Cybersecurity has been at or near the top of business risk registers for several years. And this will continue into 2025 as the risks escalate. With AI now a mainstream tool, threat actors across the world are leveraging it to create better-targeted attacks that are harder to detect.

Tesserent predicts that in 2025 social engineering attacks will escalate, fueled by AI, which will also be leveraged to step up attacks on critical infrastructure.

Social engineering will remain cybercriminals most potent weapon in 2025 and beyond. AI provides cybercriminals with the tools to quickly and convincingly craft phishing emails that can dupe everyone, from members of your executive team to customers, into clicking a link that leads them to an extremely well-crafted website or service designed to steal personal information, user credentials or money.

Social engineering is a key attack vector businesses need to watch out for in 2025. Our team of 500 cybersecurity experts predicts that people-based attacks, rather than technology-driven cyberattacks, will feature in 2025.

Upping the ante

Cybercrime has always been a numbers game. Cybercriminals know that if they send thousands of fraudulent messages out, they only need a fraction to succeed to deliver a return on investment.

AI and new automation tools have become a powerful force multiplier for threat actors. The number of AI-based tools for cybercriminals will increase in 2025 and drop in price on the dark web, further democratizing the use of this technology by threat actors and removing the need for cyberattackers to have strong technical skills that until now have remained a barrier.

Attackers in 2025 will continue to target critical infrastructure assets. Leveraging AI, cybercriminals will create more malware faster than ever before was possible, making it harder to detect.

Threat actors may also look for new ways to compromise critical infrastructure for profit. New AI tools will reduce the technical hurdles for criminals and make it easier for them to launch attacks with limited technical knowledge.

A new defense

While AI is becoming a powerful offensive tool for attackers, it also provides organizations with new defensive capabilities. AI will continue to advance as a core element of data analysis, threat monitoring and orchestrated and automated response as part of an organization’s security program throughout 2025.

Security teams will increasingly leverage AI to help them protect, defend and fight back in an escalating threat environment. AI tools will also become critical in security exercises such as penetration testing and red/blue teaming, where offensive and defensive security teams probe systems to detect vulnerabilities and test their defensive response.

AI is already being used in defending technologies such as Security Incident and Event Management systems to identify threats based on patterns. This will continue in the coming year.

With the shortage of skilled cybersecurity practitioners expected to continue, AI can help companies globally detect incidents and respond faster. However, this will require investment to provide education and training so security teams can deploy these new tools to their full capability.

Tesserent expects that Australian businesses will continue to find it difficult to retain cybersecurity talent in an increasingly competitive environment. More private sector enterprises will continue or look to outsource as a result.

While AI and the skills shortage will be key drivers for cybersecurity teams in 2025, it is important to remain focused on tried-and-true preventative measures.

Using multi-factor authentication and managing access and privileges, keeping systems updated, maintaining and testing backup processes regular user education remain critical to minimizing the risk of cyberattack and reducing the blast radius should an attacker gain access to your systems.

Opinions expressed by The CEO Magazine contributors are their own.