Between the rise of AI and the ever-growing threat of cyberattacks, one thing is for certain – cybersecurity is going to be extremely important in 2025.
As we look ahead, we ask ECI’s Head of Cyber, Ash Patel, about the key trends to watch out for and what boards can do to protect themselves in the coming year.
1. Smarter phishing attacks
Phishing attacks have always been a concern, but with the rise of AI, they are becoming more targeted and harder to spot. AI tools can generate emails that sound just like those from a colleague or even a CEO, making them almost impossible to distinguish from legitimate messages.
This increased sophistication of phishing will drive companies to adopt password less authentication methods, such as passkeys, which use a pair of cryptographic keys for authentication to make logging in secure and simple.
The main advantage is that they can’t be stolen like passwords, and there’s nothing to remember, so you’ll never have to worry about forgetting them. Companies like Apple, Microsoft and Google are already leading the charge in making passkeys the norm for safer and easier logins.
2. Deepfakes: A growing threat
With quantum computing making significant progress last year, AI systems are now able to process large amounts of data much faster and analyse and generate content with greater detail and accuracy. This means that AI will be able to create even more realistic deepfakes, which, in the wrong hands, could spread misinformation or cause major reputational damage.
As these threats grow, we will see businesses and governments use new tools like blockchain and digital watermarking to verify the authenticity of content, helping to protect against deepfake-driven misinformation, fraud, and impersonation attacks. For instance, as highlighted by Meta’s recent efforts, AI is being used to strengthen security and verify content across platforms.
3. Nation-states cyberattacks are set to increase
Cyberattacks from nation-states are expected to rise over the next few years, as geopolitical tensions make cyber warfare an increasingly important strategy. Attacks could target vital infrastructure, including power grids, financial systems and healthcare which could disrupt everyday life.
The good news is that businesses and governments are already working together to strengthen defences, using tools like AI to predict and block attacks in real time. For example, Microsoft has partnered with governments to share threat intelligence. Similarly, the UK’s National Cyber Security Centre is using AI-driven initiatives like ‘Early Warning’ to help organisations identify vulnerabilities before they can be exploited. This collaborative approach will be crucial for protecting our critical systems.
4. AI: A powerful ally in cybersecurity
While AI presents challenges for cybersecurity, it is also a powerful tool for defenders. AI can help businesses detect and respond to cyber threats faster and more accurately. It can analyse network traffic to spot anomalies that indicate potential breaches or predict vulnerabilities in software before they can be exploited.
AI can also automate many tasks, such as analysing system logs to detect unusual activity or threads. This allows security teams to focus on more strategic work. In the future, AI-powered systems will be essential in ensuring quicker and more efficient responses to threats.
5. Supply chain cybersecurity will become a priority
Even if you put in place best-practice cybersecurity procedures, you are still vulnerable through your supply chain, and cybercriminals are therefore attacking large providers.
In 2024, we saw this firsthand when a ransomware attack hit Blue Yonder, a major software provider. It affected retailers like Starbucks, Morrisons and Sainsbury’s in the UK, disrupting critical operations and forcing businesses to find manual solutions.
To address these risks, companies are turning to tools like real-time risk monitoring, zero-trust systems – which assume no one is automatically trusted – and blockchain to secure data sharing across their supply chains. Increasingly companies will look to conduct deeper third-party due diligence and certifications such as ISO 27001, as part of procurement to improve resilience across the supply chain
It is clear that cybersecurity will continue to evolve, and that challenges will only grow. But with the right tools, collaboration, and a bit of forward-thinking, businesses can stay one step ahead.