2024 saw a rise in the scale and intensity of digital risks across every region and domain. With risks stemming from statecraft and geopolitics to financial and ideological motivation, boosted by the proliferation of increasingly advanced technology, the situation in 2025 will intensify for organisations, especially those that are not prepared.
Our digital risks experts from across Control Risks reveal our top 10 risks to consider for digital resilience in the coming year.
1. Cyber interdependency risk
By 2025, 90% of Fortune 500 companies will both provide and consume digital services.1 This growing interdependency between technologies will lead to an increasing number of systemic cyber incidents in 2025. Threat actors across the spectrum will look to replicate high profile outages, like CrowdStrike IT which totalled losses over USD 5bn in collateral damage, for their own gain.
Future incidents will be felt primarily by organisations leveraging widely used technologies for business operations and basing their own commercial technology offerings on these critical technologies. Geopolitical uncertainty will increase the intent of states and their proxies to target critical technologies that had previously been out of scope. Digital resilience programmes, mature third-party risk management and strategic and technical crisis preparation for IT outages should be a priority for businesses in 2025.
2. Geopolitical cyber risk
Driven by geopolitical volatility, 2025 could become the most tumultuous year the digital threat landscape has experienced yet. Powering this uptick is a remarkable growth in the risk appetites of cyber powers as the global order fractures. Put simply, aggressive cyber actors face less and less consequences for their actions, while reaping ever greater tactical and strategic rewards in increasing their digital disruption efforts.
We expect geopolitical competition driven by flashpoints, such as military escalation in Ukraine and a US foreign policy pivot towards the Asia Pacific, to drive nation states in a cyber arms race that will extend to emerging technologies like artificial intelligence (AI). State-linked groups will likely prioritise targeting critical national infrastructure (CNI) through disruptive and destructive attacks, and espionage operations.
Leading cyber powers like China, the EU and the US will likely continue to shape operational and regulatory developments in cyberspace. Geopolitical swing states like Brazil, India, Saudi Arabia, South Africa and Turkiye will likely gain more prominence as they determine which alliances or internet governance models align with their national interests.
3. Hybrid warfare
Hybrid warfare intensified in terms of scale and scope during 2024. Cyber attacks are now an inextricable part of modern statecraft. Nation states blur the boundaries between digital warfare, grey zone media manipulation and disinformation, and deniable sabotage activities whilst leveraging cyber proxies to maintain plausible deniability. This targeting will almost certainly continue in future conflicts, and we expect a heightened threat to organisations, especially those in critical infrastructure and Ukraine or NATO member-states into 2025.
A “digital battlefield” has emerged out of conflicts, from low-level distributed denial of service (DDoS) and web defacement attacks by cyber activist groups to high-level ransomware and false flag operations by state-linked and cybercriminal groups.2 State-linked groups have also continued to use ransomware and other financially motivated cyber activity to fund national priority initiatives. Disruptive and increasingly sophisticated cyber attacks are perceived as attractive options for state-linked actors as their risk tolerance for these campaigns lowers. Physical and digital threats will likely increasingly converge and be reflected in kinetic operations, such as physical sabotage against infrastructure.
4. Cybercrime
Throughout 2025, ransomware, data leak extortion and fraud campaigns will continue to increase as threat actors develop new strains of malware and new groups form.
In 2024, ransomware and data leak extortion threats continued to grow with targets including schools, hospitals and governments causing approximately USD 40bn worth of damages to organisations in the US alone. In 2025, it is predicted that there will be 200 zettabytes worth of data stored on private and public IT infrastructures, utility infrastructure, private and public cloud data centres, personal devices and on internet of things (IoT) devices 3.
Threat actors will almost certainly continue to target data that can be used for later attacks or sold. Sensitive data will be a priority, stolen to leverage double extortion attacks for ransom and use for follow-up attacks or sales on deep and dark web venues. Cyber-enabled fraud will remain a popular method for threat actors, tricking victims into disclosing account credentials or personally identifiable information.
5. Criminality and cryptocurrency
Global cybercriminal activities are expected to grow by 15% annually, costing approximately USD 10.5 trillion in damages globally 4. Cryptocurrency will remain an increasingly key tool for criminals in money laundering and phishing emails or offers of free tokens will be used to trick victims directly into providing their private keys or connecting to crypto wallets. Decentralised finance (DeFi) platforms then enable seamless asset swapping, making illicit fund flows harder to trace.
As the use of cryptocurrency becomes more normalised, the risks associated with cyber-enabled money laundering will increase. Using cryptocurrencies also lowers barriers to allow users to conduct interactions with other users in high-risk locations, such as China, Russia, Iran and North Korea, increasing the global reach of cybercriminal networks.
6. Activism
Cyber activist groups have become more sophisticated and co-ordinated as we enter 2025, and these attacks will continue to evolve.
As geopolitical crises persist, like the Russia-Ukraine and Israel-Hamas conflicts, cyber activist groups are expected to continue their retaliatory DDoS attacks, hack-and-leak operations and web defacements.5 The attacks throughout 2024 suggest a sustained targeting rate into 2025 and state-sponsored activists are increasingly using advanced technologies, including bot-infected devices and messaging platforms like Telegram, for command-and-control operations.
7. Disinformation
Geopolitical tensions, political polarisation, AI development and economic uncertainty will increase the intensity of disinformation campaigns in 2025. High-profile state-sponsored campaigns seeking to discredit and disrupt rivals are the new normal, whilst social media platforms allow for expanded reach to younger audiences.
State-linked disinformation campaigns will target government and private sector organisations’ and individuals’ reputations that counter their interests. Campaigns will likely continue to cast doubts over and lower confidence in election processes and voting results. The growing use and development of AI tools will lead to larger-scale distribution of compelling inauthentic news articles and deepfake imagery and videos that will be harder to detect.
Beyond geopolitically motivated disinformation, there is growing disinformation-as-a-service (DaaS) offerings targeting commercial competitors by marketing and PR agencies while buyers maintain plausible deniability. Generative AI is lowering the barrier to entry for DaaS providers and the number of DaaS contractors will continue to grow.
8. Generative AI and Deepfakes
In 2025, organisations are likely to face a growing volume of attacks as low-capability threat actors expand the complexity of attacks, and AI systems themselves provide new attack surfaces to target. Threat actors are already utilising GenAI to elevate their capabilities, often using off-the-shelf large language models (LLMs) such as GPT-4 to more efficiently conduct research and reconnaissance.
Threat actors will increasingly focus on integrity-type attacks on AI tools that organisations are integrating, both home-grown and third-party systems, into their operations. Data poisoning techniques intended to degrade the integrity and efficacy of compromised AI systems used by governments and organisations will be employed by nation-state actors.
The rapid advancement of deepfake technology for use in social engineering has also already proven to be effective and will likely proliferate in 2025 alongside phishing attacks tailored to the recipient.
9. Third-party threat and integrity risk
Organisations are highly likely to face growing supply chain risks, as reliance on third parties for data hosting and management increases. This convergence has made third parties prime targets for a range of threat actors to impact many organisations by targeting just one. Third-party incidents often mirror the impacts of direct attacks, including reputational, financial, and operational damage. Organisations must ensure their data is equally secure on third-party systems as it is on their own.
The divergence of technology systems will almost certainly continue in 2025 as more organisations look to streamline their processes and cut costs by using solutions that rely on third-party organisations. However, with that comes greater reliance on fewer organisations, with points of failure having cascading impacts. There have been multiple recent examples of this from the MOVEit 2023 incident and CrowdStrike in 2024. Organisations must prioritise robust due diligence and monitor third-party security to mitigate these growing threats.
10. Tightening regulations (NIS2 and DORA)
In 2025 global regulatory landscapes are tightening, with increasing emphasis on digital sovereignty and resilience. Frameworks such as the EU’s NIS2 Directive and DORA Regulation, as well as data localisation laws in countries like China and India, underscore a growing trend toward stricter oversight of digital risks and control over critical data. These measures reflect governments’ drive to protect national interests by regulating how and where data is stored, processed, and transferred.
This regulatory shift significantly impacts international business, and organisations must navigate fragmented compliance requirements while balancing operational efficiency and global reach. Digital sovereignty laws compel businesses to adopt localised infrastructure, such as sovereign cloud solutions, and prioritise robust supply chain security.
Doing business in this evolving landscape requires proactive investment in compliance strategies, cross-border data management, and operational adaptability to mitigate risks of non-compliance, ensure continuity, and maintain competitiveness in a fractured regulatory environment.
Cyber activists with declared allegiance to states or non-state actors will continue targeting organisations and governments in line with their allegiances, including those operating in states perceived as adversaries.
References
1 https://www.equinix.co.uk/gxi-report/digital-economy-predictions
2 https://flashpoint.io/blog/four-phases-cyber-warfare/
3 https://edgedelta.com/company/blog/data-storage-statistics
4 https://cybersecurityventures.com/cybercrime-to-cost-the-world-9-trillion-annually-in-2024/
5 Global Revival of Hacktivism Requires Increased Vigilance from Defenders | Google Cloud Blog