As we step into 2025, the cybersecurity landscape continues to be as complex as ever for security leaders looking to protect their organizations from increasingly injurious cyber threats. The World Economic Forum (WEF) detailed some of the most challenging threats in its Global Cyber Security Outlook 2025, with some critical areas of concern mirroring those in the State of Cyber Security Report 2025. Both reports emphasize the growing sophistication of cyber threats, the integration of emerging technologies to make cyber threats harder to detect and deter, and the outsized influence of global geopolitical factors influencing cyber security threats.

Following are six trends and areas of emphasis that both the WEF and Check Point Research see as critical challenges for cyber security leaders in 2025 and beyond.

Geopolitical Tensions and Cyber Security Strategy
According to WEF research, nearly 60% of organizations report that geopolitical tensions have directly influenced their cyber security planning. The increasing use of AI in cyber warfare, particularly for disinformation campaigns, is creating new challenges. Check Point Research reported that nation-state actors are employing AI tools to amplify fake news, create deepfakes, and manipulate public opinion.

As these technologies become more advanced and widely used, the ability to manipulate media, elections, and public sentiment is growing, making it harder to differentiate between truth and fictitious content State-affiliated hacktivism is also becoming a more serious issue. Cyber attacks are increasingly being used as a tool to further geopolitical agendas, leading our researchers to conclude more sophisticated and sustained cyber conflicts with long-term impacts may soon become the norm.

Supply Chain Vulnerabilities and Ecosystem Risks
Both our report and WEF researchers highlight supply chain vulnerabilities as one of the top cyber security risks for organizations. The increasing complexity and interdependencies of global supply chains, alongside a lack of visibility into the security practices of third-party vendors, has made supply chain attacks a critical hot spot for cybercriminals. Fifty-four percent of large organizations identified supply chain risks as a major barrier to cyber resilience, according to the WEF report.

This is further compounded by a marked shift in ransomware tactics with cyber criminals now stealing sensitive data (data exfiltration) and threatening to release it, further ratcheting up pressure on businesses. The healthcare, financial services, and education sectors will be most impacted by these threat strategies

AI-Driven Threats and Vulnerabilities
AI is transforming the cyber security landscape in both positive and negative ways. While AI offers significant potential for improving security systems, its adoption is also introducing new vulnerabilities that are only just starting to emerge onto the scene. The WEF reports that 66% of organizations expect AI to have the greatest impact on cyber security in 2025, yet only 37% have processes in place to assess the security of AI tools before deployment – a large risk for these organizations.

Generative AI, in particular, is enhancing cyber criminal capabilities, enabling more sophisticated social engineering attacks and an increase in phishing attempts. Our research looks at AI in terms of its use in amplifying cyber warfare, particularly in disinformation campaigns and data manipulation. As AI continues to evolve, it will be critical for cyber security strategies to address both the defensive and offensive capabilities of this technology.

Edge Device Vulnerabilities
Security professionals know that the cloud edge presents an area of unique vulnerability for bad actors. And in 2025 both WEF and Check Point Research note edge devices, including IoT devices and remote work hardware, as an area of increased intrusion and exploit. Our research predicts a rise in zero-day vulnerabilities in edge devices, which can be less secure and harder to monitor than network-connected or cloud-based endpoints.

Rising Compliance Challenges and Regulatory Fragmentation
With the proliferation of cyber regulations worldwide, compliance has become a top concern for cyber leaders – and a major burden. WEF research notes that fragmented regulations across jurisdictions have become a significant challenge, with 76% of Chief Information Security Officers (CISOs) reporting difficulty maintaining compliance.

While regulations are important for improving cyber security posture and building trust, their lack of harmonization creates significant complexity for organizations operating across multiple regions, especially for organizations with a deep security stack. While our research didn’t touch upon compliance as a major challenge in and of itself, we did note that the growing complexity of managing hybrid cloud environments, and the risks of misconfigured cloud settings can expose sensitive data – a huge back door for skilled attackers.

Cyber Skills Gap and Workforce Challenges
A major theme in both reports is the widening cybersecurity skills gap. WEC research found that two-thirds of organizations report moderate-to-critical skills gaps, making it difficult to meet security demands. Additionally, 49% of public-sector organizations indicated a shortage of necessary cybersecurity talent, a figure that has increased by 33% from 2024. This shortage is now being compounded by the rapid adoption of new technologies (including AI) which require specialized skills to properly assess and implement secure systems.

The research acknowledged this critical skills gap – adding another layer to the message that a prevention-first approach to stopping threats from entering the network would go far in alleviating this harrowing situation for the industry. Fewer SOC false positives and fewer threats that bypass an organization’s cyber stack mean fewer security professionals responding to alerts and threats.

Both reports make it clear that cyber security in 2025 is becoming increasingly complex, driven by geopolitical tensions, AI advancements, supply chain vulnerabilities, and a growing threat from cyber criminals. As organizations face more sophisticated and targeted attacks, from ransomware and AI-driven cyber warfare to info stealers and edge device vulnerabilities, a proactive and prevention-first approach is essential.

Investing in emerging technologies, securing the workforce, and staying ahead of regulatory changes will be critical to ensuring resilience in the face of these challenges. By understanding and responding to these key cyber security trends, organizations can better prepare for the risks that lie ahead, safeguarding their operations, data, and reputation from the next wave of cyber threats.

For cybersecurity professionals working within the sector, the pressure doesn’t end there. New data protection laws, such as the three new policies being developed by the UAE Cybersecurity Council on “cloud computing and data security”, “Internet of Things security”, and “cybersecurity operations centres” demand that financial institutions rigorously protect customer data. However, the increasing sophistication of attacks, driven by AI, often outpaces the requirements of such regulations, let alone the time taken for them to come into force.

All this creates significant pressure on financial institutions to establish a best practice that enables them to secure their operations, reduce vulnerabilities and maintain consumer trust.

The Role of Regulations in Cybersecurity
Regulations heavily influence the financial sector’s cybersecurity strategies, often focusing on risk management. However, while threats evolve quickly, regulations tend to lag and take time to develop.

Traditional corporate security teams can no longer prevent breaches as swiftly as attackers compromise systems, and monitoring tools have limited ability to stop a threat. That’s because the time it takes for attackers to compromise and exfiltrate data is now quicker than the time it takes for an organisation to remediate, which is typically 4-6 days.

With the average data breach now costing around $4.45 million, financial institutions need a proactive cybersecurity strategy, not one that is reactive to regulation alone, including investment in advanced technologies to quickly detect and neutralise threats.

Financial institutions should only view regulatory requirements as a foundational baseline, rather than a comprehensive basis for defence. Within the financial sector, more than any other, proactive, threat-based strategies are essential.

AI: Both a Threat and a Solution
AI is reshaping business functions in financial services, enhancing the customer experience and operational efficiency, but it also introduces new security risks. Today, attackers are using AI for reconnaissance, social engineering, malicious code development and more. These tactics accelerate attacks, making them harder to combat with traditional cybersecurity measures.

Even within the security department, it has become a double-edged sword, aiding both cyber criminals and defenders. While many organisations adopt AI to improve operations, the technology also expands attack surfaces, allowing cybercriminals to automate and scale attacks.

By consolidating security products and shifting to a platform approach, AI-driven cybersecurity solutions can be best utilised to help institutions detect and respond to threats in real-time, protect data and be more agile in response to incoming regulation.

Communicating Cybersecurity Needs
To put the right solutions in place, security teams first need trust and investment and that means taking the cyber challenge to the board. C-level leaders in the financial sector often underestimate their cyber-resilience so effective communication from CISOs and CTOs about cybersecurity risks and investment needs is essential.

Maintaining trust is critical for any business that holds sensitive, personal or critical data. Where financial services institutions rely on reputation, any investment in cyber is a good investment. It means a reduction in risk from cyber attacks, which do carry financial implications, in addition to the fact that an effective security posture carries the potential for funds to be released from a business’s cyber insurance policy.

In the digital financial landscape, robust cybersecurity measures safeguard reputation, customer trust, and operational continuity. As digital transformation continues at pace, banks and other financial entities must embed security into every aspect of their operations – turning investments in AI and cybersecurity innovations into competitive advantages.