Essential strategies for tackling today’s most pressing cyber threats

In 2025, organizations must be vigilant about cyber risk, implementing proactive measures to secure their digital assets and shield themselves from potential threats. To confront this pressing issue, experts in the field recently gathered at our Cyber Risk Virtual Summit to share their insights and strategies for organizations wanting to keep their competitive advantage in cyber risk.

One of our panel discussions, Future-proofing your cyber risk management: Trends for 2025 underscored several looming cyber threats, such as supply chain vulnerabilities, challenges in cloud computing, identity-based attacks, the increasing automation of attacks through artificial intelligence (AI) and the rise of non-human identities. Our panelists spoke about the need for continuous monitoring and assessment of vulnerabilities to pre-empt potential breaches and disruptions.

The experts that took part in this discussion include:

Tim Youngblood, CISO in Residence, Astrix Security; Former CISO, McDonald’s, Kimberly-Clark & Dell​

Adam Fletcher, Chief Security Officer, Blackstone​

Rick Patterson, CISO, Strada Global; Former CISO, PetSmart & Clear

Here, I provide a breakdown of the most pressing cyber risks for 2025 along with actionable strategies to mitigate them.

The top 5 cyber risks for 2025 and strategies for mitigation

As we think about 2024 and look ahead to 2025, Youngblood suggests that many of the same challenges persist. We'll likely encounter ongoing issues with supply chains, cloud security and identity-based attacks. He says, “2024 was a record-breaking year in terms of cyber incidents, with notable events like the TNT, Snowflake and Ticketmaster breaches. The CrowdStrike issue, although not necessarily an attack, had a significant global impact, demonstrating how devastating cyber capabilities can be for companies.”

Participants also added that the risk of not having an AI strategy is one that many companies are facing, as well as the growth of non-human identities. With all of these risk looming, it’s important to adopt a proactive and comprehensive approach to cyber risk management.

Let’s dive into the top five cyber risk for 2025:

1. Vulnerabilities in the supply chain

As companies rely more on external partners and vendors, the potential for these partners to become entry points for cyber threats increases, which makes the supply chain a critical point of vulnerability in 2025.

Supply chain attacks are insidious because they can exploit the interconnected nature of modern business operations, allowing malicious actors to infiltrate networks indirectly. Youngblood says that it’s crucial for organizations to have a thorough understanding of their critical assets and the potential impact of vulnerabilities.

How to manage this risk:

To address supply chain vulnerabilities, companies need to adopt a proactive approach. This includes incorporating AI-based questions when evaluating vendors to ensure that their data use aligns with security standards.

Monitoring the terms of service of SaaS vendors is also essential to guarantee compliance and transparency. By engaging with business partners and maintaining a robust security risk program, organizations can better drive their strategy, controls and budget effectively, as emphasized by Patterson. Maintaining a quality security risk program is essential to steer strategy and ensure control alignment.

Learn more about the right questions to ask when choosing AI-powered GRC technology, here.

2. Challenges in cloud computing

As companies increasingly store and process data in the cloud, securing these environments has become a major concern. Key issues include data protection, cloud service vulnerabilities and ensuring that only authorized individuals have access. With the ever-growing dependency on cloud services, the risk of data breaches and unauthorized access increases.

This heightened exposure necessitates a comprehensive understanding of the assets within these cloud environments and their potential impact. And as cyber threats continue to evolve, it is essential to stay ahead of these challenges by implementing strong security measures and continuously validating controls to protect sensitive data.

How to manage this risk:

Addressing the challenges of cloud computing requires continuous control validation and testing. Organizations must ensure that they have robust backup solutions and effective access management strategies in place. This approach minimizes the risk of data breaches and enhances the overall security posture of cloud environments.

“I mentor about 10 CISOs now. The first thing that I ask them is... ‘Have you done a thorough Crown Jewels assessment? Do you really know what assets are running your company today?’ And until you've done that, you're risking being exposed.”

Tim Youngblood, CISO, Astrix Security; Former CISO, McDonald’s, Kimberly-Clark & Dell​

The focus should be on identifying critical assets, understanding their potential impact, and implementing protective measures accordingly. Conducting a comprehensive ‘Crown Jewels assessment’ to understand key assets is vital.

3. Attacks targeting identity

Identity-based attacks have become more prevalent as cybercriminals exploit weaknesses in identity systems to gain unauthorized access. These attacks often involve the misuse or theft of identities to penetrate secure systems and access sensitive information.

Cybercriminals frequently misuse stolen or weak credentials to infiltrate systems, posing significant risks to organizations. Identity-based attacks can also include tactics like phishing, social engineering and credential stuffing, which exploit human errors and system vulnerabilities. These methods enable attackers to move laterally within networks, access sensitive data and execute further malicious activities without immediate detection.

How to manage this risk:

Given the evolving landscape, it's critical for organizations to strengthen their identity and access management practices. Enhancing authentication mechanisms, implementing regular security audits and staying updated with the latest threat intelligence are crucial steps in mitigating identity-based threats. Ensuring that all identities are adequately protected will be a key focus in safeguarding systems in 2025.

Tactics to counteract identity-based threats include, implementing multi-factor authentication (MFA) comprehensively. A proactive approach that includes robust identity and access management policies can effectively reduce the risk of identity theft and misuse.

Get the Cyber Leadership Playbook

Break down silos between security, legal & governance with expert insights to build cyber resilience and improve board-level oversight.

Get your free copychevron_right

4. Automation of cyberattacks using AI

Cyber attackers are increasingly leveraging AI to automate and refine their methods. This technology enables more sophisticated and efficient attacks, posing significant challenges to traditional defense mechanisms. AI can be used to generate realistic phishing emails, automate vulnerability scanning and even exploit vulnerabilities with precision and speed that surpasses human capabilities. These advanced techniques allow cybercriminals to scale their operations, targeting multiple victims simultaneously and increasing the overall potential damage.

The application of AI in cyberattacks isn't limited to automation; it also involves the use of machine learning algorithms to predict and adapt to security defenses. For instance, AI can analyze patterns in cybersecurity measures and adjust its tactics to bypass them. This makes it difficult for static security systems to keep up with the dynamic and evolving nature of AI-driven attacks.

How to manage this risk:

Our panelists suggest several tactics to mitigate the risks of AI:

• Organizations should embrace AI-driven security solutions to enhance their threat detection and response capabilities. By integrating AI into existing cybersecurity frameworks, companies can stay ahead of attackers who leverage similar technologies. These advanced tools are capable of analyzing vast amounts of data in real time, identifying patterns and detecting anomalies that human analysts might miss. This enables quicker, more efficient responses to potential threats, reducing the window of opportunity for cybercriminals.
• Incorporate AI into security operations centers (SOCs). AI can assist in monitoring network traffic, identifying suspicious activities, and prioritizing alerts based on their risk levels. This helps manage the increasing volume of security data and allows security teams to focus on the most pressing threats.
• Implement continuous control validation and testing to ensure that security measures are effective. Patterson says this proactive approach is essential for steering strategy, controls and budget.
• Conduct a pre-mortem analysis to help identify potential vulnerabilities and weaknesses before an attack occurs. By considering what could go wrong and implementing measures to mitigate those risks, organizations can strengthen their defenses against AI-driven cyber threats.

5. Growth of non-human identities

The rise of non-human identities presents new challenges for network security. These automated systems and bots, which vastly outnumber human identities, can become targets for exploitation.

In 2025, it's expected that attacks will focus on these non-human identities, as they offer new vectors for cybercriminals. With approximately 40,000 non-human identities for every 1,000 employees, they represent a significant target for attacks.

How to manage this risk:

Organizations must develop strategies to effectively monitor and manage non-human identities. This includes ensuring that identity management policies encompass both human and non-human entities. By conducting a thorough assessment of critical assets and their impact, organizations can build a resilient security posture.

Patterson says that engaging with the business to develop a quality security risk program is essential. By doing so, companies can address the security risks posed by automated systems and bots, ensuring that their networks remain secure in 2025.

Take the next step

The discussion we had at the Cyber Risk Virtual Summit highlighted actionable strategies to tackle these pressing cyber risks. Our panel of experts emphasized the following best practices to stay ahead of cyber risks in 2025:

• Implement strong authentication mechanisms: MFA and other robust authentication measures are pivotal in safeguarding against identity-based attacks.
• Conduct regular security awareness training for employees: Educating your workforce on cyber security risks and best practices is a pivotal strategy in mitigating human error risks.
• Develop a comprehensive incident response plan: A well-structured plan for responding to cyber incidents is key to mitigating the impact of an attack.
• Work with a reputable cybersecurity firm: A cybersecurity firm can assist your organization in assessing risks, devising a security strategy, and implementing robust security controls.
• Invest in AI-powered security solutions: AI-powered security solutions can assist organizations in swiftly and effectively detecting and responding to cyber threats.

Effective cyber governance starts with leadership alignment. For more expert insights like these, including actionable strategies to help CISOs, GCs & boards manage cyber risk with confidence, get your free Cyber Leadership Playbook.