Cyber risks in 2025 demand AI governance & resilience

The outlook for cybersecurity in 2025 is characterised by increased regulatory demands and technological challenges as organisations strive to safeguard themselves against advancing threats.

Luke Dash, Chief Executive Officer of ISMS.online, has identified a comprehensive need for AI governance in the forthcoming year. "In 2025, businesses will face escalating demands for AI governance and compliance, with frameworks like the EU AI Act setting the pace for global standards," he said. He further emphasised the importance of compliance with emerging standards such as ISO 42001, advocating for thorough frameworks to manage AI risks and ethical practices. Dash highlighted the regulatory pressures that will compel organisations to maintain ethical and secure AI operations, especially in sensitive sectors.

In terms of cyber resilience, Dash predicts a strategic shift in priorities. "In 2025, cyber resilience will emerge as a core business strategy, as companies shift from merely defending against threats to ensuring continuity and swift recovery," he stated. With the expansion of frameworks like ISO 27001 and the introduction of stricter regulations such as NIS 2, businesses will be focusing on disaster recovery and operational continuity to enhance their resilience in the face of cyber incidents.

The changing landscape of cybersecurity insurance is also highlighted by Dash, who notes, "In 2025, cybersecurity insurance will come with stricter regulatory oversight, compelling organisations to bolster their security practices to qualify for coverage." He explained that insurers will increasingly require compliance with standards like ISO 27001 to ensure robust defences, making it challenging for those without comprehensive security measures to secure policies.

Further addressing global cyber threats, Dash remarked on the action needed to protect critical infrastructure. "In 2025, critical infrastructure will face mounting cyber threats, prompting governments and operators to adopt stronger defences and risk management frameworks," he explained. He pointed out how regulations like NIS 2 will encourage EU operators to strengthen their security measures and improve incident reporting protocols, while highlighting global governmental investment in protection against these threats.

Sam Peters, Chief Product Officer at ISMS.online, shared additional potential long-term challenges in the cybersecurity domain. He stated that although quantum computing is on the horizon, a pressing concern is "quantum-inspired cryptography," with hackers potentially using quantum algorithms to weaken existing encryption standards. This situation could lead to an increase in hybrid encryption methods before the widespread arrival of quantum computers.

Peters also discussed the growing complexity of digital identities, which could lead to a rise in synthetic identity fraud where attackers create fake personas. "This could become a significant issue in finance, healthcare, and even social media, where identity verification processes are often automated and could be easily tricked," he observed, advocating for AI tools to detect identity anomalies.

With the rise of biometrics in security, Peters warned of the increasing risk of biometric data theft. "Unlike passwords, biometric data cannot be changed once compromised, making such breaches particularly devastating," he said, suggesting investment in securing biometrics and using multi-layered biometric verification systems as crucial.

The advent of advanced wearable technology also presents cybersecurity challenges. Peters cautioned that the health data collected by devices like fitness trackers could be a target for attackers. "This would force manufacturers to implement more robust data encryption and authentication methods for wearable devices," he proposed.