As the business world continues to digitize, cybercrime is evolving just as quickly. Threat actors are on constant lookout for more disruptive and damaging cyber attacks, with the past 12 months seeing them turn to advancing technologies like AI. At the same time, heightened scrutiny on data privacy means businesses have to be extremely wary of data theft, as predicted in our top corporate cyber trends for 2024.
So, what’s next? Now 2025 is here, we asked our experts for their top two cyber trends.
-
Phishing attacks a major gateway to breaches
Social engineering tactics such as phishing are leveling up, with threat actors now harnessing AI to craft convincing emails, messages—and even videos and voice impersonations. Technology can be used to more accurately convey localized languages and accents, making fraud harder to detect and perhaps tricking more employees into revealing information or clicking on a malicious link.
Expect threats actors to continue targeting the human factor of cyber defenses by scaling up phishing efforts. Backed by tech advancements, threat actors are more able to identify the most vulnerable and unleash attacks. Also remember that phishing is just the first step of the attack. It can lead to a variety of nefarious outcomes, from theft of funds—our top cyber claim by frequency—to data breaches and deploying malware.
While phishing isn’t going away any time soon, investing in the right areas can vastly improve your ability to avoid attacks. An email security solution is vital for identifying and blocking suspicious messages before they reach employees, while multifactor authentication (MFA) adds an extra layer of security to critical accounts, reducing the impact of stolen credentials. Lastly, training exercises such as phishing simulation tools can improve staff awareness, minimizing the risk.
-
Ransomware still a threat to business survival
Last year, ransomware accounted for more than 70% of CFC cyber claims costs, despite being associated with less than one in five cyber claims. In other words, ransomware is extremely damaging to finances, involving large payments to threat actors, significant costs in recovering systems and data, as well as disruption to business operations.
Expect ransomware attacks to become even more disruptive in 2025, as threat actors focus on destabilizing critical infrastructure and demanding significant ransoms. Adding to the pressure, threat actors are likely to double down on double extortion, an attack method that involves exfiltrating data on top of encrypting it, giving them extra leverage to pressure victims into paying the ransom.
With stakes this high, businesses can’t afford to take chances. Explore preventative measures like endpoint protection and response solutions for monitoring suspicious activity, as well as sorting a data back-up strategy and a tried and tested incident response plan. And with a high proportion of ransomware attacks starting with some kind of human error, employee training in identifying unauthorized access methods like fake software updates can make a world of difference.
2025: Cyber insurance to be more important than ever
In 2025, cyber threats are set to be more challenging than ever, with threat actors adopting advanced technologies to transform attacks and outpace traditional defense methods. To stay secure, strong cyber security is a must—with cyber insurance a vital piece of the puzzle.
More than providing coverage for top cyber threats like ransomware and phishing, CFC cyber policies also come with proactive cyber security services to help prevent incidents from ever happening. And if the worst does occur, our in-house claims and incident response team—the largest in market—is on hand to help minimize impact and get your business back on its feet.
Learn how you can safeguard clients from cyber attacks with CFC’s proactive cyber services in this on-demand webinar.
