As experts extrapolate past data into predictions, remember: bold forecasts often sound certain, but hindsight proves which crystal balls were cloudy.

Based on its access to the select opinions of industry cyber experts and other sources of cyber insights, a global research and advisory firm is warning that 2025 could see a surge in high-quality deepfakes, complex regulatory changes, and new forms of AI-powered extortion.

Among the anticipated challenges now being shortlisted in Q2 2025 are: Organizations may struggle to keep up with shifting compliance requirements; while the rise of generative AI (GenAI) could both empower attackers and introduce new vulnerabilities.

Five predicted key threats for the year now include:

  • Global regulatory disruptions: Ongoing changes in global regulations are making compliance increasingly complex, requiring organizations to focus on what is currently enforceable.
  • High-quality deepfakes: Advances in AI tools are making deepfakes a rising threat to authentication, trust, and brand reputation.
  • Tech exuberance over GenAI: Rapid, ungoverned adoption of generative AI could introduce new vulnerabilities, highlighting the need for comprehensive AI security strategies.
  • Insider risks may rise with economic pressures: Layoffs and economic stress may increase the risk of insider threats as some employees become disgruntled or financially pressured.
  • GenAI-driven extortion: Cybercriminals are expected to move beyond traditional ransomware, using generative AI for more sophisticated extortion schemes.

The five predictions come from research and advisory firm Forrester.

It is important to note that these forecasts are based largely on data and trends from 2024, and reflect informed speculation and not certainty.

Other predictive reports based on 2024 data have mentioned the emerging risk of quantum computing breaking current cryptographic defenses as a critical factor for the year. Similarly, predictions about reverse identity theft; satellite connectivity as a new attack surface; Windows 10 obsolescence consequences (in late 2025); long-cons; CISO burnout; emerging targeted attacks on multi-cloud infrastructures; and the consequences of deflated AI hype.