As the digital landscape evolves, cybersecurity remains a major challenge for businesses worldwide. Now, experts from cybersecurity firm Resilience have shared their predictions for 2025, emphasizing emerging threats and the role of leadership in safeguarding digital assets.
Dr. Ann Irvine (pictured left), Resilience’s chief data scientist, anticipates a major cyber incident involving an obscure company in the coming year. “In 2025, the biggest cyber incident will involve a company that most people haven’t even heard of before, and the impact will be devastating to a small group of companies - just like we saw with CDK Global this past summer,” she stated. This prediction underscores the ripple effects smaller, less-visible organizations can have on broader networks and industries.
Among her projections, Dr. Irvine also foresees a successful deepfake attack targeting a Fortune 500 company. However, she dismissed the likelihood of a nationwide internet outage due to cyberattacks. “I just don’t think that kind of thing will happen. I don’t believe that AWS, for instance, will go down for more than 24 hours next year. Threat actors are aware that an attack at that scale would put them at extreme risk of being hunted down and sent to prison,” she explained, emphasizing the strong disincentives against such large-scale attacks.
Public awareness of cybersecurity is expected to play a significant role in shaping policies and practices. Dr. Irvine highlighted the growing consciousness among individuals and organizations alike. “Cybersecurity is a societal problem that we all have to address together,” she said, noting that the insurance industry will increasingly drive accountability by tying financial incentives to improved cybersecurity measures.
Justin Shattuck (pictured), Resilience’s chief information security officer (CISO), echoed similar concerns while focusing on the evolving role of corporate leadership in combating cyber threats. He predicted that 2025 would see an industry-wide push to tighten contract language between companies and their vendors.
“I’ve seen industry experts and government agencies alike increasingly push for contract language between companies and their third-party vendors to transition from nebulous phrases like ‘should’ into specific, binding phrases like ‘shall’ – i.e., ‘multi-factor authentication shall be implemented’. In 2025, I anticipate that this push will become more mainstream,” Shattuck said.
Shattuck also pointed to alarming trends in ransomware. “The financial severity of ransomware attacks jumped significantly last year—by 411%. I expect that the financial impact of these attacks will likely continue in an upward trajectory, thanks to advancing attacker strategies, targeting of critical industry sectors, and rising ransom payment demands,” he said.
The visibility of CISOs in corporate leadership roles is another expected shift. As cybersecurity’s financial and operational implications gain prominence, Shattuck believes CISOs will take on greater responsibility at the board level.
“CISOs will bring a level of insight and technical acumen that helps boards better prioritize remediation and mitigation of these risks with strategic decision making. As a result, companies with more emboldened and empowered CISOs will fare better when it comes to preventing and mitigating the effects of attacks,” Shattuck noted.
Do you have something to say about these predictions? Share your thoughts in the comments below.
