General Atomics

Cybersecurity trends in 2025

Usman Choudhary, Chief Product & Technology Officer, VIPRE Security Group, shares his thoughts on security trends that will likely dominate in 2025.

Image courtesy VIPRE Security Group

Last year saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response and intelligent vulnerability management, to protect data and infrastructure.

In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training.

Combatting AI-powered phishing presents SMEs biggest cybersecurity challenge
In 2025, AI-driven phishing will evolve into a more sophisticated and stealthy threat. Cybercriminals will leverage AI to craft highly personalised attacks using publicly available data and advanced language capabilities, making these scams increasingly difficult to detect. This emerging strategy of threat actors involves multistage attack chains where initial communications appear innocuous, gradually building trust before delivering malicious payloads.

Attackers will specifically target platforms like Microsoft 365 and Google Workspace, exploiting their inherent limitations for credential harvesting. Ransomware actors will develop ‘hybrid’ campaigns that blend phishing techniques with nuanced social engineering, manipulating recipients into unwittingly downloading dangerous files.

Small and medium enterprises (SMEs) are at risk of becoming prime targets due to their limited cybersecurity resources. Criminals will not only directly attack these organisations but also use them as strategic entry points for more extensive supply chain attacks into larger enterprises.

Adoption of AI-driven email drafting tools increasing mis-delivery-related data breaches
Already, misdirected emails have become a critical cybersecurity concern. Potentially, it is the most common cyber incident reported to the UK’s Information Commissioner’s Office (ICO) from a GDPR compliance standpoint.

The rise of hybrid work model and the use of personal devices for work-related tasks often leads to misdirection of email, incorrect file attachments and miscommunication. Auto-complete and auto-correct features in popular email clients such as Outlook and Gmail further exacerbate the risk of misdirected emails, especially as often multiple contacts have similar names.

As the adoption of AI-driven email drafting tools grows in 2025, the potential for data breaches triggered by misdirection increases exponentially. These advanced email writing assistants not only draft content but also suggest recipients based on historical patterns, introducing an additional layer of complexity. The consequences can be severe and costly. A single misdirected email can expose sensitive information to unintended recipients, highlighting the importance of vigilance and careful review in today’s increasingly automated communication environment.

Exploitation of supply chain vulnerabilities through AI-generated malware to increase
The cybersecurity landscape in 2024 witnessed a noticeable increase in the use of malware by cybercriminals to breach corporate networks, leading to widely publicised data leaks and reputational damage for the organisations involved. Likewise, criminals exploited supply chain vulnerabilities to infiltrate systems and cause severe disruptions, highlighting the far-reaching consequences of software integrity failures.  

In 2025, cybercriminals are poised to deploy AI-generated malware to breach both corporate networks and exploit supply chain ecosystems for vulnerabilities. They will leverage AI to develop highly evasive malware to bypass traditional detection methods while also automating vulnerability scanning and phishing. To neutralise these threats, security professionals will need to respond with equally proactive and innovative defensive strategies, including seamlessly integrating zero-trust architecture, embedding AI-powered tools, and implementing rigorous software development practices into their operational workflows.

Mounting data breach costs and regulatory burden drives security awareness training
In 2024, enterprises faced an increasingly challenging cyber threat landscape, as cybercriminals successfully exploited the most advanced technologies, including AI, to breach organisations and cause mayhem. Research shows that the average cost of a data breach reached an all-time high with the global average cost of a data breach estimated at $4.88 million. Human error still remains the number one reason for a successful data breach.

To address this continuously intensifying situation, the regulatory burden is set to increase even more in 2025. The EU AI Act – which has already taken effect – holds significant implications for organisations using AI in their operations, including cybersecurity and privacy. In the US, several states have either enforced or are enacting Data privacy laws in 2025, with all looking to address the collection, use and disclosure of personal data. These laws impose various obligations on businesses, including data protection, breach notification and consumer rights.

The fallout of cybersecurity breaches in 2025 alongside the toughened regulatory landscape will give further impetus and urgency to security awareness training. While technological solutions are of course critical to defend against the constant onslaught of cyber-attacks, employees’ understanding of the threat landscape and vigilance is indispensable for mitigating cybersecurity risk and demonstrating regulatory compliance.

Related

Apollo Global Management trumps Castlelake with £5.7 billion offer for easyJet
easyJet A320
Apollo Global Management trumps Castlelake with £5.7 billion offer for easyJet
With a rival offer now on the table, easyJet shareholders are facing a potential bidding war for control of the airline.
Aerospace

10 Jul 2026

Joby air taxi arrives in London in Virgin Atlantic colours ahead of UK debut
Joby air taxi Virgin Atlantic
Joby air taxi arrives in London in Virgin Atlantic colours ahead of UK debut
Joby Aviation has brought its Virgin Atlantic-branded electric air taxi to Tower Bridge in London.
Aerospace Most Read

10 Jul 2026

NATS handles 241,141 flights in June as weather disruption rises
NATS air traffic controller working in Aberdeen
NATS handles 241,141 flights in June as weather disruption rises
NATS safely handled more than 241,000 flights in June, with UK air traffic increasing month on month as weather-related delays rose sharply.
Aerospace Member News

9 Jul 2026

UK commits £5.4 billion to modernise all 107 RAF Typhoon fighters
Three RAF Eurofighter Typhoons
UK commits £5.4 billion to modernise all 107 RAF Typhoon fighters
Why the UK's Defence Investment Plan overturns January's decision to upgrade only 40 Typhoons to upgrade the entire fleet of 107 jets.
Defence

10 Jul 2026

Thales delivers AI milestone for RAF mission support system
Thales MD MSS
Thales delivers AI milestone for RAF mission support system
Thales, RAF Digital and the National Armaments Director Group have delivered AI and machine learning capability into the RAF’s Multi-Domain Mission Support System.
Aerospace Defence

9 Jul 2026

Royal Navy’s Hybrid Navy takes shape as drone boat is airdropped from A400M
Airdrop of Royal Navy drone from Airbus A400M with parachute
Royal Navy’s Hybrid Navy takes shape as drone boat is airdropped from A400M
Why the Royal Navy's parachute drop of K3 Scout sea-going drone is an important step onto its part to become a hybrid navy.
Defence

9 Jul 2026

ADS sectors add £46.8bn to UK economy but industry warns delivery must follow
Aerospace engineer GE UK
ADS sectors add £46.8bn to UK economy but industry warns delivery must follow
ADS says the UK’s aerospace, defence, security and space sectors remain resilient, but rising costs, finance pressures and supply chain constraints mean government commitments must now translate into action.
CRP Group launches UniqTrust for additive manufacturing traceability
CRP Group has launched CRP UniqTrust, a digital identity system designed to improve traceability and authentication for components made using its Windform composites.
CRP Group launches UniqTrust for additive manufacturing traceability
CRP Group has launched CRP UniqTrust, a digital identity system designed to improve traceability and authentication for components made using its Windform composites.
Airbus UK to build Aeolus-2 weather satellite for Europe’s next forecasting leap
Aeolus 2 by Airbus UK
Airbus UK to build Aeolus-2 weather satellite for Europe’s next forecasting leap
Airbus Defence and Space UK has been authorised to begin building Aeolus-2, a next-generation ESA and EUMETSAT weather satellite designed to deliver global wind measurements for more accurate forecasting, aviation operations and climate monitoring.
Space

6 Jul 2026

ADS sectors add £46.8bn to UK economy but industry warns delivery must follow
Aerospace engineer GE UK
ADS sectors add £46.8bn to UK economy but industry warns delivery must follow
ADS says the UK’s aerospace, defence, security and space sectors remain resilient, but rising costs, finance pressures and supply chain constraints mean government commitments must now translate into action.
CRP Group launches UniqTrust for additive manufacturing traceability
CRP Group has launched CRP UniqTrust, a digital identity system designed to improve traceability and authentication for components made using its Windform composites.
CRP Group launches UniqTrust for additive manufacturing traceability
CRP Group has launched CRP UniqTrust, a digital identity system designed to improve traceability and authentication for components made using its Windform composites.
Logiq launches DISX Isolate for high-assurance defence operations
Logiq launches DISX Isolate for secure defence operations
Logiq launches DISX Isolate for high-assurance defence operations
Logiq has launched DISX Isolate, a standalone secure workspace designed for organisations handling sensitive information in deliberately disconnected environments.