ICAEW.com works better with JavaScript enabled.

Cyber security: outlook for 2025

Author: ICAEW Insights

Published: 30 Jan 2025

Contents
Cyber resilience is a key concern for governments, with many exploring ways to address the cyber threat and promote national resilience. What is the outlook for 2025?

Artificial Intelligence

The use of generative AI (GenAI) is likely to continue to grow. More employees are experimenting with different GenAI tools, opening organisations up to data leakage and confidentiality risks. Also, employees may use such tools without the organisation’s knowledge and approval, a phenomenon sometimes referred to as ‘shadow AI’. 

This will make it even more difficult for information security teams to identify where GenAI is being used, and to enforce and monitor policies regarding its use. The challenge is compounded by the fact that many businesses, especially SMEs, are yet to define policies for the use of AI. IBM’s Cyber security trends predictions highlights shadow AI as a key risk this year and recommends that businesses use clear governance policies, comprehensive workforce training and diligent detection and response to address this challenge.

The National Cyber Security Centre (NCSC) also identified the near term AI threat in its Annual Review 2024 report, noting the potential for AI to create more advanced cyber attacks. The trend of generative AI-assisted social engineering attacks is set to continue, with deepfake audio/visual content making it harder to identify these attacks. AI more broadly will also make it easier and quicker for attackers to identify and exploit vulnerable unpatched devices. 

There is currently a lot of excitement about the use of AI agents, and their ability to automate tasks and improve efficiency. According to Check Point's AI predictions for 2025, there is likely to be a rise in the use of multi-agent AI systems in cyber security this year. AI agents can interact with their environments to gather data, autonomously make decisions, execute tasks and communicate with other agents, providing opportunities for both attackers and cyber security professionals. Who makes the best use of these opportunities remains to be seen.

Ransomware

According to the NCSC Annual Review 2024, ransomware “remains one of the most pervasive cyber threats to UK organisations”. The NCSC’s reference to ransomware includes encryption of both systems and data, as well as cases where data is not encrypted but there are threats to publish sensitive data. This second scenario is becoming increasingly more common.

The ransomware threat is only expected to grow, with the UK government focusing on limiting the payment of ransoms, which can be used to fund criminal activities and which is seen to encourage the proliferation of ransomware attacks. 

Earlier this month the UK Home Office published a consultation on legislative proposals on ransomware. The consultation identifies ransomware as the biggest serious and organised cybercrime threat, the largest cyber security threat, and a risk to the UK’s national security. 

There are three proposals regarding introducing a targeted ban on ransomware payments for critical national infrastructure (CNI) and the public sector, a ransomware payment prevention regime and an incident reporting regime.

The targeted ban would expand the current scope beyond central government to include all public sector organisations, CNI owners and organisations operating in sectors subject to regulation authorities, including finance and energy. This would include many organisations in which ICAEW members work. The consultation is also exploring the possibility of including public sector suppliers in the scope of the ban, again affecting ICAEW members that offer goods, consultancy and other services to the public sector.

The ransomware payment prevention regime would require any victim of ransomware, whether an organisation or an individual, that is not subject to the ban, to engage with the authorities and report their intention to make a payment before they do so. The incident reporting regime would involve a mandatory reporting requirement for suspected victims of ransomware, with an initial report to be provided within 72 hours of the incident, and a more detailed full report within 28 days of the incident.

The consultation seeks views on the scope and structure of the legislation, including whether to implement thresholds for reporting, and how to enforce the requirements. There are many questions to consider including the practicality of businesses implementing the requirements. ICAEW’s Tech Faculty will be preparing a response and if you have views that you would like to be considered, please email them to techfac@icaew.com

EU’s Digital Operational Resilience Act (DORA) takes effect

Businesses in the financial services industry are crucial to the functioning of the economy, and they are increasingly digitising and becoming reliant on technology. Should such businesses experience a cyber-attack and be unable to recover, the impact could be catastrophic.

On 17 January, the EU DORA legislation came into force, with the aim of promoting the financial sector’s resilience to incidents related to information and communication technology (ICT), including cyber incidents. It applies to financial institutions such as banks, insurance providers and investment firms, and third-party suppliers such as cloud providers and consultants who provide critical ICT services to these businesses. 

ICAEW member organisations may be impacted by the regulation, due to either being critical third-party service providers or working in the financial services sector. Relevant organisations must have in place the right measures to respond to incidents and continue to deliver critical services, with a focus on five key pillars related to risk management, incident reporting, operational resilience testing, third-party risk management, and information sharing. 

These pillars are linked to governance, and cyber security governance is becoming increasingly important, as evidenced by the UK government’s consultation on introducing a Cyber Governance Code of Practice. We expect to see a continued policy focus on cyber governance and resilience throughout 2025, with a UK Cyber Security and Resilience bill expected to be introduced to UK Parliament in 2025.

While specific technologies and policy initiatives have been highlighted above, the most important thing for cyber security remains getting the basics right. The National Cyber Security Centre's 10 Steps to Cyber Security provides a useful overview of the key activities to focus on, including identity and access management, asset management, supply chain security and incident management.

Want to learn more about cyber security?

Visit the ICAEW cyber security webpages.

Got an interesting cyber story for us? Email techfac@icaew.com

Latest technology insights

Cyber security: outlook for 2025
  • 30 Jan 2025
Cyber resilience is a key concern for governments, with many exploring ways to address the cyber threat and promote national resilience. What is the outlook for 2025?
Technical round-up: January 2025
  • 30 Jan 2025
This month’s top stories feature Parliament accusing HMRC of damaging trust in the tax system; a warning to not respond to a fraudulent agent services text message; and more from the How to fix VAT campaign.
New ICAEW Code of Ethics explained: role and mindset
  • 30 Jan 2025
ICAEW is required to incorporate revisions to its Code of Ethics introduced by the International Ethics Standards Board for Accountants. This article summarises revisions concerning the role and mindset expected of professional accountants.
The headhunter’s view: AI means it’s time to get personal
  • 29 Jan 2025
AI is coming for parts of your job, but if you can’t beat them, join them, says Mark Freebairn.
  1. Testing MTD for income tax: an accountant’s perspective
  2. Chart of the week: Pensioners on the rise
  3. Influencing policy to support you: January 2025
  4. Cyber security: outlook for 2025
  5. Technical round-up: January 2025
  1. 31 January deadline for public sector pension scheme members
  2. Tax news in brief 29 January 2025
  3. Government amends rules for employee ownership trusts
  4. Government commissions new loan charge review
  5. ICAEW’s view on plans to charge IHT on pensions

Recommended content

Resources
Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.
Technology

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Read more
ICAEW support
A person holding a tablet device displaying various graphs
Training and events

Browse upcoming and on-demand ICAEW events and webinars focused on making the most of the latest technologies.

Events and webinars CPD courses and more
Resources
Artificial intelligence
Artificial intelligence

Discover more about the impact of artificial intelligence and the opportunities it presents for the accountancy profession. Access articles, reports and webinars from ICAEW and resources from tech experts.

Browse resources
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.
Login

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields
Next step

Add this page to your CPD activity

Step 2 of 3
Mandatory field
Back Next step

Add activity to my record

Step 3 of 3
Mandatory field
Back Add activity to my record

Activity added

Go to my CPD record

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250
Add activity to my record