Supply chain long-cons may become the norm in 2025, as threat actors increasingly adopt long-term infiltration strategies, targeting lesser-known software dependencies to exploit vulnerabilities while maintaining a façade of legitimacy. This is amongst the trends forecast to dominate in the new year.

Amongst its cyber risk predictions for 2025, cyber security provider, WatchGuard Technologies, also flags the increasing sophistication of AI-driven attacks, and the need for innovative defences in operational technology.

“This year, we’ve noted how cyber criminals are becoming increasingly adept at leveraging advanced technologies to launch innovative attacks,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “In 2025, the cyber security landscape will demand a proactive, unified approach to defend against threats that are not only growing in complexity, but also becoming more accessible to bad actors through automation and AI advancements.”

Cyber security predictions for 2025 (Source: WatchGuard)

The rise of multimodal AI in cyber crime: Multimodal AI systems capable of integrating text, images, voice and code will enable attackers to automate the entire cyber attack chain, from profiling targets and crafting phishing campaigns to deploying malware and exfiltrating stolen data.

Operational technology relies on AI defences: The convergence of OT and IT systems will drive cyber security teams to deploy AI-powered anomaly detection to protect critical infrastructure and reduce dependency on complex, protocol-specific defensive measures.

CISO burnout: With growing regulatory pressures and personal accountability, the role of the CISO will face increased challenges, potentially widening the cyber security skills gap.

Law enforcement makes meaningful gains: Enhanced collaboration between intelligence agencies, law enforcement and private organisations will disrupt threat actors, increasing the cost and difficulty of executing cyber attacks.

Exploiting GenAI disillusionment: As GenAI enters a phase of scepticism, bolstered by the use of video and audio deep fakes and numerous highly publicised gaffes, cyber criminals will exploit underestimated advancements in AI, combining them with other tactics to deceive organisations and consumers.


Image: The National Cyber Security Centre, which leads on cyber security in the UK, is a part of GCHQ (pictured).

---