The digital risk landscape is evolving rapidly, with 2025 set to bring heightened challenges for organisations across industries. As businesses continue to digitise their operations, the increasing reliance on technology creates new vulnerabilities.
The growing complexity of cyber threats, combined with geopolitical instability, is shaping a digital environment that demands constant vigilance and adaptation.
Joseph Parry, associate analyst at Control Risks, highlighted key trends shaping the digital threat environment, emphasising the impact of cyber interdependency, geopolitical tensions, and emerging technologies on corporate resilience.
As digital services become increasingly interconnected, businesses are becoming both providers and consumers of these technologies. This interconnectedness enhances efficiency but also creates vulnerabilities that can be exploited by cybercriminals.
“By 2025, 90% of Fortune 500 companies will both provide and consume digital services,” Parry said. “This growing interdependency between technologies will lead to an increasing number of systemic cyber incidents. Threat actors across the spectrum will look to replicate high-profile outages, like CrowdStrike IT, which totalled losses over $5 billion in collateral damage, for their own gain.”
The potential for cascading failures is increasing as companies become more dependent on external systems for their operations. Parry said that this shift brings heightened risks as more businesses integrate widely used technologies into their critical functions.
“Future incidents will be felt primarily by organisations leveraging widely used technologies for business operations and basing their own commercial technology offerings on these critical technologies,” he said. “Geopolitical uncertainty will increase the intent of states and their proxies to target critical technologies that had previously been out of scope. Digital resilience programs, mature third-party risk management, and strategic and technical crisis preparation for IT outages should be a priority for businesses in 2025.”
Geopolitical tensions are also influencing the cyber threat landscape, making it one of the most unpredictable periods in recent years. Parry said that state-backed cyber operations have grown bolder, with fewer consequences for their actions.
“Driven by geopolitical volatility, 2025 could become the most tumultuous year the digital threat landscape has experienced yet. Aggressive cyber actors face less and less consequences for their actions while reaping ever greater tactical and strategic rewards in increasing their digital disruption efforts,” Parry said.
Conflicts around the world are likely to intensify the cyber arms race, leading to more sophisticated attacks on national and corporate digital infrastructure.
“We expect geopolitical competition driven by flashpoints, such as military escalation in Ukraine and a US foreign policy pivot towards the Asia Pacific, to drive nation-states in a cyber arms race that will extend to emerging technologies like artificial intelligence,” he said. “State-linked groups will likely prioritise targeting critical national infrastructure (CNI) through disruptive and destructive attacks, as well as espionage operations.”
As cyber warfare becomes more common, digital attacks are being used alongside traditional statecraft. Governments are employing digital tools to manipulate narratives, disrupt adversaries, and maintain deniability.
“Cyberattacks are now an inextricable part of modern statecraft,” Parry said. “Nation-states blur the boundaries between digital warfare, grey zone media manipulation, and disinformation, and deniable sabotage activities whilst leveraging cyber proxies to maintain plausible deniability. This targeting will almost certainly continue in future conflicts.”
Beyond government actors, cybercriminals are adapting quickly to technological changes. Their strategies are evolving, leading to an increase in attacks that can cripple businesses and institutions.
“In 2024, ransomware and data leak extortion threats continued to grow with targets including schools, hospitals, and governments, causing approximately $40 billion worth of damages to organisations in the US alone,” he said. “In 2025, it is predicted that there will be 200 zettabytes worth of data stored on private and public IT infrastructures, utility infrastructure, private and public cloud data centres, personal devices, and on internet of things (IoT) devices.”
Cryptocurrency continues to be a key facilitator of illicit financial activity. Cybercriminals increasingly rely on digital currencies to conduct transactions, making money laundering more difficult to trace.
“Global cybercriminal activities are expected to grow by 15% annually, costing approximately \$10.5 trillion in damages globally,” Parry said. “Cryptocurrency will remain an increasingly key tool for criminals in money laundering. Phishing emails or offers of free tokens will be used to trick victims directly into providing their private keys or connecting to crypto wallets.”
Cyber activism is another growing area of concern. As global conflicts persist, cyber activist groups are aligning their attacks with geopolitical developments.
“As geopolitical crises persist, like the Russia-Ukraine and Israel-Hamas conflicts, cyber activist groups are expected to continue their retaliatory DDoS attacks, hack-and-leak operations, and web defacements,” Parry said. “The attacks throughout 2024 suggest a sustained targeting rate into 2025.”
Misinformation campaigns are expected to rise, fuelled by both political actors and commercial competitors. Parry warned that organisations must prepare for the reputational risks associated with false narratives and AI-generated misinformation.
“Geopolitical tensions, political polarisation, AI development, and economic uncertainty will increase the intensity of disinformation campaigns in 2025,” Parry said. “High-profile state-sponsored campaigns seeking to discredit and disrupt rivals are the new normal, while social media platforms allow for expanded reach to younger audiences.”
Regulatory scrutiny is increasing as governments attempt to control the spread of cyber risks and secure national infrastructure. New compliance requirements could impose additional burdens on businesses.
“In 2025, the global regulatory landscape is tightening, with increasing emphasis on digital sovereignty and resilience,” Parry said. “Frameworks such as the EU’s NIS2 Directive and DORA Regulation, as well as data localisation laws in countries like China and India, underscore a growing trend toward stricter oversight of digital risks and control over critical data.”
With digital threats mounting, businesses must take proactive steps to strengthen their security frameworks. The ability to anticipate and respond to cyber risks will be crucial in maintaining operational stability in the coming year.
“Investing in cybersecurity resilience, monitoring regulatory changes, and preparing for emerging threats will be essential for maintaining operational stability in 2025,” Parry said.
What are your thoughts on this story? Please feel free to share your comments below.
