Full Report
TechRepublic asked cyber experts to predict the top trends that will impact the security field in 2025.
Analysis Summary
# Industry News: Forecasters Predict Escalating Cyber Threats and Shifting Risk Focus for 2025
## Summary
Cybersecurity experts anticipate a significant escalation in cyberattacks in 2025, driven by surging ransomware attempts and the lowering barrier to entry provided by generative AI. Consequently, the industry is bracing for a crucial focus shift toward rigorous third-party risk management—especially concerning the AI software supply chain—while anticipating increased targeting of macOS platforms and critical infrastructure entities failing to meet new regulatory compliance deadlines.
## Key Details
- **Date:** Predictions cover the outlook for 2025, reacting to 2024 trends.
- **Companies Involved:** Microsoft, CrowdStrike, Optiv, Forrester, Moonlock, Vectra AI, and others quoted as industry experts.
- **Category:** Market analysis and trend prediction.
## The Story
The cybersecurity landscape is deteriorating, marked by significant increases in ransomware and global cyberattacks compared to previous years. Experts predict five key trends for 2025. Foremost is an intense focus on **third-party risk management (TPRM)**, particularly vetting the **AI software supply chain**, following high-profile outages like the CrowdStrike incident. This scrutiny stems from concerns over AI-generated code introducing vulnerabilities and potential regulatory bans on certain third-party software. Other major predictions include a surge in **macOS targeting**, increased **threats against Critical National Infrastructure (CNI)** due to lags in NIS2 compliance, and the proliferation of highly personalized, **AI-enhanced social engineering attacks** targeting specific executives. The overarching theme is that the skills gap remains wide while the complexity and volume of threats increase.
## Business Impact
### For the Companies Involved
- Companies leveraging generative AI in development (like Zibtek’s CEO noted) face pressure to implement entirely new layers of vigilance to vet training data and models, adding overheads to development cycles.
- Security and advisory firms (like Optiv and Quorum Cyber) will see increased demand for auditing, governance, risk, and compliance (GRC) maturity, and AI skill-based security tooling.
### For Competitors
- Security vendors offering enhanced TPRM, AI model auditing, or zero-trust architecture solutions targeting supply chains are positioned for growth.
- Competitors whose solutions proved resilient against recent supply chain attacks may gain market share based on demonstrated reliability.
### For Customers
- End-users will face heightened awareness requirements regarding social engineering, as AI-impersonation attacks become more sophisticated.
- Organizations will experience increased security assurance requirements from business partners and vendors regarding their own digital supply chains.
### For the Market
- The market will see a tangible shift in security spending prioritization towards supply chain monitoring, GRC maturity, and specialized endpoint protection (like Mac security tools).
- Regulatory bodies are expected to become more aggressive, with potential software bans looming, fundamentally altering procurement strategies.
## Technical Implications
The focus on the AI software supply chain implies a need for advanced technical scrutiny beyond traditional code scanning. This includes **data poisoning detection**, **adversarial tampering analysis** on AI training sets, and deploying zero-trust verification *at stages of access* when interacting with external partners. Furthermore, the predicted rise in Mac-based attacks suggests security teams must bolster endpoint detection and response (EDR) capabilities on macOS environments, differentiating them from traditional Windows-centric defenses.
## Strategic Analysis
- **Market Positioning:** The market is shifting from generalized defenses to deep, verifiable compliance and risk management across the entire operational stack, especially concerning non-human dependencies (AI models).
- **Competitive Advantage:** Firms that can offer verifiable, automated methods for auditing AI models and third-party components securely will gain a significant strategic edge over legacy GRC providers.
- **Challenges:** The major challenge is the severe global skills gap, particularly in AI security, which will hinder organizations' ability to implement the complex oversight now deemed necessary. Poor regulatory adherence (e.g., NIS2) by CNI firms creates easily exploitable, high-value targets.
## Industry Reactions
- **Analyst Opinions:** Forrester analysts predict governments may proactively ban specific third-party software in 2025 due to systemic risk exposure.
- **Expert Commentary:** Security leaders are seriously contemplating banning the internal use of AI tools in software development due to the introduced complexity and risk, indicating a moment of strategic hesitation regarding rapid AI adoption.
- **Market Response:** Increased spending is expected in compliance automation and supply chain relationship management tools to handle growing regulatory and operational scrutiny.
## Future Outlook
- **Predictions and expectations:** Expect a greater number of regulatory actions and potential bans targeting risky third-party software components. Supply chain breaches will evolve to target the AI models themselves, not just the code they produce.
- **What to watch for:** The speed and effectiveness of CNI firms in meeting NIS2 deadlines, and whether security budgets will increase enough to close the AI skills gap necessary to secure modern development pipelines.
## For Security Professionals
Security practitioners must immediately prioritize upskilling in AI security analysis, zero-trust implementation for external access, and advanced threat detection for macOS environments. A significant management focus will be placed on maturing GRC programs to effectively govern and monitor third-party software and AI dependencies.