Defending Tomorrow: What 2024 Tells Us About Cybersecurity in 2025
As the end of 2024 draws near, IT professionals are wondering what the cybersecurity landscape will look like in 2025. One thing’s for sure: They will certainly face familiar challenges and some surprises in the coming year. Exploring the forward-looking data in our Kaseya Security Survey Report 2024 can offer insights into what might be in store for IT professionals and businesses in 2025.
IT professionals are ready for phishing and ransomware
IT professionals are confident in their ability to defend against phishing and ransomware but remain alert to the risks. Over half of our survey respondents said that they believe their organization could face a ransomware attack, and 68% expect a phishing attack in the next year. This highlights the importance of staying vigilant and proactive, despite confidence in current security measures.
What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months?
| Likelihood of falling victim to a phishing attack | Response |
| Extremely likely | 8% |
| Very likely | 17% |
| Somewhat likely | 43% |
| Not very likely | 27% |
| Not at all likely | 5% |
What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?
| Likelihood of falling victim to a ransomware attack | Response |
| Extremely likely | 3% |
| Very likely | 12% |
| Somewhat likely | 36% |
| Not very likely | 41% |
| Not at all likely | 9% |
Organizations are shifting their investment focus toward proactive cybersecurity strategies. Our survey respondents indicated that their organizations are planning on making investments in advanced solutions like automated penetration testing (27%) and vulnerability assessments (26%). This pattern may reflect the industry’s shift toward a higher security maturity with a growing focus on proactive measures and defense against evolving threats.
Which of the following cybersecurity investments do you anticipate making in the next 12 months?
| Investment | 2024 | 2023 |
| Cloud security | 33% | 28% |
| Automated pen testing | 27% | 18% |
| Network security | 26% | 20% |
| Security awareness training | 26% | 17% |
| Vulnerability assessment | 26% | 13% |
| Email/collaboration tool security | 24% | 23% |
| Endpoint detection and response (EDR) | 21% | 26% |
| Dark web monitoring | 20% | 23% |
| Cyber insurance | 17% | 27% |
| Secure remote access (SASE) | 17% | 15% |
| Managed SOC/MDR | 15% | 19% |
Cyber insurance investment plans
The majority of businesses have accepted that they are likely to become involved in cyber trouble at some point. More companies have cyber insurance than we’ve ever recorded. Over half (61%) of our survey respondents indicated that their organization has already purchased cyber insurance, compared to 27% in 2023.
However, as more organizations already have cyber insurance, the number of companies still planning to invest in it has decreased. Just 41% of our survey respondents said that their organizations are planning to invest in cyber insurance in the next 12 months.
How likely is your organization to invest in cyber insurance in the next 12 months?
| Response | 2024 | 2023 |
| We already have cyber insurance | 62% | 27% |
| Extremely Likely | 5% | 17% |
| Very likely | 16% | 25% |
| Somewhat likely | 20% | 20% |
| Not likely | 30% | 7% |
| I don’t know | 29% | 5% |
Figure 26
Threat vectors of paramount concern
As businesses continue to shift toward more sophisticated security, the attack vector that concerns IT professionals the most is the one they have the hardest time controlling: user behavior. Concern over human error surged this year, up to 36% from just 16% in 2023. Email took the second spot, dropping slightly to 22%. Concerns about endpoint threats, including servers and laptops, have plummeted, with server concerns dropping from 12% to 4% and laptop concerns dropping from 11% to 6%.
Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?
| Attack Vector | 2024 | 2023 |
| Human error (social engineering, distraction) | 36% | 16% |
| 22% | 25% | |
| Endpoint (server) | 4% | 12% |
| Endpoint (laptop) | 6% | 11% |
| Cloud | 13% | 10% |
| Network | 4% | 8% |
| Insider threats | 4% | 6% |
| Supply chain | 2% | 5% |
| Unpatched systems (zero day attacks) | 7% | 5% |
Figure 27
Top security management challenges
The top security management challenge for IT professionals in the next 12 months is also human error (19%). Other challenges that IT professionals expect to see include budget constraints (16%) and a lack of IT/security skills (14%). More technical threats like insider risk, zero-day attacks and supply chain risk are less of a focus. This suggests a shift toward addressing human factors and resource limitations in cybersecurity.
What do you anticipate will be your top security management challenge in the next 12 months?
| Concern | Response |
| Human error | 19% |
| Budget | 16% |
| IT and security skills | 14% |
| Building a security culture | 13% |
| Don’t know | 11% |
| Governance (framework) | 9% |
| Security awareness training | 6% |
| Staffing | 4% |
| Insider risk | 3% |
| Zero day attacks | 3% |
| Supply chain risk | 2% |
Figure 28
IT professionals have money to spend
Even with tighter budgets, survey respondents are optimistic about their organizations continuing to invest in cybersecurity. More than 80% believe their IT security budget will stay the same or even increase over the next year. For those expecting a boost, the most common increase is up to 25%. This ongoing commitment to cybersecurity, even in tough times, shows that businesses understand just how crucial strong security is for their long-term success.
How much do you expect the budget for IT security to decrease in the next 12 months?
| % Decrease | |
| Less than 5% | 13% |
| 5% to 10% | 34% |
| 11% to 25% | 34% |
| 26% to 50% | 13% |
| 51% or more | 7% |
How much do you expect the budget for IT security to increase in the next 12 months?
| % Increase | |
| Less than 5% | 11% |
| 5% to 10% | 32% |
| 11% to 25% | 31% |
| 26% to 50% | 10% |
| 51% or more | 16% |
Do you expect your company’s IT security budget to increase, stay the same or decrease in the next 12 months?
| Answer | Responses |
| Increase | 40% |
| Stay the Same | 47% |
| Decrease | 2% |
| I don’t know | 11% |
With cybersecurity always evolving, defenders are constantly adopting new technologies and advanced strategies. However, it’s also important to remember that cybercriminals are equally relentless in their innovation. Reviewing the state of cybersecurity at the end of 2024 can provide valuable insights to help IT professionals refine their strategies for 2025.
Our solutions give IT professionals the tools they need for security success in 2025
Our innovative solutions feature time–saving automations and smart innovations that enable defenders to build a strong foundation for robust security.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus: This automated anti-phishing solution uses AI and a patented algorithm to catch and quarantine dangerous messages. It learns from every organization’s unique communication patterns to continuously tailor protection without human intervention. Best of all, it deploys in minutes to defend businesses from phishing and email-based cyberattacks, including zero day, AI-created and novel threats.