In 2025, organisations need to stay vigilant, leveraging and embracing modern technologies to avoid being in a worse-off position from where they started.

In 2025, cybercrime is poised to become a global economic force, costing the world an alarming US$12 trillion ($16.2 trillion). This staggering figure would rank it as the third-largest economy in the world, surpassing the GDP of Germany and Japan.

Attack surfaces will expand as businesses accelerate their digital transformation, making cyber resilience a critical survival skill.

Three key cybersecurity trends are poised to dominate in 2025: Ransomware's growing sophistication, artificial intelligence enabling more potent attacks, and geopolitical tensions driving tech bifurcation. Together, they create a complex and volatile cybersecurity landscape.

1. Rapid evolving ransomware

Ransomware continues to be a global threat as it rapidly morphs into a more devastating force. Multi-extortion ransomware which combines multiple attack tactics to coerce victims to pay ransom is set to accelerate. In a multi-layered Ransomware attack, threat actors can simultaneously:

• Exfiltrate and encrypt data
• Launch a denial-of-service (DOS) attack
• Threaten data leaks to damage reputation and cause further financial loss.

This multi-layered approach makes ransomware attacks harder to predict and defend against.

As ransomware tactics grow more sophisticated and pervasive, the risks increase exponentially. Much like a mutating flu virus, ransomware’s evolution could turn today’s challenges into a full-blown cyber pandemic, crippling industries and economies.

The recent attack on Change Healthcare in the US earlier this year serves as a stark warning. The breach resulted in the theft of 6TB of sensitive data from one in three Americans; disrupted critical services; and cost US$2.78 billion and more than eight months of recovery efforts. All this, after a US$22 million ransom in Bitcoin was paid, highlighting the high stakes and urgent need for stronger defences.

2. AI enabling threat actors

AI is rapidly transforming the cybersecurity landscape, but not just for defenders but also threat actors. AI as a tool is benefitting businesses in achieving higher productivity and efficiencies, but similarly for the threat actors, they are enabling rapid development of malicious activities and tools for exploitation.

AI enables threat actors to execute attacks with unprecedented scale, speed and sophistication, blurring the line between human-led and automated attacks, complicating detection and mitigation efforts.   

Generative AI today can:

• perform deep research and reconnaissance on targets at scale;
• accelerate malware generation and deployment;
• power social engineering attacks and crafting hyper-personalised phishing emails, messages, or calls based on social behaviour;
• generate deepfakes or alter videos to deceive and manipulate targets; and
• compromise biometric authentication schemes (visual and voice).

These capabilities create a new level of complexity for defenders, requiring organisations to leverage AI as a countermeasure to stay ahead of adversaries.

Since the proliferation of Generative AI in 2023, malicious tools like WormGPT and FraudGPT have emerged. WormGPT aids in generating phishing emails and bolstering social engineering attacks, while FraudGPT extends these efforts by creating phishing landing pages. XXXGPT has also surfaced to assist threat actors in developing initial access tools such as remote access trojans (RATs), keyloggers, trojans and infostealers. Supported by thriving marketplaces in the deep and dark web (DDW), these tools contribute to an ever-expanding ecosystem that will continue to grow the capabilities further into the future.

Furthermore, as more organisations and users experiment and begin using generative AI for productivity and business applications, the contribution of business information into these services allows for deep contextualisation of the organisation and its business activities.

Threat actors are now focusing on compromising generative AI services to access this information, supporting their reconnaissance and target research. Adversarial AI techniques such as prompt injections and model poisoning are being used to manipulate models into leaking sensitive data or generating malicious outputs. One example was when Samsung’s semiconductor business employees inadvertently leaked sensitive business information while using ChatGPT.

3. Geopolitics and the Fractured Digital Landscape

From escalating conflicts in the Middle East to Europe, the digital battlefield is becoming as critical as the physical one.

State-sponsored cyber-attack campaigns are increasingly involving organised crime groups, hacktivists, professional associations and lone wolves. This worrying trend is making the difficult task of attributing the threat actor and even more challenging one, as the mastermind hides behind the veil of the conscripted or paid proxies. Such arrangements are also emboldening hacktivist groups to become mercenaries for hire – organised crime groups – strengthening their ability to organise and gain capabilities for damage to their victims.

More significantly, rapidly developing trade policies focussing on in-territory manufacturing and near-shoring, are accelerating the division of global technology ecosystems. This “tech bifurcation” - the western technology stack vs. the developing eastern technology stack - is straining global supply chains and reshaping the digital economy.

This is happening because the West is bolstering its technological resilience by restricting or even banning exports of high-tech equipment, exemplified by the sanctions on semiconductors and chip-making equipment, to China and its allies. In response, the Eastern bloc is ramping up domestic capabilities and fostering technological independence. Economic decoupling is driving American manufacturers to shift production out of China, further complicating supply chains.

As distinct digital ecosystems emerge, the principle of mutual assured destruction in the cyber realm begins to erode. In a shared digital infrastructure, nations are hesitant to launch cyberattacks for fear of collateral damage to their own systems. However, a fragmented digital world may embolden state-sponsored cyberattacks, targeting isolated systems with less concern for unintended consequences.

A prominent example is the SolarWinds cyberattack discovered in late 2020. State-sponsored actors infiltrated the supply chain by compromising the SolarWinds Orion software, widely used by governments and corporations worldwide. This allowed attackers to access sensitive networks across various sectors, including critical infrastructure and national security agencies. The breach not only exposed vast amounts of confidential data but also heightened tensions between nations, illustrating how geopolitical rivalries can manifest in cyberspace and exploit the fractured digital landscape.

Beyond traditional threats

Projections suggest that by 2030, there will be over 32 billion IoT devices be in use in areas like smart grids and transportation systems. While these devices enhance efficiency, they also expand attack surfaces. Compromised IoT devices can be employed as botnets, providing critical computing resources, which are exploited to amplify and obfuscate cyberattacks, adding another layer of complexity to cybersecurity.

Quantum computing looms as another disruptor. While traditional encryption relies on problems that classical computers solve slowly, quantum computing can break them almost instantly. Threat actors are already adopting a “harvest now, decrypt later” strategy, stealing encrypted data today to decrypt it when quantum technology matures.

A proactive approach to cybersecurity

To effectively combat the escalating cyber threat landscape, organisations must adopt a multi-faceted approach that prioritises resilience, AI-enabled defences, supply chain security, and collaborative efforts.

• Cyber resiliency: Building a resilient organisation requires a proactive approach to cybersecurity. Regular security assessments are vital to identifying vulnerabilities and addressing weaknesses before they can be exploited. Equally important is the implementation of robust incident response plans to minimise the impact of potential attacks and expedite recovery efforts, coupled by regular exercises to validate and bolster confidence and capacity building. Ongoing employee education in cybersecurity best practices is essential, as it reduces the risk of human error—a common entry point for cyber threats.
   
• AI-enabled defence: AI-enabled systems can process and analyse vast amounts of data to detect and respond to threats in real-time, going beyond what is humanly possible. Predictive analytics enables organisations to uncover obscure patterns in historical data, providing early warnings of potential attacks.
  
  Moreover, AI-driven solutions continuously adapt to evolving threats, ensuring that defences stay dynamic and effective in the face of an ever-changing cyber landscape. When coupled with automation, AI-enabled systems scale up the capacity and reach the effects of cyber defence can produce leveraging the existing personnel pool, which are naturally constrained by experience and knowledge.
   
• Supply chains: Organisations must prioritise extending their security measures across their entire supply chains to address potential vulnerabilities. This begins with having a complete inventory of entities in the supply chain, and thoroughly evaluating vendors and suppliers to ensure their security practices align with the business risk appetite.
  
  Gaining deeper visibility into supply chain operations is equally critical for identifying and addressing weak points before they become exploitable. Additionally, implementing secure communication channels safeguard sensitive data shared with suppliers, reducing the risk of breaches and reinforcing trust throughout the supply chain ecosystem.
   
• Collaboration: Fostering strong collaboration between industry and government is crucial in the fight against cyber threats. Sharing threat intelligence ensures organisations stay ahead of emerging risks, enabling faster and more effective responses.
  
  Joint initiatives with research agencies, universities and organisations can drive the creation of innovative security solutions tailored to address emerging threats. Engaging policymakers will ensure robust cybersecurity regulations that balance security needs with operational realities, promoting a safer digital landscape.

Conclusion

In 2025, organisations need to stay vigilant, leveraging and embracing modern technologies to avoid being in a worse-off position from where they started. Ransomware will surge ahead; AI will be exploited by threat actors to perpetuate crimes and geopolitics, and tech bifurcation can worsen a fragmented supply chain.

Organisations must understand this landscape and assemble the measures elaborated here to create a strong foundation for long-term resilience in an increasingly complex digital landscape.

Teo Xiang Zheng, VP of Advisory at Ensign InfoSecurity