Despite the escalating sophistication of AI-generated threats and the looming specter of quantum computing capable of shattering current encryption, the organisations staying ahead of the curve are those getting the fundamentals of cybersecurity hygiene right.
Recognising the escalating challenge, a significant 97% of cybersecurity professionals anticipate an increase in AI-generated attacks. However, this collective awareness also provides a powerful impetus for organisations to invest in advanced protective measures and training.
Integrity360’s latest 2025 Cyber Security Trends & Predictions Report offers a sobering but invaluable look at the threats faced (and overcome) in 2024 and provides insights into the strategic imperatives for the remainder of 2025.
The warnings of 2024 can be the learnings of 2025
The past year served as a potent reminder of cybercrime’s pervasive reach. Data from Integrity360’s internal tools and services, coupled with wider industry statistics, paints a picture that should motivate all organisations to up their games – as many are successfully doing:
- Vulnerability hotspots: A significant 50% of vulnerabilities identified by Integrity360 were of high severity, with a surprising 33% of exploit attempts targeting vulnerabilities from as far back as the 2010s. This highlights the critical importance of consistently addressing fundamental security hygiene, an area ripe for improvement and significant impact.
- The human element remains critical: Globally, 67% of successful cyberattacks stemmed from human error or phishing, with 68% of all breaches involving a human element in 2024 (ISACA Journal; Verizon). This underscores that technology alone cannot solve the problem if the human layer remains vulnerable.
- AI’s dual-edged sword: While 95% of organisations adopted AI or machine learning in their cybersecurity measures in 2024 (Gartner), 74% of IT security professionals reported a significant impact from AI-powered threats (Darktrace). The rapid advancement of AI provides both powerful defensive tools and new avenues for sophisticated attacks, with 97% of cybersecurity professionals fearing AI-generated security incidents (Deep Instinct).
- Escalating costs: The average ransom demanded in a ransomware attack reached $2.73 million – almost $1 million more than in 2023 (Varonis). Furthermore, a mere 8% of businesses who paid ransoms received all their data in return (Sophos), demonstrating that paying up is rarely a solution.
The incidents of 2024 served as a powerful reminder, underscoring the urgent need for robust, proactive security measures that empower organisations to protect their assets effectively. Major attacks included:
- February: Change Healthcare, a critical component of the US healthcare system, suffered a ransomware attack that disrupted operations for weeks. A $22 million ransom was paid, and patient data for a “substantial proportion” of Americans was exposed, highlighting the severe consequences of attacks on critical infrastructure and highly private personal details.
- May: Dell disclosed a data breach exposing information on 49 million customers, including names, physical addresses, and order details, after a threat actor exploited their partner portal.
- June: Ticketmaster’s parent company, Live Nation, confirmed a massive data breach affecting 560 million customers, with hackers demanding a $500 000 ransom. The incident, traced to a third-party cloud data warehouse, exposed names, addresses, email addresses, and even partial credit card details.
- Others: Other significant incidents included the Ascension Health system ransomware attack, a major data breach affecting 270 000 UK military personnel, and the CDK ransomware attack on the automotive software industry, which led to over $1 billion in financial losses despite a reported $25 million ransom payment. Even Transport for London experienced a cyberattack, compromising sensitive customer data for around 5 000 individuals.
The cybersecurity landscape of 2025 is defined by complexity, convergence, and the relentless pace of innovation – both defensive and offensive. Organisations can strategically overcome these challenges by shifting from a reactive posture to a proactive, integrated security strategy, which is now more paramount than ever before. Looking towards 2026, a strategic sense of urgency should propel organisations to build adaptable and resilient cyber defences.
