What Are The Top Cybersecurity Challenges In 2025?

March 17, 2025  |  Mark Hillary

The technology journal TechTarget recently released an excellent summary of the top cybersecurity challenges in 2025 as a part of their Tech Accelerator series of business guides. This is a really useful summary of the top seven issues that managers need to be aware of this year and the guide features explanations of key issues – so it can be shared beyond the security team and into general management.

You can follow the link to read the original guide from TechTarget, but here is my take on what I see as the most important of the challenges they focus on.

Ransomware

Sophos’ “The State of Ransomware 2024 found that 59% of organizations experienced a ransomware attack in the last year, 70% of which resulted in data encryption. This is where the attackers encrypt all the data within the organization, so it becomes impossible to use without the ability to reverse the encryption process. Importantly, this figure is 98% when government departments are attacked.

I faced this issue myself at the end of 2021. I had not visited my family back in the UK throughout the Covid pandemic and I had booked a trip to London in December 2021. I needed to prove my Covid vaccination status to board the British Airways flight, but my certificate was in Portuguese – not English.

When I tried accessing the app containing vaccination records – so I could get the certificate in English – I found it was impossible to login. The Brazilian ministry of health had all their systems hacked so no online health services were available – it was a ransomware attack.

I saw many other travelers affected that day – I had no choice but to cancel my entire vacation. Citizens with more important health needs were affected in more acute ways, but my own experience showed that ransomware can cause chaos for millions of people.

The skills gap and finding staff

The most recent “ISC2 Cybersecurity Workforce Study” found that the current cybersecurity workforce numbers nearly 5.5 million people, but the industry needs an additional almost 4.8 million people to properly protect and defend today’s organizations.

What is most interesting from this research on finding skills is that everyone agrees that more security skills are needed, but 33% of executives say that they just can’t find people and 39% say that their budget prevents them from hiring.

AI can clearly perform many new proactive roles in security, but it cannot replace the skilled professionals who manage how the AI-powered security systems operate.

Working with trusted security suppliers is likely to be the best possible strategy if increased budgets and skills are hard to find.

AI-enabled attacks

Companies across the world are now using AI — in particular Generative AI. A June 2024 Bain & Company survey, said that 90% of organizations said they had piloted or deployed Gen AI already.

But AI is enabling a tsunami of phishing attempts. Where the cybercriminals previously had to create believable messages and text, now they can use AI to create this – with the text created using a specific corporate style or language. AI is a phishing factory.

AI also allows bad actors to create deepfake audio, video, and images that can affect corporate reputation – and share prices. Often it is not enough to issue a corrective statement once a deepfake has been viewed many millions of times. Deepfakes can lead to misinformation campaigns, blackmail, reputational damage, election interference, fraud and more.

The TechTarget report goes on to talk about many other issues. One of the ones to watch for the future is quantum computing. Microsoft has just announced a new quantum chip that they suggest will normalize quantum computing inside the next few years – not decades as we previously thought was the case. TechTarget even suggests a timeframe of a decade, so this is changing fast.

As the TechTarget summary says: “Quantum computers pose a risk to traditional encryption, rendering tried-and-true algorithms, including RSA, useless and making sensitive data vulnerable to decryption by nefarious actors. Many are worried that attackers will exfiltrate encrypted data now and save it to decrypt once quantum computers are available.”

Prime Target on Apple TV is a very recent dramatization of why this could be so important to everyday life – all the data security and encryption we take for granted today may be useless in a world where quantum computing is easily available.

Overall, the cybersecurity landscape for 2025 presents significant challenges, particularly around AI security, ransomware, supply chain threats, and quantum risks. Businesses must adopt proactive cybersecurity strategies, invest in workforce development, and strengthen AI governance to stay ahead of evolving threats. By addressing these challenges now, enterprises can build a resilient security posture for the future.

In 2025, it will pay to be proactive about cybersecurity.

For examples of IBA expertise in cybersecurity, including penetration testing and cloud security, please click here. Follow IBA Group on LinkedIn for regular updates and comment.

March 11, 2025
Mark Hillary Interviews Sergei Levteev on AI and Business Innovation
Mark Hillary Continue Reading
March 19, 2025
Building a Technology-Forward Company Culture
Kirill Degtiarenko Continue Reading
Blog

    Access full story Leave your corporate email to get a file.
    Yes

      Subscribe A bank transforms the way they work and reach
      Yes