Cybersecurity predictions for 2025

The surge in sophisticated cyber threats, ransomware attacks on critical infrastructure, and the increasing impact of AI and machine learning on cybersecurity continue to make government agencies ever more vulnerable. Sabeen Malik offers four insights to consider.

1. National cybersecurity programs will prioritise critical infrastructure

Governments worldwide will continue to implement stricter security measures to safeguard critical infrastructure such as energy, healthcare, and transportation.

Australia’s progress on the new Security of Critical Infrastructure bill serves as a model for others. The Asia Pacific region is also making strides, with initiatives highlighted during the recent Singapore Cyber Week including collaboration among Singapore, Australia, the Philippines, and India to protect critical infrastructure.

The Philippines and Australia, for instance, have launched a “cyber boot program” to raise awareness and enhance preparedness for cyber attacks. This initiative follows their signing of a Memorandum of Understanding on cybersecurity and critical infrastructure cooperation in February last year.

Regulatory mechanisms like licenses, audits, and fines are becoming more common across the Asia Pacific region to enforce transparency and security. Australia has expanded its list of critical infrastructure operators, now covering more than 40 entities across energy, finance, and communications sectors. These operators face new cybersecurity obligations as part of the country’s evolving approach to safeguarding national significance.

2. Escalating nation state cyber activities

Nation-state-sponsored cyber activities remain a significant concern. Groups like Volt and Salt Typhoon have actively targeted critical infrastructure in the United States and rebuilt their botnet capabilities. These groups are under FBI investigation for their suspected involvement in attacking commercial telecommunications infrastructure.

Australia is not immune to such threats. In July last year, the Australian Signals Directorate published an advisory on activities by a Chinese Ministry of State Security-backed threat actor targeting Australian organisations. Public attributions like this will continue to play an increasingly important role in deterring malicious cyber activities.

3. Supply chain risks require coordinated response

The interconnectedness of critical infrastructure demands a systematic approach to addressing supply chain risks. Investments in offensive capabilities may also increase as part of these efforts. 

In 2025, collaboration among Five Eyes nations Canada, the UK, the US, New Zealand and Australia will be essential for sharing intelligence and understanding diverse threat landscapes. While much attention has been placed on incident response, proactive prevention must also become a priority. Government agencies can lead the way in fostering a preventative approach, emphasising the timeliness of threat intelligence as a foundation for cyber resilience.

Enhanced collaboration between the UK, Australia, and the US will further solidify the understanding of risk contexts, contributing to stronger foundations for cybersecurity.

4. AI will drive both attack and defence strategies

AI will intensify the geopolitical cyber arms race while prompting increased outsourcing of AI-ready security operations centres.

AI systems are set to become indispensable in detecting potential breaches, identifying anomalies, and securing networks against threats before they cause critical damage. Beyond back-end algorithms, AI agents and chatbots will play a role in countering phishing attacks and social engineering attacks by simulating threats.

According to Gartner, in 2025, generative AI will drive a spike in the cybersecurity resource demand, leading to a greater than 15% incremental spend on application and data security. By 2026, agencies that integrate generative AI with platforms-based architectures in security behaviour and culture programs will experience 40% fewer cybersecurity incidents. 

Sabeen Malik – Rapid7’s VP, Global Government Affairs and Public Policy

Leave a Reply

Your email address will not be published.