From widespread Ticketmaster breaches to historic CrowdStrike outages, it seems that the cybersecurity sector has had its hands full this year. But as the future of cybersecurity threats develops, it is more important than ever to stay vigilant against constantly evolving risks. By identifying today’s trends, we can set our teams up to stay on top of tomorrow’s trials. Here are three topics for cybersecurity leaders to stay focused on and look out for further developments to come in 2025.
Tracking Sensitive Data
Our most sensitive data, and the most precious currency among cyber-criminals, grows increasingly vulnerable. As described by Smart Industry, multiple reports have found that companies across the world are struggling to secure their sensitive data. In fact, 57% of companies are unable to track or control how that information is shared through external communications. Meanwhile, 66% of companies share sensitive data with at least 1,000 or more third parties. To top it off, 32% of companies have experienced not one, not two, but seven data breaches over the last 12 months.
In total, there have been 1,571 reported data breaches in 2024 so far, which is a 14% increase in comparison to the first half of 2023. As the number of breaches steadily rises each year, cybersecurity standards and regulations will have to move quickly to stay resolute against the future of cybersecurity threats. Come 2025, the cybersecurity sector will likely see regulations on how sensitive data can be stored and tracked, especially within third parties.
Federal Agencies Stepping Back
The U.S. Supreme Court’s recent ruling that overturned Chevron v Natural Resources Defense Council is triggering massive changes in the cybersecurity landscape. Because of this decision, federal agencies such as the Cybersecurity and Infrastructure Security Agency (or CISA) will no longer be deferred to for their expertise when interpreting the law. By circumventing the authority once given to federal agencies, more decision power will be held within the courts. As this is a recent decision, we have yet to see how the benefits or challenges of this overruling will play out within the cybersecurity sector.
However, when federal agencies justify their decisions to Congress, it could lead to clearer regulations. Conversely, if courts make decisions without input from industry experts, they risk promoting regulations that may be lax or ambiguous.
Securing Our Infrastructure
Critical infrastructure has increasingly been the target of cybercriminals over the last year. In “The State of Ransomware in Critical Infrastructure 2024,” cyberattacks were studied across 14 countries. In total, 67% of utility organizations were attacked by ransomware in 2024 alone, a 12% increase from 2020.
As to be expected, along with ransomware came data theft. Even though data was encrypted, 50% of attacks resulted in stolen data, which can further be used to financially extort victims. Meanwhile, in 2023, only 36% of incidents with encrypted data experienced theft. While most of these utilities can recover stolen data, recovery times have decelerated. Only 20% of those hit by ransomware recovered in less than a week (compared to 50% in 2022), and 55% are now taking over a month to recover (a leap from 19% in 2022).
It is plain to see that critical infrastructure will play a big role in combatting the future of cybersecurity threats. As utilities continue to be a target, and recovery time continues to drop, we can expect more attention on how to secure this line of defense.
Looking Ahead
The future of cybersecurity often seems unpredictable, with new technologies continually emerging and introducing new risks to data security. Laws will need to evolve rapidly to keep pace. By closely monitoring these trends, cybersecurity leaders can better prepare for the evolving landscape of cyber-attacks and defenses.
