We made 9 cybersecurity predictions for 2025 - how are we doing?
by Aaron Flack on Jul 29, 2025
Back in January, we sketched nine forces we said would shape cybersecurity through 2025. Seven months of field data are in. Some calls landed almost on the nose, others misfired, and a few are still warming up. Below is the expanded scorecard on how our predictions are stacking up.
For details on how we came up with these scores, we have detailed our algorithm at the end of this blog post.
1. AI-powered attacks will explode
Score 8 out of 10
Generative AI has shifted from experiment to production in criminal circles. CrowdStrike’s 2025 Threat Hunting Report tracks adversaries using large language models to automate reconnaissance, draft spear-phish lures, and even write polymorphic loader code.
Netscout analysts warn that chatbot-style assistants such as WormGPT are now planning multi-vector distributed denial of service runs for non-specialist crews.
Why that score? We predicted rapid growth, and we got it, but the volume is still uneven across sectors.
What happens next? Expect off-the-shelf toolkits to become subscription services that bundle exploit research, social engineering scripts, and GPU time.
2. A flood of new AI-enabled security products
Score 7 out of 10
Gartner’s 2025 Hype Cycle lists Agentic AI security as peak publicity, yet buyers are already trimming pilots that lack measurable return.
Forrester’s Q2 2025 Wave on security analytics shows ten vendors claiming AI differentiation, but only four demonstrate verifiable threat detection uplifts.
Why that score? The gold rush is real, though consolidation is underway.
What happens next? Boards will value AI that integrates with existing telemetry over brand-new consoles. Look for mergers rather than green-field launches in H2.
3. Boards will mandate greater cyber resilience
Score 9 out of 10
The Cyber Governance Code of Practice, published in April, pushes legal accountability onto directors for the first time.
Industry lawyers now treat cyber drills the same way they treat fire drills: miss one and explain it in public.
Why that score? Mandatory guidance beats voluntary frameworks.
What happens next? Expect auditors to require evidence of tabletop exercises and live incident telemetry, not annual PDF reports.
4 Brand impersonation attacks will dominate headlines
Score 7 out of 10
Check Point’s Q2 2025 Brand Phishing Report shows Microsoft as the bait in twenty-five per cent of phishing attempts, with Google and Apple next in line.
Attackers now misuse link-wrapping features of secure email gateways to sneak through trusted domains and loot Microsoft 365 credentials.
Why that score? Headline volume matches the call, though smaller brands remain under-reported.
What happens next? Real-time domain spoofing monitors and automatic DMARC enforcement will replace monthly summary charts.
5 Zero trust enters the mainstream
Score 8 out of 10
A global CIO Pulse finds ninety-six per cent of organisations favour the model and eighty-one per cent plan to deploy within twelve months.
Forrester’s July Wave on zero trust platforms highlights buyers demanding a unified policy rather than single-point products.
Why that score? Commitment is high, though completion is patchy.
What happens next? Attention shifts between network segmentation and identity context, with continuous posture scoring across cloud estates.
6 Ransomware shows no sign of slowing
Score 9 out of 10
Zscaler blocked a one-hundred-forty-six per cent year-on-year spike in attempts, the sharpest rise in three years.
IBM’s latest Cost of a Data Breach report notes that one-sixth of breaches now involve generative AI tools that cut phishing prep from sixteen hours to five minutes
Why that score? Volume and technique escalation both confirmed.
What happens next? Operators pivot from encryption to pure exfiltration, squeezing victims through leak sites and regulatory exposure.
7 Supply chain security will lock down
Score 5 out of 10
Bitsight finds forty-three per cent of UK firms run continuous third-party monitoring, yet only twenty per cent class their posture as very mature IT Pro. New NIS2 obligations complicate compliance and raise stress levels.
Why that score? Awareness rose, but action lags.
What happens next? Regulators are drafting minimum-viability controls that will hard-wire supplier attestations into every contract.
8 The cost of ransomware will surge
Score 8 out of 10
IBM pegs the global average breach at four point nine million US dollars, up ten per cent, with shadow AI incidents adding six hundred-seventy thousand dollars on top
Why that score? Financial impact met the upper end of our range.
What happens next? With payment bans looming, legal fees and shareholder litigation will outpace ransom demands in cost models.
9 Cyber insurance becomes essential
Score 6 out of 10
Marsh reports softer premiums and broader wording, yet S&P Global estimates only five to ten per cent of UK small and medium enterprises carry a standalone policy
An ESET study puts the figure at eight per cent for firms with no external security support.
Why that score? Pricing is attractive, but adoption is not.
What happens next? Underwriters will link discounts to zero trust deployment and continuous control validation, raising the bar for cover.
Three fresh calls for H2 2025
-
AI governance bites
The EU AI Act introduces transparency and watermarking duties for general-purpose models on 2nd August 2025. Boards must budget for red-team simulations that probe model drift and copyright leakage. -
Post-quantum readiness moves to the board agenda.
The NCSC timetable expects firms to map cryptography by 2028 and complete migration by 2035. NIST has already accepted FIPS 140-3 modules that include post-quantum primitives, signalling market readiness -
The UK inches toward a ransomware payment ban
The Home Office consultation proposes outlawing ransom payments for the public sector and critical national infrastructure while forcing private firms to report intent. Even a partial ban will shift negotiation dynamics and elevate the legal risk of paying.
Closing note
The first half of 2025 proved that speed now trumps size in cyber risk. Attackers iterate faster, regulators chase harder, and defenders who match the tempo turn disruption into a competitive edge. Re-check every plan monthly and treat your security budget as a living instrument. Predicting is enjoyable, adjusting in flight keeps you in business.
Need help with organising your security stack? Speak to an expert.
How the 1‒10 accuracy scores were built
1. Anchor points
-
10 means the prediction happened materially as stated, within the expected time frame, and across most of the market segments we care about.
-
5 marks a partial hit: the trend is visible but patchy or slower than forecast.
-
1 means the call is clearly off track or has yet to surface.
Anchoring the endpoints before gathering evidence stops retrospective bias.
2. Four evidence pillars were used of equal weight
Pillar | Question asked | Typical sources |
---|---|---|
Magnitude | Has the shift reached critical mass? | Industry incident data, vendor telemetry |
Velocity | Is the speed in line with the forecast window? | Quarter-on-quarter or year-on-year deltas |
Breadth | How many sectors or geographies show impact? | Analyst surveys, regulatory filings |
Salience | Is the change visible to executives and the press? |
Mainstream media, government policy papers |
Each pillar earns up to 2.5 points. Summed, they produce the 10-point scale.
3. Evidence sweep
For every prediction we pulled:
-
Two analyst or regulator documents (Forrester, Gartner, NCSC, EU AI Act drafts).
-
One incident or telemetry dataset (CrowdStrike, Netscout, Zscaler).
-
One mainstream or trade-press confirmation.
Sources were cross-checked for date alignment and sector relevance to UK mid-enterprise readers.
4. Scoring workflow
-
We read the evidence and logged quantitative markers: percentage growth, adoption rates, and financial impact.
-
We assigned each pillar a provisional 0‒2.5 value.
-
We stress-tested the provisional score against contradictory data. Adjustments downward were made if the evidence was thin or localised.
-
We rounded to the nearest whole number for simplicity in the article.
Example: AI-powered attacks
-
Magnitude: 2.0 (attacks up sharply, confirmed by multiple vendors).
-
Velocity: 2.0 (growth exceeded year-on-year forecast).
-
Breadth: 1.5 (heaviest in finance and public sector, less in manufacturing).
-
Salience: 2.5 (regular headlines, parliamentary questions).
Total = 8.0, rounded to 8.
Why not use formal forecast metrics like Brier scores?
The original January calls were qualitative, not probabilistic, so a calibrated Brier or log loss would be artificial. A transparent pillar model is easier for non-statistical readers to audit and replicate.
Governance checks
-
Every score links back to at least three independent references
-
No single vendor or media outlet can swing a pillar by more than 0.5.
-
Scores will be revisited at year-end to see how the pillar method holds up.
Accuracy scores are derived from publicly available data and Conosco’s analyst interpretation. Different weightings may yield different results.
Sources Used
Provider/company | Document or page title | Link |
---|---|---|
CrowdStrike |
2025 Threat Hunting Report |
|
Netscout (coverage in IT Pro) |
“Think DDoS attacks are bad now? Wait until hackers start using AI assistants …” |
(IT Pro) |
Gartner |
2025 Hype Cycle for Artificial Intelligence |
(Gartner) |
Forrester |
The Forrester Wave: Security Analytics Platforms, Q2 2025 |
|
UK Government (DSIT) |
Cyber Governance Code of Practice (April 2025) |
(GOV.UK) |
Check Point Research |
Phishing Trends Q2 2025 report |
|
CIO.com |
“Why 81% of organisations plan to adopt Zero Trust by 2026” |
(CIO) |
Forrester |
The Forrester Wave: Zero Trust Platforms, Q3 2025 |
|
Zscaler |
2025 Ransomware Report (146% spike) |
|
IBM Security |
Cost of a Data Breach Report 2025 |
(IBM) |
Bitsight |
2025 State of Cyber Risk and Exposure (UK spotlight) |
(IT Pro) |
Marsh |
“Five trends in UK cyber insurance in Q1 2025” |
(Marsh) |
S&P Global (reported by Reinsurance News) |
“Cyber insurance premiums stabilise in 2025, but market penetration remains below 10% for SMEs” |
|
ESET (reported by TechRadar Pro) |
“Only 8% of UK firms carry standalone cyber insurance” |
|
European Commission |
EU AI Act: general-purpose AI Code of Practice (August 2025) |
(IT Pro) |
NCSC |
Post-quantum cryptography migration roadmap (March 2025) |
(NCSC) |
NIST |
“NIST releases first finalised post-quantum encryption standards” |
(nist.gov) |
UK Home Office |
Ransomware legislative consultation (January–April 2025) |
(GOV.UK) |
9 cybersecurity predictions for 2025 orginal blog post
You May Also Like
These Related Stories

A guide to cyber insurance in 2025
Mid-sized UK businesses have seen a continued rise in cyber threats over the last year, with more data emerging from 202 …

Risk vs reward: balancing cyber budgets for the next financial year
Depending on the start of your financial year, most businesses should be well into their financial planning by now, with …

Cultivating a cyber-responsible culture
In 2007, cyber responsibility was brought to public attention when HMRC sent two CDs containing the private data of 25 m …