We made 9 cybersecurity predictions for 2025 - how are we doing?

by Aaron Flack on Jul 29, 2025

Score scaled with very good

We made 9 cybersecurity predictions for 2025 - how are we doing?

11:24

Back in January, we sketched nine forces we said would shape cybersecurity through 2025. Seven months of field data are in. Some calls landed almost on the nose, others misfired, and a few are still warming up. Below is the expanded scorecard on how our predictions are stacking up.

For details on how we came up with these scores, we have detailed our algorithm at the end of this blog post.

1. AI-powered attacks will explode

Score 8 out of 10

Generative AI has shifted from experiment to production in criminal circles. CrowdStrike’s 2025 Threat Hunting Report tracks adversaries using large language models to automate reconnaissance, draft spear-phish lures, and even write polymorphic loader code.

Netscout analysts warn that chatbot-style assistants such as WormGPT are now planning multi-vector distributed denial of service runs for non-specialist crews.

Why that score? We predicted rapid growth, and we got it, but the volume is still uneven across sectors.

What happens next? Expect off-the-shelf toolkits to become subscription services that bundle exploit research, social engineering scripts, and GPU time.

2. A flood of new AI-enabled security products

Score 7 out of 10

Gartner’s 2025 Hype Cycle lists Agentic AI security as peak publicity, yet buyers are already trimming pilots that lack measurable return.

Forrester’s Q2 2025 Wave on security analytics shows ten vendors claiming AI differentiation, but only four demonstrate verifiable threat detection uplifts.

Why that score? The gold rush is real, though consolidation is underway.

What happens next? Boards will value AI that integrates with existing telemetry over brand-new consoles. Look for mergers rather than green-field launches in H2.

3. Boards will mandate greater cyber resilience

Score 9 out of 10

The Cyber Governance Code of Practice, published in April, pushes legal accountability onto directors for the first time.

Industry lawyers now treat cyber drills the same way they treat fire drills: miss one and explain it in public.

Why that score? Mandatory guidance beats voluntary frameworks.

What happens next? Expect auditors to require evidence of tabletop exercises and live incident telemetry, not annual PDF reports.

4 Brand impersonation attacks will dominate headlines

Score 7 out of 10

Check Point’s Q2 2025 Brand Phishing Report shows Microsoft as the bait in twenty-five per cent of phishing attempts, with Google and Apple next in line.

Attackers now misuse link-wrapping features of secure email gateways to sneak through trusted domains and loot Microsoft 365 credentials.

Why that score? Headline volume matches the call, though smaller brands remain under-reported.

What happens next? Real-time domain spoofing monitors and automatic DMARC enforcement will replace monthly summary charts.

5 Zero trust enters the mainstream

Score 8 out of 10

A global CIO Pulse finds ninety-six per cent of organisations favour the model and eighty-one per cent plan to deploy within twelve months.

Forrester’s July Wave on zero trust platforms highlights buyers demanding a unified policy rather than single-point products.

Why that score? Commitment is high, though completion is patchy.

What happens next? Attention shifts between network segmentation and identity context, with continuous posture scoring across cloud estates.

6 Ransomware shows no sign of slowing

Score 9 out of 10

Zscaler blocked a one-hundred-forty-six per cent year-on-year spike in attempts, the sharpest rise in three years.

IBM’s latest Cost of a Data Breach report notes that one-sixth of breaches now involve generative AI tools that cut phishing prep from sixteen hours to five minutes

Why that score? Volume and technique escalation both confirmed.

What happens next? Operators pivot from encryption to pure exfiltration, squeezing victims through leak sites and regulatory exposure.

7 Supply chain security will lock down

Score 5 out of 10

Bitsight finds forty-three per cent of UK firms run continuous third-party monitoring, yet only twenty per cent class their posture as very mature IT Pro. New NIS2 obligations complicate compliance and raise stress levels.

Why that score? Awareness rose, but action lags.

What happens next? Regulators are drafting minimum-viability controls that will hard-wire supplier attestations into every contract.

8 The cost of ransomware will surge

Score 8 out of 10

IBM pegs the global average breach at four point nine million US dollars, up ten per cent, with shadow AI incidents adding six hundred-seventy thousand dollars on top

Why that score? Financial impact met the upper end of our range.

What happens next? With payment bans looming, legal fees and shareholder litigation will outpace ransom demands in cost models.

9 Cyber insurance becomes essential

Score 6 out of 10

Marsh reports softer premiums and broader wording, yet S&P Global estimates only five to ten per cent of UK small and medium enterprises carry a standalone policy

An ESET study puts the figure at eight per cent for firms with no external security support.

Why that score? Pricing is attractive, but adoption is not.
What happens next? Underwriters will link discounts to zero trust deployment and continuous control validation, raising the bar for cover.

Three fresh calls for H2 2025

AI governance bites
The EU AI Act introduces transparency and watermarking duties for general-purpose models on 2nd August 2025. Boards must budget for red-team simulations that probe model drift and copyright leakage.
Post-quantum readiness moves to the board agenda.
The NCSC timetable expects firms to map cryptography by 2028 and complete migration by 2035. NIST has already accepted FIPS 140-3 modules that include post-quantum primitives, signalling market readiness
The UK inches toward a ransomware payment ban
The Home Office consultation proposes outlawing ransom payments for the public sector and critical national infrastructure while forcing private firms to report intent. Even a partial ban will shift negotiation dynamics and elevate the legal risk of paying.

Closing note

The first half of 2025 proved that speed now trumps size in cyber risk. Attackers iterate faster, regulators chase harder, and defenders who match the tempo turn disruption into a competitive edge. Re-check every plan monthly and treat your security budget as a living instrument. Predicting is enjoyable, adjusting in flight keeps you in business.

Need help with organising your security stack? Speak to an expert.

How the 1‒10 accuracy scores were built

1. Anchor points

10 means the prediction happened materially as stated, within the expected time frame, and across most of the market segments we care about.
5 marks a partial hit: the trend is visible but patchy or slower than forecast.
1 means the call is clearly off track or has yet to surface.
Anchoring the endpoints before gathering evidence stops retrospective bias.

2. Four evidence pillars were used of equal weight

Pillar	Question asked	Typical sources
Magnitude	Has the shift reached critical mass?	Industry incident data, vendor telemetry
Velocity	Is the speed in line with the forecast window?	Quarter-on-quarter or year-on-year deltas
Breadth	How many sectors or geographies show impact?	Analyst surveys, regulatory filings
Salience	Is the change visible to executives and the press?	Mainstream media, government policy papers

Each pillar earns up to 2.5 points. Summed, they produce the 10-point scale.

3. Evidence sweep

For every prediction we pulled:

Two analyst or regulator documents (Forrester, Gartner, NCSC, EU AI Act drafts).
One incident or telemetry dataset (CrowdStrike, Netscout, Zscaler).
One mainstream or trade-press confirmation.
Sources were cross-checked for date alignment and sector relevance to UK mid-enterprise readers.

4. Scoring workflow

We read the evidence and logged quantitative markers: percentage growth, adoption rates, and financial impact.
We assigned each pillar a provisional 0‒2.5 value.
We stress-tested the provisional score against contradictory data. Adjustments downward were made if the evidence was thin or localised.
We rounded to the nearest whole number for simplicity in the article.

Example: AI-powered attacks

Magnitude: 2.0 (attacks up sharply, confirmed by multiple vendors).
Velocity: 2.0 (growth exceeded year-on-year forecast).
Breadth: 1.5 (heaviest in finance and public sector, less in manufacturing).
Salience: 2.5 (regular headlines, parliamentary questions).
Total = 8.0, rounded to 8.

Why not use formal forecast metrics like Brier scores?
The original January calls were qualitative, not probabilistic, so a calibrated Brier or log loss would be artificial. A transparent pillar model is easier for non-statistical readers to audit and replicate.

Governance checks

Every score links back to at least three independent references
No single vendor or media outlet can swing a pillar by more than 0.5.
Scores will be revisited at year-end to see how the pillar method holds up.

Accuracy scores are derived from publicly available data and Conosco’s analyst interpretation. Different weightings may yield different results.

Sources Used

Provider/company	Document or page title	Link
CrowdStrike	2025 Threat Hunting Report	(CrowdStrike)
Netscout (coverage in IT Pro)	“Think DDoS attacks are bad now? Wait until hackers start using AI assistants …”	(IT Pro)
Gartner	2025 Hype Cycle for Artificial Intelligence	(Gartner)
Forrester	The Forrester Wave: Security Analytics Platforms, Q2 2025	(Forrester)
UK Government (DSIT)	Cyber Governance Code of Practice (April 2025)	(GOV.UK)
Check Point Research	Phishing Trends Q2 2025 report	(Check Point Research)
CIO.com	“Why 81% of organisations plan to adopt Zero Trust by 2026”	(CIO)
Forrester	The Forrester Wave: Zero Trust Platforms, Q3 2025	(Forrester)
Zscaler	2025 Ransomware Report (146% spike)	(TechRadar)
IBM Security	Cost of a Data Breach Report 2025	(IBM)
Bitsight	2025 State of Cyber Risk and Exposure (UK spotlight)	(IT Pro)
Marsh	“Five trends in UK cyber insurance in Q1 2025”	(Marsh)
S&P Global (reported by Reinsurance News)	“Cyber insurance premiums stabilise in 2025, but market penetration remains below 10% for SMEs”	(ReinsuranceNe.ws)
ESET (reported by TechRadar Pro)	“Only 8% of UK firms carry standalone cyber insurance”	(TechRadar)
European Commission	EU AI Act: general-purpose AI Code of Practice (August 2025)	(IT Pro)
NCSC	Post-quantum cryptography migration roadmap (March 2025)	(NCSC)
NIST	“NIST releases first finalised post-quantum encryption standards”	(nist.gov)
UK Home Office	Ransomware legislative consultation (January–April 2025)	(GOV.UK)

9 cybersecurity predictions for 2025 orginal blog post

Share this

Previous story

← Switching MSPs: What you need to know

Next story

Security tools ≠ security strategy →