As we unveil the third edition of Information Security Buzz’s 2025 predictions, we are thrilled by the incredible response. In this installment, we dive even deeper into the evolving cybersecurity landscape, where advancements in AI, quantum computing, and cloud technologies intersect with growing vulnerabilities and escalating threats. With insights from industry leaders, this edition delivers a comprehensive look at what’s next for security professionals and businesses worldwide.
These 2025 predictions explore critical challenges such as the mass deployment of unsecured AI tools, the urgent need for post-quantum cryptography, and the intensifying focus on SaaS vulnerabilities and insider threats. From nation-state actors targeting critical infrastructure to the expanding influence of cyber risk quantification in business decisions, these insights aim to prepare organizations for what lies ahead. Thanks to everyone who contributed to this journey to stay ahead of the curve in cybersecurity.
Karl Holmqvist, Founder and CEO of Lastwall
“The unchecked, mass deployment of AI tools—which are often rolled out without robust security foundations—will lead to severe consequences in 2025.”
Lacking adequate privacy measures and security frameworks, these systems will become prime targets for breaches and manipulation. This “Wild West” approach to AI deployment will leave data and decision-making systems dangerously exposed, pushing organizations to urgently prioritize foundational security controls, transparent AI frameworks, and continuous monitoring to mitigate these escalating risks.
We can also expect the intensifying threat of “Steal-Now, Decrypt-Later” attacks will force organizations to accelerate the adoption of post-quantum cryptography (PQC). With quantum computing advancements making traditional encryption methods increasingly vulnerable, adversaries are actively stockpiling encrypted data today to decrypt it with future quantum capabilities. The recent standardization of FIPS-203 in August 2024 enables organizations to legally deploy proven PQC algorithms like ML-KEM, pushing CISOs to establish comprehensive cryptographic asset registers and proactively overhaul encryption strategies. Without immediate action to secure high-value assets, organizations face a growing risk of quantum-enabled breaches, threatening not just data but national security and global stability.
Cyberattacks on critical infrastructure will intensify, targeting sectors such as energy grids, water supply systems, and communication networks. Driven by a range of factors, including geopolitical tensions, these attacks will disrupt essential services and erode public trust. Governments and private sectors will be forced to fortify their detection systems, enhance threat intelligence sharing, and take proactive measures to defend against increasingly sophisticated and coordinated threats, including those from nation-states.
Garry Hibberd, The Professor of Communicating Cyber at ConsultantsLikeUs
“AI is everywhere (already) and will play a role for both protagonist and antagonist alike. It will (and is) be used to improve detection of malware, and vulnerabilities in our networks, but our adversaries will also use these same tools to find vulnerabilities in our technical infrastructure and people.”
As businesses, we look to automate everything we do, and this is true of cybercriminals, too (this shouldn’t come as any surprise to us). AI being used to create deep-fake images and voices is something we’re going to see increasingly used by cybercriminals, as well as in business. For example, call centers will replace dull IVR systems (“Press 1 for Sales. 2 for Reception” and suchlike) with AI-enabled chatbots that can provide assistance to callers without the need to speak to a real human. I also predict an increase in supply chain security risk assessments, and organizations are going to need to find ways to evidence that they are handling data more securely than they have previously. You could say this is an extension of the ‘zero trust’ model, and perhaps it is. However, our reliance on outsourced services (including Cloud) is a weak link that we need to focus on.
Jake Williams, Faculty, IANS Research & VP of R&D at Hunter Strategy
“We’ve already seen multiple threat actors targeting networking devices to gain access to networks. While this isn’t exactly unprecedented, we can expect the scope and scale of these efforts to increase as threat actors encounter more difficulty maintaining operations with EDR software.”
Advanced threat actors, primarily nation-state threat actors, are likely to focus more on targeting network devices, specifically routers and firewalls. While threat actors continue to struggle to stay ahead of endpoint detection and response (EDR) software on endpoints, similar monitoring software can’t be installed on network devices.
It’s also worth noting that the number of compromised network devices is almost certainly underreported today. The vast majority of organizations lack a dedicated threat-hunting program for compromised network devices. Very few have the telemetry needed to perform such threat hunts, and even fewer know what to look for. All of this creates a perfect storm for threat actors targeting network devices. Finally, threat actors may target network devices for their lawful intercept capabilities or to disrupt operations in a destructive cyberattack. Some evidence of such prepositioning was seen with Salt Typhoon in 2024, doubtless a sign of more to come.
Geroge Gerchow, Faculty, IANS Research & Interim CISO/Head of Trust at MongoDB
“The shared responsibility model in cloud security is breaking down, which will push cloud providers to enforce mandatory MFA for all customers. Rising supply chain attacks and multi-cloud complexities demand tighter collaboration between security teams and cloud-savvy developers. This shift will spark a critical push for both providers and customers to elevate security standards in an increasingly volatile landscape.”
Nation-state actors will increasingly exploit AI-generated identities to infiltrate organizations: An emerging insider threat gaining traction over the past six months, these sophisticated operatives bypass traditional background checks using stolen US credentials and fake LinkedIn profiles to secure multiple roles within targeted companies. Once inside, they deploy covert software and reroute hardware to siphon sensitive data directly to hostile nations. The FBI confirmed that 300 companies unknowingly hired these imposters for over 60 positions, exposing critical flaws in hiring practices. Traditional background checks can’t catch this level of deception, and HR teams lack the tools to identify these threats. This escalating risk demands stronger identity verification and fraud detection—ignoring it leaves organizations vulnerable to catastrophic breaches. This isn’t just an attack trend; it’s a wake-up call.
AI blurs the lines between novice and expert: Much has been said about AI’s risks, but a critical element often overlooked is how it’s empowering previously marginalized threat actors. Newcomers—known as “script kiddies”—are leveraging AI-driven automation and sophisticated deepfakes to rapidly escalate their capabilities. Less-experienced hackers now have the means to execute complex and damaging cyberattacks with unprecedented ease. Scaling up defenses against these AI-powered adversaries will be crucial. Organizations must adopt AI-enhanced security strategies and deploy internal and external AI bots to automate key functions like audits and incident response.
Bruno Kurtic, Co-Founder, President, & CEO of Bedrock Security
“As data volumes surge, scalable solutions will be essential to handle diverse datasets. This focus on visibility, classification, and access control will drive new data platforms, advancing AI data governance and mitigating security risks.”
By 2025, increasing security risks and AI regulations on data handling will push organizations to enhance data visibility, classification, and governance. With agentic AI systems becoming integral to operations, companies will need full insight into data assets to use them responsibly, emphasizing data sensitivity classification to avoid exposing confidential or personal information during AI training.
A standard practice will emerge: creating a data bill of materials (DBOM) for AI datasets. DBOMs will detail the origin, lineage, composition, and sensitivity of data, ensuring only appropriate data trains AI models. Strict entitlements will limit access, allowing only authorized users to manage sensitive data, thereby reducing accidental or malicious exposures.
Eric Knapp, CTO of OT at OPSWAT
“The question for next year is whether organizations are prepared to invest in a comprehensive, layered approach. Historically, the industry has tended to focus on a single “technology du jour,” but indications suggest that 2025 may bring a more balanced approach.”
In 2025, there is an expectation of increased adoption of both secure cloud controls and OT-specific pathways as organizations manage their cloud connections. Investment in proper controls will be crucial to achieving the asset and connection visibility many organizations are striving for.
Securing the shift to cloud for ICS/OT systems will demand new approaches to tackle cyber risks and the expanding skills gap: The 2024 SANS ICS/OT Cybersecurity Report revealed a surge in cloud adoption for ICS/OT applications, with 26% of organizations now leveraging cloud solutions—a 15% increase from previous years. This shift brings greater flexibility and scalability but also exposes these critical systems to new cyber risks. With more organizations leveraging the cloud, robust network security controls at the perimeter are essential. To ensure secure communication, devices that regularly interact with cloud services should ideally be channeled through data diodes, allowing safe, one-way data transfer. However, many sites also require remote access into OT environments for maintenance, upgrades, and similar tasks, calling for separate, secure pathways tailored to specific OT functions and restricted to authorized personnel only.
Ariel Parnes, Co-Founder at COO of Mitiga
“The lethal combination of AI-powered attacks and SaaS vulnerabilities will redefine the threat landscape. In 2025, two critical trends will converge to create a perfect storm and reshape the threat landscape: the growing availability of generative AI for cyber criminals and the rapid adoption of SaaS applications.”
Generative AI, with its ability to craft sophisticated, context-aware content, will empower threat actors to automatically scan SaaS environments, find vulnerabilities, and launch precise, rapid attacks. The barriers to creating adaptive phishing campaigns or exploiting SaaS misconfigurations will drop, enabling even less-skilled hackers to conduct highly targeted attacks. AI will also help attackers evade detection by continually modifying their techniques.
Meanwhile, organizations are adopting more SaaS applications, creating sprawling, interconnected environments, and introducing new security challenges. Many organizations lack visibility into their SaaS ecosystems, making it difficult to monitor user behavior, detect threats, and enforce security policies consistently across applications. Traditional security tools are ill-equipped to protect the decentralized and dynamic nature of SaaS platforms. As business functions shift to the cloud, this gap in SaaS visibility and detection will remain a significant weakness for cybercriminals to exploit.
Without real-time monitoring and detection, organizations will be at a disadvantage. To counter these threats, companies must close the SaaS visibility gap by investing in advanced security tools specifically designed for cloud environments. These tools must leverage AI to keep pace with evolving threats, focusing on real-time detection, anomaly identification, and continuous monitoring across all SaaS applications.
Scott Kannry, Co-Founder and CEO of Axio
“The need for cyber risk quantification (CRQ) is rapidly moving beyond security teams, making usability the #1 requirement for CRQ solutions. Cybersecurity management has expanded beyond the sole domain of security teams and is increasingly influenced by business leaders and non-technical stakeholders, both inside and outside the organization.”
To be effective, CRQ solutions must be user-friendly, business-focused tools that inform decisions by internal leaders across all departments while facilitating collaboration with external partners through shared, business-oriented risk language. Robust risk quantification will drive tech stack decisions. Risk quantification will play an increasingly critical role in guiding decisions around a) the adoption of new technologies and b) the cost and benefits of maintaining legacy systems.
This CRQ-centered approach ensures that companies’ tech stacks more precisely align with their risk tolerance and resilience strategies. The traditional CISO role will continue to evolve (and even split into two roles in some businesses). As enterprises navigate an evolving global patchwork of regulations, the scope of the CISO has expanded beyond the traditional purview of overseeing data & information security to new areas like compliance management and boardroom disclosure.
Some CISOs will have adapted to—and thrived within—this expanded role. Many companies, however, will opt to split security leadership duties between a technically focused lead and a business/regulatory-focused one.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
