As we move further into 2025, the cybersecurity landscape continues to evolve at a rapid pace, presenting both new challenges and opportunities for organisations worldwide. Our brand-new annual Cybersecurity Outlook provides a comprehensive overview of the current state of cybersecurity, highlighting key trends, emerging threats and strategic recommendations for enhancing cyber resilience.
Expanding cyberattack surface – more, wider and faster
The cyberattack surface is expanding more rapidly than ever before, driven by the increasing sophistication and speed of cyberattacks. ”Crime as a service” has significantly raised the bar, making it more challenging for organisations to respond effectively. These services provide ready-made tools and resources for carrying out cyberattacks, allowing less-experienced hackers to execute complex attacks. As a result, organisations are facing greater difficulty in defending against these rapidly evolving threats.
The time required to compromise a target system has significantly decreased, with the average falling from 62 minutes to 48 minutes, according to CrowdStrike. The fastest recorded time was just 51 seconds!1 Mandiant reports that a significant proportion of intrusions (33%) began by exploiting vulnerabilities.2 According to Verizon, the exploitation of edge devices and VPN vulnerabilities has grown almost eightfold since 2023, increasing from 3% to 20%.3
One of the most frequently observed initial access vectors in cyberattacks is exploiting vulnerabilities. Edge devices, including VPNs, are particular targets due to their critical role in network security. The rise of zero-day vulnerabilities and API exploitations is further exacerbating the risk. Shadow and zombie APIs are also posing increasing threats, as they often go unnoticed and unpatched, providing easy entry points for attackers.
Organisations have been actively working to remediate their vulnerabilities, but only about 54% of perimeter device vulnerabilities were fully mitigated throughout the year. The median time to remediate these vulnerabilities is 32 days, as reported by Verizon. 4
The proliferation of non-human identities, such as machine and service accounts, has led to a surge in attacks focused on identity infrastructure and efficient credential theft. The proliferation of AI has led to a dramatic increase in machine identities, which now outnumber human identities by a ratio of 45 to 1 in the average organization, according to CyberArk.5 Identity-based attacks are also on the rise: Cisco Talos reports that 60% of security incidents in 2024 had an identity component.6 Microsoft blocks 7,000 password attacks per second, which is 12 times more than in 2021.7 Additionally, 50% of identity attacks were stages of ransomware or pre-ransomware attacks, according to Cisco Talos.8
Threat actors are using infostealers on various platforms to infiltrate organisations and steal sensitive information. Infostealers have become a significant threat, with Huntress stating that they represent 24% of all observed incidents.9 Phishing and spear phishing remain the most popular cybercrime techniques,10 as the human element continues to be a major factor in breaches.11
Nation-state-sponsored threat actors are increasingly using ransomware to disrupt critical services in adversary countries. The focus and techniques of ransomware attacks have evolved from merely encrypting data to include exfiltration, multi-extortion and deliberate operational disruption. These attacks aim to cause maximum damage and create geopolitical instability. Ransomware attacks have increased by 37% compared to 2023, with 44% of cybersecurity breaches involving ransomware, according to Verizon. 12 Furthermore, 86% of ransomware attacks targeted backup repositories, and Veeam reports that 69% of organizations that paid the ransom were attacked more than once.13
Highly decentralized operating models lead to a loss of control over security. Weaponizing external and third parties, such as service providers, presents additional entry points for attackers. Insider threats and hybrid environments face significant challenges from data silos and visibility gaps, making it difficult to maintain comprehensive security measures.
Evolving threat actors: all attacks must be stopped, regardless of source
In the ever-changing world of cybersecurity, various threat actors are continuously evolving their tactics to exploit vulnerabilities and achieve their objectives.
Organised cybercriminals engage in profit-driven exploitation, seeking high returns on investment by targeting industries with weaker defences or high revenue potential. These attacks are typically opportunistic, aiming to maximise financial gains. A significant majority of security breaches continue to be driven by financial motives. In 2024, some 89% of breaches had a financial motive, a slight decrease from 95% in 2023.14
Cybercriminals are leveraging advanced tools and techniques to breach networks, steal sensitive data and disrupt operations. Their primary goal is to generate significant financial rewards, often through ransomware, phishing and other cybercrime methods.
Nation-state-sponsored threat actors have significantly escalated their activities, with advanced persistent threats (APTs) becoming more sophisticated and elusive. These adversaries leverage advanced tactics, techniques and procedures to breach networks, conduct cyber espionage and steal critical data. As geopolitical tensions rise, APTs remain a major concern, with threat actors increasingly specialising by industry. Nation-state adversaries often target critical infrastructure, government agencies and high-value industries to achieve their strategic objectives.
There has been a notable increase in breaches with espionage motives, rising from 6% in 2023 to 17% in 2024.15 This shift underscores the growing interest of threat actors in stealing sensitive information for strategic advantage.
The number of threat actors tracked by Microsoft has seen a dramatic increase, from 300 in 2023 to over 1,500 in 2024.16 This surge reflects the expanding threat landscape and the increasing sophistication of cyber adversaries. These new adversaries are leveraging advanced tactics and techniques to breach networks and steal critical data.
Ransomware continues to be a significant threat, with a 44% year-over-year growth in new ransomware groups, as reported by Group-IB. Activity by state-sponsored threat actors has also increased by 58%, highlighting the escalating involvement of nation states in cyber espionage and disruptive operations.17
The overlap between ransomware groups and state-sponsored actors indicates shared resources and mutual benefit. As nation states and cybercriminals adopt each other’s tactics, distinguishing between them is becoming increasingly difficult. Cybercriminals are often hired to carry out attacks, providing nation-state-backed groups with plausible deniability if activities are traced back to them. This collaboration enhances the effectiveness of cyberattacks and complicates attribution efforts.
Authoritarian state cyber ecosystems leverage various actors’ resources and capabilities to enhance national cybersecurity. Authorities mandate vulnerability reporting, information disclosure and grants of access.18 Threat actors have unlimited resources to carry out cyberattacks, while defenders often face constraints on budgets, labour resources and technology. This disparity makes it challenging for defenders to keep up with constantly evolving tactics and techniques. Authoritarian states use their cyber capabilities to maintain control, monitor dissent and protect their interests.
Different hacktivist groups with political agendas target countries and their supporters. These groups use cyberattacks to promote their causes, disrupt operations and draw attention to their issues. The fragmented global environment amplifies the importance of robust threat intelligence to identify and mitigate the activities of hacktivists, who often exploit vulnerabilities in government and corporate networks to achieve their objectives, making them a significant threat to national security and stability.
Distributed denial-of-service (DDoS) attacks have seen unprecedented growth, with Cloudflare reporting a 358% year-over-year increase.19 Elisa has also experienced 122% growth in DDoS attacks, indicating the widespread nature of this threat.20 DDoS attacks are often used to disrupt services, cause financial losses and create chaos for the targeted organisations. DDoS attack may also function as a strategic diversion, aiming to exhaust the resources of the defending party.
Adapting to geopolitical tensions: rising risks and shrinking resources
In the rapidly evolving cybersecurity landscape, organisations are facing significant challenges due to regulatory and technological shifts. These changes are shaping how they adapt to emerging risks and navigate the complexities of cyberspace.
The proliferation of global regulatory requirements is adding significant compliance burdens for organisations. This creates an unfair situation for defenders, as cyber attackers do not have to follow any laws or regulations. The growing complexity of cyberspace is exacerbating cyber inequity, highlighting the urgent need for collective action.21 Budget cuts and rearrangements are also affecting the global cybersecurity posture, making it more challenging for organisations to maintain robust defences.
With the constant evolution of cybersecurity threats, small organisations are facing unprecedented challenges. According to the World Economic Forum, 71% of cyber leaders believe that small organisations have reached a critical point where they can no longer adequately secure themselves against increasing cyber risks.22
Cyber incidents continue to be the top business risk, which indicates the importance of recognising geopolitics as a business risk. For the fourth year in a row, cyber incidents have been identified as the most important global business risk, highlighting the growing threat that cyberattacks pose to organisations worldwide. Business interruptions, ranked as the second most important global business risk by Allianz, further emphasise the disruptive impact of cyber incidents on operations and productivity.23
To enhance their resilience to geopolitical change, organisations need to invest in advanced scenario-planning capabilities. The changing geopolitical climate is increasing state-sponsored targeting of critical infrastructure, creating uncertainty and elevating the risk of cyberattacks.
Hybrid warfare is impacting cyberspace as well, with AI being harnessed for disinformation, influence campaigns and deepfakes, as well as for manipulating public opinion. This adds another layer of complexity to the cybersecurity landscape, as organisations need to defend against sophisticated, multifaceted threats.
To address these challenges, organisations must adopt a balanced approach to technology. Technologies should be both centralised and decentralised, with a focus on advanced technology, quality and cost. However, strategic foresight is critical in the selection process to ensure that the technologies an organisation chooses align with its long-term goals and risk management strategies.
Increased integration and dependence on complex supply chains are resulting in a more opaque and unpredictable risk landscape. To navigate these complexities, organisations must enhance their visibility and control over their supply chains to mitigate potential risks. The proportion of breaches involving third parties has seen significant growth, increasing from 15% in 2023 to 30% in 2024.24 This trend underscores the importance of securing supply chains and external partnerships, as vulnerabilities in third-party systems can lead to severe consequences for organisations. IBM’s findings highlight the need for robust third-party risk management strategies to mitigate these risks.
Supply chain challenges have been identified as the biggest barrier to cyber resilience by 54% of large organisations.25 The complexity and interconnectedness of modern supply chains are creating numerous entry points for cyber threats, making it difficult for organisations to maintain comprehensive security measures. The World Economic Forum’s insights emphasise the need for enhanced visibility and control over supply chains to improve cyber resilience.
Strengthening cybersecurity: addressing future threats
As cybersecurity continues to evolve at a rapid pace, organisations must focus on strengthening basic operations to ensure resilience against future threats. Bad actors are employing ”Harvest now, decrypt later” strategies, putting long-term sensitive enterprise data at risk.26 This approach involves collecting data in encrypted form now with the intention of decrypting it later when more advanced decryption methods become available.
As quantum computing advances, organisations need to prioritise existential business risks such as data breaches, account compromises and communication failures. A post-quantum response should focus on these critical areas to mitigate the potential impact of quantum computing on current encryption methods.27
By 2029, advances in quantum computing will make conventional asymmetric cryptography insecure.28 Quantum computers have the potential to break widely used encryption methods and pose a significant threat to data security. Organisations must prepare for this shift by investing in post-quantum cryptographic solutions to protect sensitive information from future quantum attacks.
As we look towards the future, several technological advancements and emerging risks are set to reshape the cybersecurity landscape. As AI becomes more integrated into cybersecurity, the risk of AI systems being manipulated increases, potentially compromising decision-making and weakening security measures. Managing AI in organisations is becoming more challenging as AI functionalities are unexpectedly added to services.29 Agentic AI, which operates autonomously, increases the risk of security vulnerabilities.30 The adage ”You can’t secure what you don’t know about” highlights the importance of understanding and controlling AI processes.31 Ultimately, humans need to comprehend the process and maintain control over AI outcomes to ensure security.
By 2026, some 30% of enterprises will find face biometrics unreliable due to AI-generated deepfake attacks.32 Deepfake technology – which uses AI to create fake images and videos that are highly realistic – can undermine the reliability of biometric authentication systems. This growing threat highlights the need for organisations to adopt more robust and multi-factor authentication methods to ensure secure access.
Fifteen per cent of employees routinely accessed generative AI (GenAI) platforms on corporate devices, increasing the potential for data leaks.33 The uncontrolled use of AI platforms and solutions can inadvertently expose sensitive corporate data, making it crucial for organisations to implement strict data governance policies and monitor the use of AI tools within their networks.
The integration of AI into software development is revolutionising the industry, enabling faster and more efficient code generation. Currently, 30% of Microsoft’s code is written by AI, and it is projected that 95% will be AI-generated by 2030.34 However, this also raises concerns about the security and reliability of AI-generated code. Organisations must ensure that AI systems are properly managed, and that human oversight remains a critical component in the development process.
Attacks on identity infrastructure are on the rise due to attackers’ growing focus on identity. Organisations are increasingly interested in securing both human and non-human identities using modern authentication solutions, like passkeys. Additionally, eliminating implicit trust-based access models by migrating to zero-trust network architecture is becoming a priority.35 This approach ensures that every access request is thoroughly verified, regardless of its origin.
The rapid adoption of emerging technologies is creating new vulnerabilities, which cybercriminals are exploiting to achieve greater sophistication and scale in their attacks. Organisations must stay vigilant and continuously update their security measures to address these evolving threats.
Article in Finnish: Cybersecurity Outlook 2025: Trendejä, uhkia ja ratkaisuja tulevaisuuteen
Sources:
1. CrowdStrike: Global Threat Report 2025.
2. Mandiant: M-Trends 2025 Report.
3. Verizon: Data Breach Investigation Report 2025.
4. Verizon: Data Breach Investigation Report 2025
5. CyberArk: Key Considerations for Securing Different Non-Human Identities.
6. Cisco Talos: 2024. Year in Review.
7. Microsoft: Digital Defense Report 2024.
8. Cisco Talos: 2024. Year in Review.
9. Huntress: Cyber Threat Report 2025.
10. Group-IB: High Tech Crime Trends 2025.
11. Verizon: Data Breach Investigation Report 2025.
12. Verizon: Data Breach Investigation Report 2025.
13. Veeam: Ransomware Trends and Proactive Strategies 2025.
14. Verizon: Data Breach Investigation Report 2025.
15. Verizon: Data Breach Investigation Report 2025.
16. Microsoft: Digital Defence Report 2024.
17. Group-IB: High-Tech Crime Trends 2025
18. SUPO: National Security Overview 2025
19. Cloudflare: DDoS Threat Report 2025/Q1.
20. Elisa: Data on Cyber 2024.
21. World Economic Forum: Global Cybersecurity Outlook 2025.
22. World Economic Forum: Global Cybersecurity Outlook 2025.
23. Allianz: Risk Barometer 2025.
24. IBM: Cost of a Data Breach Report 2024.
25. World Economic Forum: Global Cybersecurity Outlook 2025.
26. Gartner: Top Strategic Technology Trends for 2025: Postquantum Cryptography
27. Gartner: Top Strategic Technology Trends for 2025: Postquantum Cryptography
28. Gartner: Emerging Tech: The Impact of AI and Deepfakes on Identity Verification.
29. Traficom | Kyberturvallisuuskeskus: Kyberturvallisuus Suomessa 2025.
30. OWASP: Agentic AI – Threats and Mitigations.
31. Palo Alto Networks | Unit42: Global Incident Report 2025.
32. Gartner: Top Strategic Technology Trends for 2025: Postquantum Cryptography.
33. Verizon: Data Breach Investigation Report 2025.
34. Business Insider: Microsoft CTO: Most Code Will Be AI-Generated in 5 Years.
35. Recorded Future: Annual Threat Report 2024.
Kaikki artikkelitKirjoittanut
