What cyberland could see in 2025
Add Axios as your preferred source to
see more of our stories on Google.
Codebook readers spent the last couple of weeks looking into a crystal ball and sending me their predictions for 2025.
- Here's what you're all anticipating:
🤖 AI and security
"I expect we'll see a continued increase in very advanced levels of cross-account attacks thanks to AI-driven credential compromising. As new AI-powered attacks emerge, traditional security-awareness training programs are quickly becoming obsolete." —Dror Liwer, co-founder of Coro
"In 2025, we'll adopt the 'trust nothing, verify everything' mindset, as AI will impersonate everyone from public figures, personal contacts, even ourselves at a record rate." —Andre Durand, CEO and founder of Ping Identity
"In 2025, enterprises will truly see the scope of 'shadow AI' — that is, unsanctioned AI models used by staff that aren't properly governed." —Akiba Saeedi, vice president of product management at IBM Security
"Cybersecurity entrepreneurs, including those still in stealth, are already developing the next wave of AI innovation through AI agents, making this an emerging space that global VCs should closely monitor for early-stage opportunities." —Ofer Schreiber, senior partner, YL Ventures
⚠️ Cyber threats
"Beyond the 'AI hype train,' it's the more overlooked threats that will unleash the most devastating impacts. We continue to see organizations suffering from massive ransomware and supply chain attacks year after year — and 2025 will be no different." —Kevin Breen, senior director of threat research at Immersive Labs
"The reality is that attack types like ransomware and social engineering will continue to dominate the threat landscape because, unfortunately, bad actors have seen success with them in the past." —Dan Schiappa, chief product and services officer at Arctic Wolf
đź”’ Data privacy
"As concerns over privacy and surveillance grow, a broader segment of nontechnical users will prioritize secure messaging and email platforms to safeguard personal communications from both domestic and foreign monitoring. This shift will be further driven by media narratives, government policies, and the strategic direction of the incoming White House administration." —Tom Hegel, principal threat researcher at SentinelLabs
"By 2025, data protection strategies will shift from solely securing data at rest or in transit to securing data in use. ... Incident response will move from annual table-top exercises to continuous testing through simulated attack platforms, enabling organizations to measure readiness in real time." —Adam Khan, vice president of global security operations at Barracuda
đź’ˇ Everything else
"Expect heightened regulatory pressure across industries, with a laser focus on supply chain resilience and compliance standards." —Feyza Haskaraman, principal at Menlo Ventures
"The proliferation of AI productivity tools will further accelerate investment in cybersecurity infrastructure as enterprises work to manage the new risks and complexities these tools introduce." —Casber Wang, partner at Sapphire Ventures
"With economic uncertainty persisting, organizations will focus on stretching their IT budgets while maintaining robust security. Repurposing existing hardware will gain traction as a sustainable and cost-effective strategy." —Carl Gersh, senior vice president of global marketing at IGEL
