Industry predictions for 2025 part 1: What does the threat landscape look like in the coming year?

Hackers and other threat actors are constantly evolving their tactics and strategies, taking advantage of new technologies to enhance their attacks.

Here’s what some of the industry’s best think the 2025 threat landscape might look like.

Jason Plumridge
Chief information security officer at Tesserent

Tesserent expects there will be increasing attacks that threaten Australian critical infrastructure and utilities in 2025, with these attacks supported by AI. We are likely to see AI drive scripting and coding, making the attacks easier to perform for cyber criminals as they attempt to target known critical infrastructure vulnerabilities in new ways.

AI is already being used in defending technologies such as SIEM to identify threats based on patterns – and this will continue in the coming year. The most successful attacks will still be because of poor security practices and a lack of vulnerability management or access control that allows initial access to networks and systems.

Nadir Izrael
CTO at Armis

Nation-states and rogue factions are rapidly integrating cyber attacks into their military arsenals, with cyber operations becoming a first-strike option in geopolitical conflicts. By targeting critical infrastructure – such as energy grids, communication networks, transportation systems, and supply chains – these attacks can cripple an entire national infrastructure and create mass chaos without a single physical shot being fired. This shift towards cyber warfare reduces the immediate risk of physical casualties and, in turn, allows state actors to engage in asymmetric warfare, where a smaller, technologically advanced nation can punch well above its weight.

In 2025, we expect to see an escalation in state-sponsored cyber attacks aimed at creating widespread disruption and psychological stress. These attacks will be characterised by increased sophistication as governments turn to advanced technologies, including AI-driven malware, to outmanoeuvre their targets.

VIEW ALL

Kumar Mitra
General manager and managing director, greater Asia-Pacific region, at Lenovo ISG

With the rise of high-profile data breaches in 2024, cyber security will remain a critical area of focus for businesses in Australia. Specifically, the spotlight will be on securing data, after Lenovo’s 2024 Smarter Data Management Playbook found that data security was the number one priority among IT and business decision-makers. Increased government regulations, such as the Cyber Security Bill proposed in Australia, are pushing companies to enhance their security measures while also holding them accountable for losses and damage resulting from security failures. This growing awareness is prompting businesses to invest more heavily in cyber security and data protection solutions, implementing stricter processes around accessing and securing data. As the volume of data continues to increase, due to growing demand in services such as artificial intelligence (AI), the challenge lies in maintaining a robust and cost-effective data infrastructure.

It is essential that businesses begin building resilient ecosystems before regulations are enforced to avoid rushed implementations that increase the risk of vulnerabilities during transition. Lenovo helps businesses do this by providing a comprehensive range of cyber security services, from security assessments through to managed detection and cyber resiliency as-a-service.

Leon Poggioli
ANZ regional director at Claroty

A major cyber attack will be executed on critical infrastructure as part of a wartime scenario, and this will enter mainstream news as world leaders recognise the need to protect their domestic critical infrastructure from being attacked by an act of war [by] their enemies.

Proposed legislation to protect Australia’s critical infrastructure sectors will be formally legislated, which will expose organisations that are under-invested in cyber security and haven’t made efforts to improve their cyber posture. A successful attack on critical infrastructure will also become an election issue in some jurisdictions as citizens demand their governments protect the critical infrastructure they rely on from cyber attacks.

Trevor Dearing
Director of critical infrastructure at Illumio

The world continues to hang by a thread when it comes to combating cyber attacks. However, next year, we will reach a breaking point, and the consequences will be severe.

Likely driven by a state actor, I expect we’ll see a major attack on CNI, like energy, that will cripple essential services and halt basic operations for days. The impact could lead to unprecedented public disruptions, such as power outages and massive hospital evacuations, forcing a much-needed rethink by government and industry in cyber resilience and how we protect and operate essential services. A new approach, similar to a “DORA for Energy”, may emerge, calling for a coordinated secure-by-design model.

Lorri Janssen-Anessi
Director of external cyber assessments at BlueVoyant

One very positive win for 2024 was the downward trend in ransomware. One conclusion behind this trend is that organisations are taking a more defensive and proactive approach to ensuring the security of not only their own organisations but also their third-party supply chains. Supply chains have been and continue to be one of the biggest vectors for ransomware attacks to date. This decrease could also be attributed to overall awareness and improved incident response programs. Some other contributing factors could be improved network segmentation, controlling user privileges, and general improvements in data backup strategies. Continued vigilance in these areas will keep this trend going in the right direction.

Something that could continue to help is companies vetting suppliers’ cyber security practices and programs. These additional requirements could include adding layers of due diligence.

Austin Berglas
Global head of professional services, BlueVoyant

The increasing digitisation and connectivity of critical infrastructure systems, such as power grids, water supply, transportation networks, and healthcare facilities, have made them prime targets for sophisticated cyber threats, posing significant risks to national security and public safety. See the recent activity of advanced threat actors like Volt Typhoon, a cyber espionage group believed to be affiliated with a nation-state, which is known for its ability to infiltrate and persist within critical infrastructure networks using stealthy tactics, such as living-off-the-land techniques, which allow them to avoid detection by conventional security tools.

Such capabilities could lead to catastrophic consequences, including service disruptions, economic destabilisation, and threats to human lives. As the world continues to see ongoing, multi-year conflicts, nation-states will continue to utilise offensive cyber operations to gain footholds and pre-position tools and capabilities to support the asymmetric battlefield.

Nick Schneider
CEO of Arctic Wolf

Now that AI has proven to be its own attack surface, in 2025, we can expect to see the number of organisations leveraging AI for both security and beyond will increase. As we look at the biggest risks heading into the new year – the bigger concern from a cyber perspective is shadow AI. Unsanctioned use of these generative AI tools can create an immense number of risks for organisations.

In the new year, companies will be trying to both understand and control what information their employees are feeding to any and all AI tools they leverage in the workplace – and how it could be training models with sensitive data. It will be critical to the security of organisations for employees to carefully follow the AI policies being implemented across the company and to monitor for any updates to those policies.

Mike Arrowsmith
Chief trust officer at NinjaOne

Legacy industries and organisations that have been around for decades and are responsible for managing a unique blend of hardware and software across continents – think airlines, railways, energy production, and the like – will be a top target for ransomware attackers in 2025. These organisations move large sums of revenue, and their systems generally aren’t the most modern.

Also, due to the sheer size of the business, they typically have smaller IT teams in-house and employ more outside services and third-party partners to help maintain those systems. This exposes them to more methods of attack, which bad actors are increasingly taking advantage of to secure massive paydays.

David Friend
President and CEO at Wasabi Technologies

A lot of people who are in the backup and data protection space are trying to tap into the budgets for security as opposed to the budgets for backup per se and are rebranding themselves as companies that are playing in the security end of the business. And I think that’s actually appropriate because, certainly, there’s the aspect of preventing data theft, but the business of ransomware, for example, which is a matter of depriving the customer of the use of their own data, so if they actually can’t continue with business, that’s a storage problem.

And I don’t think there’s any way that people are ever going to keep intruders out entirely. It’s a cat-and-mouse game, and it has been really my entire life with people who were trying to do malicious things with IT systems.

Peter Lees
Head of solution architecture APAC at SUSE

2025 isn’t the year to hope for the best – it’s the year to prepare for the worst. Cyber attacks have become a relentless certainty, with ransomware already accounting for 11 per cent of all cyber incidents, and with the nation’s new Cyber Security Act mandating ransomware payment disclosures within 72 hours, the stakes have never been higher. Boards now face an unenviable balancing act – pay a ransom and risk reputational, governance, and financial damage, or refuse and grapple with operational paralysis.

In response, the nation’s Cyber Security Act, the new Cyber Incident Review Board (CIRB) looks to offer a glimmer of hope. These no-blame panels promise to turn hindsight into actionable foresight, dissecting breaches to uncover lessons that could reshape how we respond to cyber threats, meaning we could see CIRB’s findings influence not just future national policy but also reshape how organisations strategise, mitigate risk, and recover.

Rik Ferguson
Vice president of security intelligence at Forescout

Nation-state actors are increasingly weaponising firmware supply chain attacks, embedding malicious code during manufacturing that bridges cyber and physical warfare.

The recent compromise of communication devices by Israel demonstrates how firmware-level threats could have real-world impact.

Traditional defences and documentation, including Software Bill of Materials (SBOMs), are more reactive, tending still to rely on implicit trust, and neglect to provide true visibility and detection of these risks and sophisticated implants.

As IoT adoption grows, supply chain risks escalate, making it imperative for organisations to secure every step of the production and distribution process.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.