Long range cyber security forecast for 2025

At this time of year, it’s good to look to the future and spend some time thinking over what might be coming at us. There are lots of reports available to call on such as the World Economic Forum’s Global Cybersecurity Outlook 2025 but sometimes it’s worth going with your intuition. This list is our take on what 2025 has in store and well beyond.

Nation state cyber attacks

Over the last year we have seen a significant increase in nation state activity impacting US critical national infrastructure and most notably ISPs in the last couple of months. With the recent changes at the Department of Homeland Security and other federal agencies, enacted by President Trump we expect adversaries of the US to take full advantage. The seismic changes being thrust upon the federal government by the Department of Government Efficiency (DOGE) team will take some time to materialise. We suspect the information under DOGE control will duly be leaked given their apparent lack of cyber security expertise and attention to detail. A leak of this information will impact hundreds of millions of Americans as the cull of bureaucracy (aka controls) by DOGE continues. Arguably the impact of unauthorised disclosure of the more critical information relating to US military personnel will only manifest itself over years if not decades to come.

Given the perceived weaknesses in information access control by the US federal government we would expect adversarial nation states to be focusing their attentions on the US at this time. If you work in cyber security in the US for any of the National Infrastructure providers things are going to get busier.

Disappointing Artificial Intelligence (AI)

There has been a huge amount of investment in AI and while the technology is evolving there will be a lot of disappointed investors in the short term. Simply put there is too much investment chasing too few opportunities. Some investors will make an absolute fortune while others will not. However, we see huge potential for the application of AI in all science disciplines and business in the medium and long term but it’s going to take 2 to 5 years to implement competently and effectively. This will increasingly impact employment by making staff more productive but also replacing some roles completely and introducing a whole new domain of roles to maintain, secure and exploit AI.

For cyber security defenders, new products with AI integration, operating systems with co-pilots, browsers with plug-ins and model AI systems will continue at pace and it’s always wise to remember that all products have benefits and drawbacks. AI functionality is no different and attackers will learn to adapt and exploit their own AI capabilities. This will only add to complexity of attacks. Attacks will get quicker, bigger and much more complex. Exploitation of zero-day attacks will become near instantaneous exploiting the complexity of supply chains inherent in today’s business world. We expect incidents to materialise quicker with greater magnitude with social media amplifying the feeling of chaos.

We expect the cyber situation to get worse before it gets better in relation to AI.  Once AI from big technology firms becomes embedded in commercial products seamlessly we expect the ‘better models’ based on higher performance cloud technology to give defenders the home advantage over attackers. The challenge then becomes how to prevent organised crime gaining access to these 'better models' as they seek ways around the imbalance.

We are expecting more AI related incidents as AI is poorly exploited or simply gets things wrong with the consequential real-world impacts that result. We doubt that standard business insurance will cover such claims!

Skills gap to increase

With new technologies and rapid technological advancement there will inevitably be winners and losers. As with previous waves of significant technological advancement some jobs will become redundant but others will be created. Keeping up to date with new technology and changes will become ever more challenging.

For cyber security defenders it is critical that teams build for the future and invest in their people to develop them and keep up with the rapid change of technology. This costs money and is critical to keep staff skilled in their ever-evolving roles.

At present the skills shortage in cyber security is not spread out equally around the world. It’s most acute in Asia-Pacific. However, with the pace of technology we should expect this to become a more global issue unless there is a major change in education in technology on a global scale. See the World Economic Forum’s Global Cybersecurity Outlook 2025.

We predict that the salaries in IT and specifically relating to AI, QC and other advanced technologies will continue to surprise. This will impact small companies badly as they are unable to afford to hire the experts they need to compete and stay cyber resilient. The World Economic Forum’s Global Cybersecurity Outlook 2025 also highlights the challenges faced by small companies and their struggle to hire skilled cyber security expertise. This means that smaller companies that form part of a larger firms supply chain will continue to be the weakest link and will be targeted and probably compromised.

Disruptive Quantum computing (QC)

Similar to AI, there has been a significant investment in QC but not with the same level of fervour. With recent developments in this field we expect practical QC to be available in 5 to 10 years. With China playing a major part as their level of investment is significant and arguably on a par with the US. This will clearly impact the foundations of the internet namely trust through attacks on specific cryptographic algorithms. More broadly similar to AI, QC will lead to significant advancement in all scientific disciplines. It will be a step change in human technological advancement – for good and bad in equal measure.

For cyber security defenders it’s important to start developing and implementing plans for a post quantum computing (PQC) world. This means understanding where cryptography is used, what it is protecting and how important or critical it is to your company. Once you have this knowledge you are in a position to prioritise your activities to move to PQC Cryptography. It takes a long time to change cryptographic components so don’t underestimate the time you actually have.

It’s important to note that with QC comes greater computing capabilities especially around modelling quantum systems in nature. This is expected to lead to significant improvements in medicine, material science and engineering. In addition, it will enhance specific aspects of AI processing. As a result, you should expect AI models to improve significantly magnifying the impact of AI on workplaces and cybersecurity specifically.

Once quantum computers are practical at breaking certain cryptographic algorithms, we should expect a treasure trove of harvest now decrypt later information being readily accessible. This may result in further ransomware demands for companies previously compromised and nation state implications.

Climate change impact on resilience

At the start of 2025 we have witnessed one of the most extensive and destructive wildfires in California. Watching the enormity of the destruction is humbling and a good reminder to think about natural disasters (or simply disasters) impacting your business operations. It’s easy to forget about locations of data centres with cloud computing but it’s critical to your survival. We expect more floods, fires and storms to occur in the coming years and it’s more important than ever to have data diversification across geographies, suppliers and technology. It is critical you know where your data centres are that store your data, that you have data diversification and your backups follow the 3-2-1 strategy (3 copies, 2 different types of media and 1 copy off site).

Conclusion

We are currently witnessing the next great wave of technological revolution which brings with it not only the benefits but great disruption. At the same time, we are in the midst of climate change and all the impacts that it will bring combined with geo-political instability in many parts of the world. These features make cyber resilience for companies very challenging. Industry leaders need to think about these sorts of risks and challenges to best mitigate them over the long term and reap the rewards from opportunities when they present themselves.

Its in times like these you need a good team of experts around you, with great capabilities and an excellent understanding of digital operational resilience – to handle any situation.

We aim to help small, medium and large firms, if you need assistance on any of these or similar subjects please get in touch.

About IT Security Locksmith

IT Security Locksmith specialises in board level training and consultancy.

To find out more about our capabilities please click here.

Our services page showcases the types of services we offer.

Click here to contact us for a no obligation initial consultation.