cyber-secure year ahead!

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Share.

Leave A Reply

Exit mobile version