CyXcel's Top 5 Cyber Risks for 2025

Cyber risks will be heavily shaped by emerging threats and transformative technologies in 2025. The rise of nation-state cyberattacks, the misuse of AI to target businesses and democracies, and the global race for AI supremacy highlight the urgent need for robust defences. Increased mainstreaming of cryptocurrencies will introduce new regulatory and security complexities, while the proliferation of Agentic AI will present both opportunities and risks.

1. The Threat of Nation-State Cyber Attacks

Nation-state cyberattacks have become a central ‘grey-zone’ weapon in global conflicts. The Russia-Ukraine conflict highlights this trend, Russian cyber operations targeting power grids and communication networks in Ukraine to disrupt and weaken the opposition alongside kinetic attacks.

Similarly, following the escalation the Israel-Hamas war across the Levant, Israel and Iran have engaged in cyber offensives against each other’s critical infrastructure, seeking to disable key systems without escalating to full-scale war. These operations reflect a broader strategy of leveraging cyber tools to gain a strategic advantage on the military battlefield, project power and weaken the opponent’s economy. 

The use of cyber operations is likely to escalate in 2025 since there is no end in sight for the Russia-Ukraine war and Israel is committed to its Middle Eastern security agenda. Furthermore, with the return of Donald Trump to the US presidency, US-China and US-Iran relations will be locked into a scenario of ‘hot peace’, where all sides will leverage cyber tools to advance their strategic political and economic goals.

As nation-state investment in offensive and defensive capabilities rises, advanced persistent threat actors will target critical infrastructure and incidents will likely increase in frequency and sophistication, making them harder to detect. Both the private and public sector will need to ensure their cyber containment and mitigation strategies are proportionate to this rising risk.

2. Agentic AI: Risky Opportunity

AI is developing beyond generative AI tools such as ChatGPT and Microsoft Copilot, with the latest development being Agentic AI. Agentic AI tools use complex reasoning and planning algorithms to autonomously execute intricate and multi-step tasks. For example, such tools can independently analyse transaction patterns, detect irregularities in data sets and take actions in real-time. The emergence of Agentic AI is expected to transform the cybersecurity and technology landscape as not only will it be able to suggest solutions to problems, but it will also be able to execute specified solutions.  

The possibilities for the use of agentic AI endless and opens up new opportunities to detect and mitigate cyberattacks without human intervention (Gartner, 2025). However, developing and implementing systems require sophisticated architectures due to the complexity and scale of the tasks these systems are designed to perform. It is imperative that the architectural designs include secure data pipelines and encryption protocols to protect the AI’s decision-making capabilities.

Unlike Generative AI, Agentic AI systems are more autonomous and therefore demand a higher degree of integration with data processing, decision-making and execution with less human input. This requires robust frameworks that can handle dynamic inputs, analyse them and execute decision while not amplifying biases of training data and delivering other problematic outcomes.

Companies and organizations will need to develop robust processes to ensure that these risks, and security-related risks from Agentic AI, are duly mitigated.

3. The Misuse of AI Against Business and Democracies

Generative AI technology has equipped threat actors with affordable and powerful tools to create new malware and execute sophisticated attacks, amplifying the scale and precision of their operations. Deepfakes are increasingly used to impersonate executives or employees, tricking organizations into approving fraudulent transactions or releasing sensitive information. 

Together with AI-driven phishing schemes and advanced social engineering tactics, misuse of deepfakes led to the theft of £580 million through fraud and scams in the first half of 2023 alone (BBC Finance, 2023). 

In 2025, misuse of AI tools will create serious disruption in the financial markets and the economy more widely, with hackers using AI to generate synthetic identities for fraudulent transactions, automate the discovery of system vulnerabilities and predict weak points in supply chains. 

AI’s impact will extend far beyond the economic domain. Democracies are increasingly vulnerable to AI-generated, highly realistic disinformation campaigns that exploit social media to spread fake news, sowing distrust and undermine policymaking. 

The rapid advancement of AI technology has outpaced global efforts to regulate its use or build effective defensive mechanisms, leaving organizations, governments and societies highly exposed. Additional setbacks to defensive strategies arise from the decision by US technology giant Meta to end third-party fact checking on its platforms in the United States, and a broader political push for weakening online content moderation.

All organizations will, therefore, need to improve their resilience against AI-related threats to their network security, operations and social profile.

4. AI Innovation and its Ethical Implications

The global race for AI dominance has become a strategic priority for nations and corporations alike. All major advanced and emerging economies view AI as a critical driver of their future economic and geopolitical power. Indeed, global AI spending is projected to surpass $632 billion by 2028 (IDC, 2024).

Simultaneously, organizations such as OpenAI, Google and Microsoft are engaged in their own AI innovation race, collectively investing billions into AI development in an attempt to capture consumer markets. For example, Microsoft alone have committed over $10 billion to OpenAI since early 2023 (CNBC, 2023).

In particular, the United States and China remain the top two leaders on AI, both countries investing heavily in talent, technological innovation and use cases. The incoming Trump administration is likely to see AI innovation heavily through the lens of competition with China.

While innovation in AI and robotics technology promises to unlock economic growth, a major risk for 2025 will be AI’s military application, such as autonomous weapon systems and AI-powered surveillance tools. These applications have the potential to redefine global power dynamics.

Without international regulations to guide AI development and competition, this race risks exacerbating geopolitical tensions and creating divides with unpredictable outcomes. 

Due to rapid innovation and growing concerns about misuse and military applications, the issue of AI safety and ethics will take global centre stage in 2025. 

Public campaigns and stakeholder questions on this issue will require not just major AI vendors but all entities adopting AI solutions to ensure they have robust AI use processes in place.

5. Mainstreaming of Cryptocurrencies

Mainstreaming of cryptocurrencies such as Bitcoin will gain further momentum in 2025 in large part due to Trump’s return to the White House. Trump’s administration has been a strong supporter of these digital assets and intends to position the US as the global leader in cryptocurrency adoption.

Potential policies may include the creation of a national Bitcoin reserve (Reuters, 2024) and reduction of crypto-related taxes. In turn, this would boost Bitcoin’s credibility and increase business and consumer engagement with the crypto economy.

However, there is unresolved and deep federal agency-level disagreement within the United States over cryptocurrencies, and significant concern among central banks worldwide about the potential risk such highly volatile cryptocurrencies present to global financial stability.

Some countries are taking policy action to ensure responsible and regulated use of cryptocurrencies. Notably, in September 2024, the UK government introduced the new Property (Digital Assets etc) Bill to address the complexities surrounding the ownership and control of digital assets (Read our detailed article on this here: Digital assets as property) In 2025, other countries will introduce similar legislation and regulations.

2025 will bring the recent ‘crypto winter’ to an end, compelling governments to adapt swiftly while fostering innovation.

While most private sector companies (outside major financial institutions) will have limited direct involvement in cryptocurrency investment, many of them will need to track these developments for any impact the use of these digital assets has on their business, for example, as a method of payment in retail or wholesale transactions.

[Photo by BoliviaInteligente on Unsplash]