New Forrester Report Highlights Top Cybersecurity Threats of 2025

As geopolitical tensions rise and regulatory landscapes shift, businesses face mounting challenges—from the rapid evolution of generative AI (GenAI) to increasingly sophisticated cybercriminal tactics like deepfakes.

Based on data and trends from the changing dynamics in the threat landscape, a new report from Forrester, “The Top Cybersecurity Threats in 2025,” sheds light on the top five threats that will affect organisations more than any other, and what CISOs will need to do to prepare and protect their organisations:

• Global regulatory disruptions. 24% of enterprise risk management leaders cited regulatory changes as a top risk in Forrester’s 2024 Business Risk Survey. Global regulatory disruptions are creating a chaotic compliance environment, requiring organisations to focus on what is currently enforceable, such as the EU AI Act, the Digital Operations Resilience Act (DORA), and the upcoming CMMC 2.0 requirements. With so much regulatory change, organisations must focus on compliance change management and prioritise requirements that are being enforced now.
• Deepfake technology becomes a serious threat. The accessibility of tools and algorithms for creating high-quality deepfakes undermines authentication, trust and brand reputation. Mitigating deepfakes requires an investment in end-user education and the implementation of strong authentication methods. Forrester anticipates biometrics vendors will allocate 20–30% of R&D budgets to enhance deepfake detection by 2025.
• Tech exuberance over GenAI. Ungoverned AI deployments without appropriate security assessments and approvals can introduce new vulnerabilities. Organisations must implement a comprehensive AI security strategy that includes discovery, policy enforcement, and detection and response capabilities for real-time detection.
• Insider risks rise with economic pressures. A new economic reality has emerged in 2025 with a flurry of activity that saw continued job cuts globally. Post-layoff dissatisfaction increases the risk of insider threats as financially stressed employees may turn malicious, leading to data breaches and other security incidents. A robust insider risk management program combined with initiatives to foster a positive work culture is critical for minimising these threats.
• GenAI-driven extortion replaces traditional ransomware. Forrester warns of an emerging trend where data breaches involve sophisticated extortion schemes using generative AI for advanced sentiment analysis. Businesses must adopt a holistic Zero Trust approach and consider investing in phishing-resistant multifactor authentication and passkeys, data loss prevention tools, and ongoing employee training to counteract these threats.

“AI has a lot of potential, but we cannot ignore the significant risks it also poses,” said Allie Mellen, principal analyst at Forrester. “Our findings highlight the most daunting threats we see security teams facing this year and the ways to best protect against them, using strong authentication measures, a holistic AI and ML security framework, and a comprehensive risk management strategy.”