Threats to Cybersecurity: What’s on the horizon in 2025 and beyond?

You know about ransomware, malware and DDoS attacks. But in the ever-evolving landscape of cybersecurity, new threats are always emerging – often driven by some of the new technologies that promise to make our lives better. 

In this article we explore five threats to organisations’ cybersecurity. One might seem relatively benign on the surface, one has rapidly gained prominence, one might seem too futuristic (but isn’t), and the last two will probably surprise you. Whether you have a dedicated team of cybersecurity specialists, or need a little help sourcing cybersecurity talent, this article is essential reading. 

Threat #1: Outdated software and hardware 

Using outdated equipment and delaying software updates may seem fairly harmless in the grand scheme of things. But ageing infrastructure and obsolete software (or just software that hasn’t been updated in a while) leaves your organisation vulnerable. As any cybersecurity specialist knows, the biggest risk with outdated tech is that it may not have the necessary security features to defend against the latest threats. Or it may not be able to support the latest cybersecurity measures. All of which provides cybercriminals with an easy back door into your systems. 

Threat #2: AI-driven scams

AI has quickly emerged as one of the most pressing cybersecurity threats, thanks to its ability to facilitate increasingly sophisticated scams. Generative AI in particular is making it easier for cybercriminals to write custom malware and generate incredibly realistic phishing content. 

In one example, a software company was targeted by a highly advanced social engineering attack aided by AI. It started with an SMS phishing (smishing) message that appeared to be a genuine message about employee health insurance. One employee clicked on the link provided and gave their credentials to the fake website. The attacker than called the employee asking for their multifactor authentication code – which made the employee suspicious, but because the attacker was using a deepfake audio that simulated a colleague’s voice, the employee handed over their code. With this and the employees’ credentials, the attacker was able to gain approval from the organisation’s authentication systems.[i] 

Threat #3: Quantum computing

Quantum computers use quantum physics for computing, making them faster than the most advanced supercomputers, and able to tackle tasks that would take thousands of years with traditional computation methods. The main concern here is that quantum computers could easily break modern encryption methods at superfast speed – including some of the toughest encryption around, used in industries like banking. 

We’re only just beginning to see quantum computing applied in practice, so the cybersecurity threat is still theoretical. But when you consider how far AI has advanced over the last two or three years, it makes sense that quantum computing is a concern for cybersecurity professionals. Which is why companies like Apple and Google are already developing ‘post-quantum’ security protocols, and the World Economic Forum (WEF) has devised a quantum readiness toolkit.[ii]

Threat #4: Attacks on undersea data cables

No, we haven’t been reading too many spy novels – attacks on undersea cables are becoming a serious concern. Earlier this year, British officials accused a Russian spy ship of patrolling British waters and mapping underwater cables.[iii] When you think that 95% of internet traffic is secured via undersea cables, an attack could be devastating. 

In fact, there have been several recent examples of such attacks. In December 2024, an undersea electricity cable between Estonia and Finland was sabotaged, with repairs expected to take several months.[iv] Just a month before that, a telecoms cable between Germany and Finland was severed, and an internet link between Lithuania and a Swedish island stopped working, due to a suspected sabotaged cable.[v]

Threat #5: The skills gap

According to a WEF report, 36% of business leaders say that cybersecurity skills are the main challenge to achieving their cyber-resilience goals, and 78% say their business doesn’t have the in-house talent to achieve their cybersecurity objectives.[vi] Also worrying is the 20% of leaders who say they don’t have the cybersecurity professionals they need to respond to a cyber incident.

Clearly, not having the right cybersecurity talent is a considerable threat to cybersecurity and resilience. The trouble is, with demand for tech talent outstripping supply, it’s hard for the average business – i.e. not Google or Meta – to attract and retain talent. 

Where to find the best cybersecurity talent

When it comes to hiring top cybersecurity talent, most businesses need a little help. One great way to find cybersecurity specialists is to work with a cybersecurity recruitment agency – a dedicated recruitment company that focuses on cybersecurity talent and tech talent. 

As one of the leading cybersecurity recruitment agencies, Roc Search can help your company find top cybersecurity specialists. We have a ready pool of cybersecurity experts that you can tap into on a permanent, temporary or project basis. Learn more.