The next generation of cyber threats for 2025

Watch more of our videos on ShotsTV.com 
and on Freeview 262 or Freely 565
Visit Shots! now
Founder of Wakefield-based tech firm explains how businesses can prepare for unknown risks?

In 2024, cyber security breaches and attacks were a significant issue for UK businesses, with approximately 50% of organisations reporting incidents. Government data reveals that 58% of small businesses, 70% of medium-sized businesses, and 74% of large businesses experienced cyber threats.

The cybersecurity landscape is set to become even more treacherous in 2025. Attackers are increasingly leveraging AI to enhance their methods, using automation to explore new weaknesses, and crafting personalised phishing campaigns to exploit vulnerabilities more effectively.

Hide Ad
Hide Ad

Ransomware-as-a-Service (RaaS) has also lowered the barrier for entry, allowing even inexperienced attackers to execute sophisticated attacks.

Cybercriminals are evolving at an alarming pace say tech firm founder, David RitchieCybercriminals are evolving at an alarming pace say tech firm founder, David Ritchie
Cybercriminals are evolving at an alarming pace say tech firm founder, David Ritchie

Additionally, the growing reliance on cloud technology expands the potential entry points for malicious actors, while a blend of cyber and physical threats poses new risks to critical supply chains. Alarmingly, geopolitical tensions are also escalating state-sponsored hacking efforts, amplifying the scale and complexity of attacks.

David Ritchie, Director and Co-founder of bespoke software development company Propel Tech, based in Wakefield, comments: "Cybercriminals are evolving at an alarming pace, employing tools like AI and ransomware-as-a-service to outmanoeuvre even the most robust defences. For businesses, cyber security insurance is no longer optional—it’s essential. But securing a policy requires more than a premium payment; businesses must demonstrate a solid security infrastructure, which can be a challenge in itself."

While cyber security insurance offers financial protection against attacks, insurers are increasingly stringent about policy requirements. Propel Tech advises businesses to take concrete steps to qualify, such as achieving Cyber Essentials Plus certification to establish baseline security standards.

Hide Ad
Hide Ad

Strengthening IT infrastructure is another critical measure, including securing servers, implementing multi-factor authentication, and ensuring regular software patching. Monitoring and response tools are also essential to identify and neutralise threats in real-time.

Attackers are increasingly leveraging AI to enhance their methodsAttackers are increasingly leveraging AI to enhance their methods
Attackers are increasingly leveraging AI to enhance their methods

Cyber insurance doesn’t just protect a business’s finances; it pushes them to adopt stronger security practices, ultimately building trust with clients and partners. Steps companies can take to strengthen their defences against a new breed of cyber security threats for 2025 include:

AI-enhanced attacks

AI-driven email security systems can analyse behavioural patterns and detect phishing attempts with high accuracy. Regular employee training is also essential to empower staff to recognise these tailored threats. Additionally, organisations should implement Zero Trust Architecture (ZTA), which ensures no device or user is trusted by default, requiring continuous verification for access to sensitive systems.

Ransomware-as-a-service

Businesses should prioritise maintaining secure and frequent backups of critical data, including offline copies, to mitigate the impact of ransomware attacks. Advanced endpoint detection and response (EDR) solutions can identify and neutralise unusual behaviours linked to ransomware activity. Furthermore, adopting a principle of least privilege by limiting user access to sensitive data and systems can significantly reduce the risk of damage caused by compromised credentials.

Cloud vulnerabilities

Hide Ad
Hide Ad

Regular audits of cloud setups can help businesses adhere to security best practices, such as ensuring storage buckets are not publicly accessible. Encrypting data in transit and at rest offers additional protection in the event of a breach. Given that APIs are a common attack vector in cloud environments, their security must be a priority, with regular monitoring and implementation of stringent access controls.

Blended threats

Physical and cyber security teams should collaborate to identify and address overlapping vulnerabilities, especially in operational technology (OT) environments. Internet of Things (IoT) devices, often integral to supply chains, require robust security protocols, including firmware updates and network segmentation. Strengthening supply chain security also involves conducting thorough assessments of vendors and ensuring that third parties adhere to strict cybersecurity standards.

Geopolitical drivers

Threat intelligence sharing through industry-specific groups, such as Information Sharing and Analysis Centres (ISACs), enables organisations to stay ahead of emerging threats. Developing and regularly updating incident response plans ensures that businesses can swiftly respond to cyber or geopolitical crises. Resilience testing, including penetration testing and simulated attacks, can help identify and address potential weaknesses before they are exploited.

General best practices

Regular software and hardware updates ensure that vulnerabilities are minimised. Furthermore, aligning with recognised cybersecurity frameworks and regulations, such as GDPR or ISO 27001, helps establish comprehensive defences while fostering trust with clients and partners.

Related topics:
News you can trust since 1852
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice