The dynamic development of technology is a double-edged sword. Besides the advancements in innovation, new forms and an increasing number of threats go hand in hand with it. A prime example is artificial intelligence, which in addition to providing businesses with numerous benefits, is also used to carry out automated or more realistic attacks. Furthermore, cybercriminals are increasingly targeting elements of critical infrastructure, where any distortion can lead to significant consequences for hundreds or even thousands of people. The easier access to Ransomware-as-a-Service and its increased effectiveness also raise concern. Simultaneously, regulatory pressure, including the need to comply with NIS2, necessitates intense actions and investments in the field of security from businesses. The four most crucial challenges for digital security in 2025 are pointed out by Sebastian Wąsik, Country Manager for Poland at baramundi software.
- Use of AI in attacks: By 2025, artificial intelligence (AI) will be increasingly used both to defend against cyber threats and to create more advanced and effective attacks. A report entitled “Cost of a Data Breach” conducted by Ponemon Institute on behalf of IBM indicates that from March 2023 to February 2024, business attacks involving generative artificial intelligence resulted in losses estimated at nearly 5 million USD. This trend is expected to progress in the coming year. Machine learning algorithms can analyze vast amounts of data in a short period, enabling detection of weak points in the security of target systems and automatic preparation of personalized actions. Additionally, AI can be used to bypass traditional threat detection mechanisms. Another example is the use of deepfake technology, which helps create more realistic images, sound, and video materials.
- Frequent attacks on critical infrastructure: Critical infrastructure is increasingly being targeted by cybercriminals. A case in point is the healthcare sector, which recently recorded a 7% increase in cyber attacks. The objective of these attacks often is to cause chaos, obtain ransom, or confidential or classified information. Effectively securing critical infrastructure is key to ensuring citizen safety, as incidents in sectors such as energy, transport, banking, or healthcare can lead to severe disruptions in the functioning of states and economies.
- Beware of RaaS: Ransomware-as-a-Service (RaaS) is a business model where the creators of ransom-demanding viruses sell their software to other criminals or participate in extortion profits. Handling RaaS doesn’t require knowledge of programming, hacking or specialized equipment, making this tool accessible to almost everyone. According to the “The State of Ransomware 2024” report, 59% of organizations fell victim to a ransomware attack this year. Given the increasing number of incidents involving ransom-demanding malware, the risk of more organizations falling victim to cybercriminals using RaaS grows.
- Increasing legal requirements for security: The NIS2 Directive, established by the Council of the European Union and the European Parliament as a fundamental component of the EU’s digital security strategy, increases requirements for risk analysis and information protection, thereby making it one of the most crucial elements of the global cybersecurity market in 2025. It mandates systematic implementation of risk management and security policies, forcing companies to implement stricter and broader IT and supply chain protections and invest in modern security systems. For enterprises such as FMCG, chemical manufacturers, or digital service providers, penalties for non-compliance with NIS2 can reach up to 7 million euros or 1.4% of their annual income. For companies in sectors such as transport, finance, energy, or digital infrastructure, fines can be as high as 10 million euros or 2% of annual revenue. For severe infringements of NIS2, the EU legislative bodies have foreseen fines of up to 20 million euros or 4% of global annual revenue.
These challenges for cybersecurity demonstrate how complex and demanding the digital environment is becoming. Moreover, rapidly evolving attack methods mean that not only is the development of security measures crucial, but also systematic education of staff is important to create a conscious and highly protected IT environment. Heightened competence and vigilance can significantly reduce the risk of breaches due to human error, playing a decisive role in the effectiveness of protection against cyber attacks. All of these elements together form the picture of cybersecurity challenges, wherein innovation must go hand-in-hand with responsibility and readiness for any eventuality.
Source: https://managerplus.pl/najwazniejsze-wyzwania-dla-cyberbezpieczenstwa-w-2025-roku-21432
