2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week. Meanwhile, planned job cuts across US employers are at their highest levels since 2020, we are on the brink of a global trade war, and geopolitical tensions are high.

On the plus side, there was a reported 35% year-over-year decrease in ransomware payments from 2024, but we’re not even one-third of the way through 2025 and things are already hectic. To help security leaders better prepare for the chaos that is and will be this year, Forrester has released our yearly report on the top threats that we expect organizations to face in 2025.

Read the full report here: The Top Cybersecurity Threats In 2025.

This report is based on data and trends from the changing dynamics in the threat landscape. We expect that organizations will face the following in 2025:

  1. Global regulatory disruptions. Some regulations are being established in force this year, others are cropping up net new, and still others are being revoked. With so much regulatory change, organizations must focus on compliance change management and prioritize requirements that are being enforced now.
  2. High-quality deepfakes. Convincing deepfakes are becoming easier to create thanks to the proliferation of open-source algorithms, purpose-built websites, cheap GPU power, and the wide availability of voice and audio profiles. Mitigating deepfakes requires an investment in end-user education and the implementation of strong authentication methods.
  3. Tech exuberance over generative AI. The anthropomorphizing of genAI means that people trust it even when they shouldn’t, which puts your organization at risk. It’s critical to invest in ML and AI security tools and create processes focused on discovery, policy enforcement, and detection and response.
  4. Job loss radicalization. A new economic reality has emerged in 2025, with a flurry of activity that saw job cuts to 4% of the US federal government workforce, massive tech layoffs, and job cuts in Europe. Managing potential insider threats with an insider risk management program is paramount this year.
  5. Generative AI-driven extortion. Ransomware became less lucrative in 2024, and attackers are likely to mix things up because of it. Before genAI, stealing data was only so useful — reviewing millions of emails takes far too much time. Now, with GenAI, attackers can perform a quick sentiment analysis on troves of stolen data for extortion schemes. Prepare now for infostealers, which lead to extortion and will become a bigger threat than ransomware.

For more on what to know about these threats and what to do about them, read the full report.

If you have more questions about the threat landscape, book an inquiry or guidance session with me or one of my colleagues.