5 must-read cybersecurity stories of 2025

It has been a year of paradoxes for the cybersecurity community. While artificial intelligence has handed defenders powerful new tools to predict and neutralize threats, it has simultaneously fuelled a 1,200% rise in phishing attacks and lowered the barrier to entry for cybercriminals.

2025 will be remembered as the year the "cyber resilience" conversation shifted from theory to practice. As the Global Cybersecurity Outlook 2025 revealed in January, we are navigating an era of "unprecedented complexity", where geopolitical tensions and supply chain dependencies have created an opaque risk landscape. The focus has moved beyond mere defence to systemic resilience.

From defending the final frontier to 'fighting AI fire with fire', here are the must-read stories that defined cybersecurity in 2025.

The intersection of AI and cybersecurity was a hot topic at the Forum's Annual Meetings of the Global Future Councils and Cybersecurity in Dubai in October.

Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE, declared that "AI is a new oil" for many sectors – a transformative force that is reshaping both attack and defence.

The most visible impact has been on the front lines of social engineering. In a stark finding this year, we reported that phishing attacks have surged by 1,200%, driven largely by generative AI’s ability to craft hyper-realistic, personalized lures at scale.

Generative AI is also being used in identity theft and zero-day exploits targeting unknown security flaws, finds the Forum's Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards report.

Interpol's Director for Cybercrime, Neal Jetton, told the Forum AI has enabled cybercriminals to target businesses every 39 seconds, with a daily economic loss totalling $18 million.

But the narrative isn't entirely bleak. As this article on artificial general intelligence found, AI is also the primary solution. AGI can be a force multiplier, shifting cybersecurity "from reactive firefighting to proactive resilience". Or fighting fire with fire.

With 100% security proven impossible, 2025 saw organizations pivot aggressively toward resilience – the ability to withstand, recover from, and adapt to attacks.

In April, the Forum, in collaboration with the University of Oxford, published the Cyber Resilience Compass: Journeys Towards Resilience. This landmark white paper moved the industry past vague advice, offering a structured framework based on the real-world practices of leading organizations. It identified seven core 'compass points' of resilience, ranging from Leadership and Culture to Ecosystem Engagement.

The report’s most critical insight is that resilience is not a technical specification but an organizational culture. It highlights that while technology is ubiquitous, the "people" dimension – building a culture where every employee is a defender – remains an under-leveraged asset in the security portfolio.

2025 was also the year the conversation on cybersecurity in space took flight. As the global space economy races towards a projected $1.8 trillion value by 2035, the cyber risks in orbit have become a critical terrestrial concern.

Our May feature, Securing space tech: Why we need to address cyber risks in orbit, exposed the unique vulnerabilities of satellite infrastructure. Unlike a server on Earth, a compromised satellite cannot be easily physically accessed or patched. Many satellites currently in orbit rely on legacy technology with hard-coded credentials, making them sitting ducks for modern hackers.

The urgency of this issue was underscored by the breach of Poland’s space agency, POLSA, earlier this year, which forced a network disconnect to contain the intrusion.

As we grow more dependent on space for everything from agriculture to navigation, securing this "fragmented landscape" of legacy tech and new private operators has become a top priority for global defence.

Despite the dominance of AI headlines, the talent gap remains the industry's Achilles heel. The global shortage of cybersecurity professionals has persisted, but the conversation in 2025 shifted focus from "filling seats" to "diversifying skills".

Only 14% of organizations have the right cyber talent, while the skills gap has grown by 8% since 2024, according to the Global Cybersecurity Outlook 2025.

In May, the Forum’s white paper Growing Cyber Talent Through Public–Private Partnerships developed a model for partnerships among governments, firms and international organizations to address talent gaps.

In this October analysis, five experts argued that security must be embedded across the entire workforce, with an emphasis on diversity because "narrow perspectives produce brittle defences".

It was a message taken up by Confidence Staveley, Founder and Executive Director of CyberSafe Foundation, who spoke to the Forum about the need to train women cybersecurity professionals and how to provide cyber support to small businesses.

By creating clearer pathways for underrepresented groups, including women, the industry can build resilience and correct its systemic imbalances.

The release of the Global Cybersecurity Outlook 2025 in January set the tone for the year, warning of a "widening cyber inequity" between cyber-resilient organizations and those left behind.

Small organizations are struggling to keep pace, the report said.

It found that 71% of cyber leaders believe small organizations have already reached a "critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks".

But as the UK learned this year, from costly attacks on both Jaguar Land Rover and the retail chain Marks & Spencer, large organizations should remain vigilant.

As we look toward 2026, the mandate for leaders is to view cybersecurity not as an IT cost, but as a strategic enabler. In a world of AI threats and orbital risks, cyber resilience is no longer just about protecting data; it is about protecting our way of life.

To learn more about the Forum's work and keep up to date with the latest trends, challenges and how the public and private sectors are tackling them, visit the Centre for Cybersecurity's page.