Alyson Barish and Evan Kelly are authors of this article.

For cybersecurity professionals, 2024 brought new challenges and opportunities around safeguarding enterprise environments. Today’s organizations are no longer simply worried about having defenses in place to ward off bad actors: they need a full suite of capabilities to prevent, detect, respond, and explain breaches of security. Many of 2024’s challenges related to regulatory compliance, incident response, the rise of AI-fueled threats, and ongoing geopolitical turmoil will remain critical priorities for 2025.

2025 is likely to see the continuation of advancements for many financially motivated criminals in terms of tactics, ability, and overarching goals. Like 2024, the rapid advancement of AI technology combined with volatile geopolitical events, ongoing conflict in multiple world hotspots, political uncertainty, and political change in the West are likely to fuel aggressive cyber activity from criminals, nation states, and law enforcement the world over. Our experiences in observing prior upticks in aggressive cyber activity from cybercriminals and nation-states results in downstream litigation or significant compliance issues.

Litigation Advisory on the Rise

Increasingly, organizations are facing a rise in litigation entailing cybersecurity as a primary issue of dispute, especially in the context of M&A and contractual issues concerning material harm. Cybersecurity professionals are called upon to not only determine what went wrong, but also, to serve as expert witnesses to explain the broader business implications of a cybersecurity event. We are called to explain complex issues during a dispute, help our clients litigate the facts as well as circumstances around cybersecurity programs and failures, and identify related risks. Disputes and litigation relating to cybersecurity issues are growing as cyber threats have become a larger part of the suite of risks businesses face.  We continue to see an uptick in cybersecurity linkages to dispute claims because organizations are so highly dependent on third parties for data driven services. This intersection connects reputational and business impact concerns when cyber incidents occur.

Preparing for Regulatory Scrutiny: M&A, Disclosures, and More

Pointing to a more holistic view of cybersecurity risks, companies engaging in M&A activity, particularly those that may experience scrutiny from regulatory bodies like the Committee on Foreign Investment in the United States (CFIUS), are seeking cyber risk assessments before staking their claim in a deal. This vigilance stems from the threat of potential data breaches, infiltration of critical infrastructure, nation-state data access concerns, and additional risks that do not impact one sole company but the company’s broader network, including partnerships with third parties and vendors. By undertaking thorough cybersecurity risk assessments and due diligence during negotiations, post-merger integrations are smoother and the chance of regulatory delays or reputational harm decreases.

AI and Emerging Technology Threats on the Rise

The rise of artificial intelligence (AI) promises to be the technological story of the decade, and for good reason. CrowdStrike is already warning of AI-driven ransomware attacks that use AI to automate aspects of the attack, such as autonomous vulnerability detection and doing independent research on targets before execution. AI and Large Language Models (LLMs) lower the cost of entry for threat actors that may not have advanced technical skills, enabling them to better target victims. Better targeting might translate to better success and better success likely means more incidents in the future. This begs the question: Will our collective strategies evolve to meet what is coming?

AI has massive ability to scale threat actor activities including generate polymorphic malware, a type of malware that is constantly adapting and mutating after every successful intrusion in an attempt to overwhelm traditional cybersecurity research and signature detection engines. This will start to become a more serious problem when nation state-sponsored threat actors with access to large amounts of resources can host their own specifically trained AI models to execute these kinds of attacks and generate this malware to overwhelm their geopolitical opponents through sheer volume, eventually rendering indicator of compromise-based systems obsolete. While this will not likely be fully seen to fruition in 2025, the beginning of these types of attacks and the prototype malware systems will likely be continually tested and deployed this year in anticipation of greater ability later in the decade.

The demand signal for AI expertise continues into 2025 and is specifically tapping into the knowledge of regulatory evolutions and emerging technology. Within the United States, new cybersecurity regulations emerged in 2024 that “enhanced cybersecurity guardrails that could effectively stymie evolving cyber threats,” including the increased use of AI within the threat landscape. In January 2025, however, the Trump Administration signed an Executive Order to eliminate these guardrails in an effort to retain the US’ leadership in AI, in turn “removing barriers” to AI development. As such, 2025 will include rapid advances in both offense and defense, and threat actors will continue to mature the use of AI and LLMs when creating malware and executing advanced and personalized phishing schemes.

Deepfakes enabled by AI are a recent development and we are observing deepfakes manifest in social engineering, information operations, and disinformation campaigns. Deepfakes are only going to become significantly more realistic in 2025, and the release of rapidly advancing AI video platforms like OpenAI’s Sora and Google’s Veo 2 will only supercharge the issue. In a February 2025 article, the World Economic Forum detailed a recent cyberattack against UK engineering firm Arup, which involved an AI-generated deepfake of a member of their senior management that established trust with an employee and accumulated a loss of $25 million. Threat actors have demonstrated that they can easily and cheaply advance their tactics, and we expect emerging technology to influence, evolve, and help threats proliferate their malfeasance throughout 2025.

Geopolitical Tensions

The geopolitical landscape will contribute to the manifestation of cybersecurity threats in 2025. With tensions continuing to run hot between the U.S., Europe, and Russia over the war in Ukraine, Iran, and their proxy groups being dismantled by Israeli and American actions, the fall of the Assad regime, and China making bold cyber moves on American government systems and infrastructure, Nation State actors and their surrogates are full steam ahead.

Specifically, the Great Power Competition (GPC) between China and the United States continues to manifest in the cyber realm with multiple high-profile events likely to make the news in 2025 on the scale of those in 2024. One prominent attack from last year includes Salt Typhoon’s infiltration of nine U.S. telecommunication providers to intercept American phone calls and geolocate those communications. Another involves the recent compromise of the U.S. Treasury Department by a Chinese state-sponsored Advanced Persistent Threat (APT) actor. We can expect these sorts of cyberattacks and espionage activities to persist and even increase in frequency and severity for 2025. The landscape in the United States is set to impact how the U.S. continues to compete with China on a global scale. The Trump Administration has already demonstrated a shift in cybersecurity regulation and government approach. In the first few days of the new administration, all Department of Homeland Security (DHS) advisory committees were shut down, which includes the Cyber Safety Review Board (CSRB), effectively ending Cybersecurity and Infrastructure Security Agency’s (CISA) investigation into the recent Salt Typhoon cyberattacks. It is not yet clear how these moves will impact the U.S.’s ability to compete with China, but it is certain that the power competition in cyber will continue.

It’s no secret that 2025 will be a very active year. However, a unique convergence of factors will usher in technological innovations that fuel cyber exploitation, espionage, and disruption. AI is poised to mature offensive and defensive cyber operations ushering in new tactics and techniques. Further, AI will lead to financially motivated criminal groups having access to more advanced malware than they would otherwise be capable of producing, and it will increase the chance of success while reducing the cost of entry for extortion groups. Geopolitical tensions will inform the landscape, both spurring competition as well as nation-state threats to security. From small businesses to Fortune 100 corporations, a healthy cybersecurity strategy will anticipate and counter foreseeable challenges that lie ahead—and be prepared to pivot to address the unknown. Organizations who have a keen sense of their digital assets, their protections, and updated threat profiles on how best to protect their assets will be most well suited to meet the challenges ahead.

If you have any questions or would like to discuss these topics please reach out to Daron Hartvigsen.

To receive StoneTurn Insights, sign up for our newsletter.