Security Trends: What experts expect for 2025

Ransomware is still on the rise: 2024 was already a record year for blackmailers, 2025 is unlikely to get any better. How do security experts assess the current threat situation on the Internet? We reviewed current reports and compiled the results.

IT security is constantly changing, driven by the rapid development of digital technologies and increasing networking. This is why the threat landscape has changed constantly in recent years. Cybercriminals are using increasingly sophisticated methods to find and exploit vulnerabilities, while companies and other organizations must constantly adapt their defense strategies.

Against this background, trends in IT security are gaining in importance, which not only address current challenges, but also offer forward-looking approaches to the protection of sensitive data and systems. How do IT security manufacturers and security experts assess the current and future situation for 2025? What cyber threats have been particularly noticeable in recent months? And what could the coming year bring?

Ransomware still on the rise

IT security providers report a further increase in ransomware attacks across the board. Swiss security provider Acronis, for example, recorded an increase in ransomware detections of around 32 percent between the fourth quarter of 2023 and the first quarter of 2024. The company therefore continues to see ransomware as a "major threat to small and medium-sized enterprises (SMEs), especially in critical industries such as government and healthcare".

American telecommunications provider Verizon also reports in its "2024 Data Breach Investigations Report" on the increasing risk of ransomware attacks. Ransomware or another form of blackmail is now involved in about a third of all successful attacks on companies. Around 92 percent of all industries are at risk or have already been victims of ransomware attacks.

A ransom payment of around $75 million was made to the ransomware group Dark Angels for the first time in 2024. This amount is almost twice as high as the highest known ransomware ransom payment to date. Security experts therefore assume that the success of the group will encourage imitators to use similar tactics. Businesses should prioritize protection against increasingly costly ransomware attacks.

On average, according to Verizon, the blackmailers demand a ransom from attacked companies, which corresponds to around 1.34 percent of their annual turnover. In 80 percent of the cases examined, the ransom ranges between 0.13 and 8.30 percent of annual sales. The average ransom demand is $46,000. Verizon based its report on FBI investigations.

Major targets of ransomware in Germany

After the number of global ransomware attacks declined for the first time in five years in 2022, the security provider Advens recorded an increase in blackmail attacks of twelve percent in 2023 compared to the previous year. In a global comparison, companies in Germany were the fourth most attacked using ransomware, the provider writes in its Threat Status Report, which is also published annually.

In Germany, mechanical engineering companies were most often the target of attacks, followed by the construction industry, the automotive industry and electronics manufacturing. On average, it took three to four weeks for a company attacked by ransomware to be able to work normally again. Advens also investigated how cybercriminals develop their toolkits. In 2019, it took an average of two months for new ransomware to be coded. By 2023, this period had fallen to just four days.

The simplest methods of attack are also the most common. Advens mentions phishing, compromising third-party services, exploitation existing vulnerabilities and DDoS attacks. They observed that many attackers act opportunistically and focus on severe risk vulnerabilities.

Unfair tricks increase pressure

Verizon also investigated how the gangs continue to refine their attacks. Cybercriminals are increasingly using stolen data as a means to increase the pressure on unwilling victims. For example, they threaten to inform the customers of successfully attacked companies about a data leak if they do not want to pay the required ransom at first. 

Other means of pressure include disclosing contact details or publishing information about family members of company directors or business owners. The threat to report information about possible illegal business activities that the criminals discovered in the stolen data also sometimes plays a role.

Even extraordinary measures are not beneath the perpetrators. In a case reported in 2024, attackers allegedly defaced the photo of a business owner with devil’s horns and published it on the Internet with his social security number. Sometimes blackmailers also slander their victims as “irresponsible and negligent” or ask them to sue their employer for alleged negligence. Others try to manipulate the media for their own purposes. This increases pressure on the victims. 

Strong increase in general cyber attacks

But it is not only ransomware attacks on companies that continue to increase. On the whole, the number of cyber attacks has also increased again recently. That is why, for the first time, the topic of cybersecurity ranks eighth among the greatest threats to humanity in the next ten years in the Global Risks Report of the World Economic Forum (WEF). In terms of the next two years, IT risks are even in fourth place. 39 percent of all participants in a survey conducted by the WEF rate cyber attacks as one of the biggest risks.

In view of the worldwide increase in cyber attacks (especially ransomware incidents) and the expected effects of artificial intelligence (AI) on the threat landscape, the development of a robust cybersecurity framework is recommended. Companies should effectively address the constantly changing threat landscape by giving top priority to IT security and developing tailor-made strategies. This is the only way to better protect them against the seemingly unstoppable flood of cyber threats. It is time to act before the next wave of attacks rolls in.

Companies can meet these increased security requirements with the latest network technologies. SASE, Zero Trust, SD-WAN and SSE play a decisive role in advanced IT security concepts. We explain how these network technologies work together with NCP’s solutions to improve your IT security – find out more now: Advanced security concepts for your IT infrastructure