Cybersecurity in 2025: a review

Concept artwork for a smart city generated by
Google Gemini (Nano Banana).

2025 was a year of disruption for cybersecurity, said Palo Alto Networks. The company had accurately forecasted that 2025 would see a rise in mega breaches that take entire enterprise networks offline — driven by supply chain vulnerabilities and attackers reaching new levels of speed and sophistication. 

"This has since been proven true, as 84% of the major cyber incidents that Unit 42 investigated (in 2025) have resulted in operational downtime, reputational damage or financial loss," stated the company in a list of 2026 predictions shared in late 2025.

While Palo Alto Networks did not touch on the human factor as a vulnerability, Arctic Wolf, a security operations provider, said that everyday employee behaviours—ranging from phishing missteps to risky AI use—continue to drive breaches and expose sensitive data.

The human element has become one of the most unpredictable variables in cybersecurity, Arctic Wolf as it released its 2nd annual Human Risk Behavior Snapshot in October 2025. The survey of more than 1,700 IT leaders and end users worldwide showed that while organisations remain confident in their defences. Leaders’ overconfidence, combined with employees bypassing or misusing basic safeguards, is widening the gap between perceived resilience and actual exposure. 

Highlights from the 2025 Human Risk Behavior Snapshot include:

Breaches surge worldwide

Nearly seven in 10 (68%) IT leaders say their organisation suffered a breach in the past year—an 8% jump from 2024—with Australia and New Zealand experiencing the steepest year-over-year increases within the Asia-Pacific region.

Phishing can trap experts

Nearly two-thirds of IT leaders and half of employees admit to clicking malicious links, yet three-quarters of leaders still believe their organisations are safe. One in five leaders who clicked didn’t report it. 

Senior executives in the crosshairs

Senior leadership teams continue to be a prime target, with 39% hit by phishing attempts and 35% facing malware infections that put high-value accounts at risk. 

AI becomes a data leak risk

Eight in 10 IT leaders and 63% of employees are using generative AI tools for work—and six in 10 leaders and four in 10 (41%) staff admit to feeding these tools confidential data. 

Training vs termination 

Seventy-seven percent of IT leaders say they would fire staff who fall for scams, up from 66% in 2024. In contrast, companies that emphasise corrective training report an 88% reduction in risk. 

Security basics still neglected

Fifty-four percent of organisations enforce multifactor authentication (MFA) for all users, leaving entry-level accounts unprotected and giving attackers the easiest path inside. 

“The rise of generative AI has created powerful new tools—but also powerful new risks. When leaders are overconfident in their defences while overlooking how employees actually use technology, it creates the perfect conditions for mistakes to become breaches,” said Adam Marrè, Senior VP and CISO at Arctic Wolf. 

“Progress comes when leaders accept that human risk is not just a frontline issue but a shared accountability across the organisation. Reducing that risk means pairing stronger policies and safeguards with a culture that empowers employees to speak up, learn from errors, and continuously improve.” 

Phishing

Kaspersky also found widespread phishing in 2025, counting over 117 M phishing links clicked in the Asia Pacific region from November 2024 to October 2025.

According to Kaspersky's research, 88.5% of phishing attacks targeted online account credentials, while 9.5% were focused on personal data such as names, addresses, and dates of birth. Just 2% were aimed at bank card information. Once captured, these personal details are funnelled through specialised automated systems which help to manage large amounts of data. These systems are offered as a platform-as-a-service (PaaS) and are either created by the attackers themselves or based on legitimate frameworks for creating websites or apps. 

Kaspersky Digital Footprint Intelligence stated that attackers consolidate stolen data into "dumps" – large batches of verified information – often priced on dark web forums at US$50 or less for bulk sales. Higher-value accounts fetch premium prices: cryptocurrency platforms average US$105, banking accounts – US$350, e-government portals – US$82.50, and personal documents – US$15.  

Data is meticulously verified using scripts to check its validity across services and is then combined into comprehensive "digital dossiers" that enhance its worth for targeted attacks, such as whaling schemes against high-profile individuals. 

"Stolen data evolves into a persistent weapon for cybercriminals. By leveraging open-source intelligence and old breach data, attackers can craft highly personalised scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud," said Olga Altukhova, Security Expert at Kaspersky.

Ransomware

"In 2025, ransomware has shown both resilience, evolution and adaptation. Ransomware-as-a-service (RaaS) models dominated. They have lowered the barriers for entry-level cybercriminals, offering malware, affiliate programmes, and even initial access brokering, resulting in a 90:10 ransom split favoring operators. Platforms like RansomHub (now dismantled) were quickly replaced by other groups, such as Qilin, Akira, Cl0p and Sinobi," said Fabio Assolini, Head of Research Center, Americas and Europe, Global Research & Analysis Team, Kaspersky. 

"Tactics have also evolved alarmingly, especially those using signed vulnerable drivers. These leverage the bring-your-own-vulnerable-driver (BYOVD) technique, as seen via MedusaLocker attacks. Double and triple extortion – encrypting data while exfiltrating it for leaks to customers, regulators, or competitors – has become standard." 

Assolini said attackers are bypassing traditional defences by targeting unconventional entry points like IoT devices, smart appliances, and webcams, as seen with the Akira gang. "The integration of AI, particularly large language models (LLMs), has accelerated this. Groups like FunkSec, emerging in late 2024, use AI-generated code for low-cost, high-volume attacks on government, finance, and education sectors in regions like India and Europe," he added.

"Hacktivist groups, such as Head Mare and Twelve, have weaponised ransomware against manufacturing and other targets." 

IoT stands for the Internet of Things. 

Identity

"2025 was the year Asia focused on digital trust for identity, as organisations redefined how secure access is experienced. Access control entered an era where security feels frictionless, powered by modern authentication and mobile-based identities," said Prabhuraj Patil, Senior Director, Physical Access Control Solutions, Asean & India Subcontinent at HID.

"As evidenced in our 2025 State of Security and Identity Report, nearly two-thirds of organisations are deploying or planning mobile access solutions, signalling a decisive move away from traditional physical credentials. What changed was not just technology, but how people experienced trust – expecting security that adapts to them, not the other way around."  

Details

Read the 2025 Human Risk Behavior Snapshot at https://arcticwolf.com/resources/blog/the-human-element-navigating-the-widening-gap-between-confidence-and-reality-in-cybersecurity/

Hashtag: #2025Highlights