How Are Businesses Preparing for Cyber Risk in 2025?
As 2024 draws to a close, businesses can expect to face new and evolving challenges in 2025 and beyond. With advanced threats like AI-driven cyberattacks and increasingly sophisticated ransomware on the rise, organizations across industries face heightened risks. Additionally, regulatory frameworks are tightening, pushing businesses to adopt more robust security practices and demonstrate compliance. The rapid growth of connected devices and cloud infrastructure continues to expand the potential attack surface, making traditional defenses less effective. We asked our survey respondents about their future risks, the investments they plan on making and the top cybersecurity challenges they expect to encounter in 2025.
See the cybersecurity challenges that IT professionals faced in 2024, including the rise of AI and what’s next. DOWNLOAD IT>>
Securing tomorrow’s digital world is complex
As IT professionals navigate a rapidly shifting cybersecurity landscape, the challenges are as dynamic as the technologies emerging to address them. AI’s integration into both offensive and defensive strategies has fundamentally changed the game, requiring IT teams to adopt proactive and adaptable approaches. Meanwhile, economic pressures are driving cybercriminals to intensify their activities, creating even more urgency for robust defenses.
Yet these challenges also present opportunities. Building a resilient IT infrastructure isn’t just about staying ahead of today’s threats — it’s about creating agile systems that can adapt to future challenges. Standing on the frontier of cybersecurity, it’s clear that a commitment to innovation, investment in next-gen solutions and increased preparedness will be essential to securing a brighter digital future.
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
IT professionals feel confident against common threats
We suspect IT professionals are feeling good about the defenses they’ve put in place. Respondents view phishing and ransomware as moderate risks, with 43% considering phishing “somewhat likely” to occur in the next 12 months and 36% viewing ransomware the same way. This not only suggests awareness of these threats but also confidence in current security measures, leading to a lower perceived likelihood of successful attacks. Overall, while confidence in security measures is high, vigilance remains crucial.
What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months?
| Likelihood of falling victim to a phishing attack | Response |
| Extremely likely | 8% |
| Very likely | 17% |
| Somewhat likely | 43% |
| Not very likely | 27% |
| Not at all likely | 5% |
Source: Kaseya
What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?
| Likelihood of falling victim to a ransomware attack | Response |
| Extremely likely | 3% |
| Very likely | 12% |
| Somewhat likely | 36% |
| Not very likely | 41% |
| Not at all likely | 9% |
Source: Kaseya
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Companies will be making new cybersecurity investments
As security maturity reaches a plateau for many businesses, organizations are increasingly focusing on proactive cybersecurity measures, with notable rises in planned investments for advanced solutions, like automated penetration testing. The most significant change is an anticipated increase in investment in a vulnerability assessment tool.
Which of the following cybersecurity investments do you anticipate making in the next 12 months?
| Investment | 2024 | 2023 |
| Cloud security | 33% | 28% |
| Automated pentesting | 27% | 18% |
| Network security | 26% | 20% |
| Security awareness training | 26% | 17% |
| Vulnerability assessment | 26% | 13% |
| Email/collaboration tool security | 24% | 23% |
| Endpoint detection and response (EDR) | 21% | 26% |
| Dark web monitoring | 20% | 23% |
| Cyber insurance | 17% | 27% |
| Secure remote access (SASE) | 17% | 15% |
| Managed SOC/MDR | 15% | 19% |
Source: Kaseya
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Over half of businesses have cyber insurance
As the likelihood of cyberattacks has risen, so has the adoption of cyber insurance, with coverage now at 61% compared to 27% in 2023. Overall, more organizations already have cyber insurance, but fewer are expected to invest further in the coming year.
How likely is your organization to invest in cyber insurance in the next 12 months?
| Response | 2024 | 2023 |
| We already have cyber insurance | 62% | 27% |
| Extremely Likely | 5% | 17% |
| Very likely | 16% | 25% |
| Somewhat likely | 20% | 20% |
| Not likely | 30% | 7% |
| I don’t know | 29% | 5% |
Source: Kaseya
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Which threat vectors are of paramount concern?
As stated previously, there is a significant increase in concern over human error, which rose to 36% this year. This highlights a growing awareness of social engineering and distraction as major threat vectors. Concerns about endpoint threats, including servers and laptops, have plummeted, with server concerns dropping from 12% to 4% and laptops from 11% to 6%. Overall, the data suggests a shift in focus toward human error and cloud security, with a decrease in concern about traditional vectors like email and endpoint security.
Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?
| Attack Vector | 2024 | 2023 |
| 22% | 25% | |
| Human error (social engineering, distraction) | 36% | 16% |
| Endpoint (server) | 4% | 12% |
| Endpoint (laptop) | 6% | 11% |
| Cloud | 13% | 10% |
| Network | 4% | 8% |
| Insider threats | 4% | 6% |
| Supply chain | 2% | 5% |
| Unpatched systems (zero-day attacks) | 7% | 5% |
Source: Kaseya
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Top security management challenges vary widely
Respondents cited human error (19%) and budget constraints (16%), with significant focus also on IT and security skills (14%) and building a security culture (13%), as top security management challenges for the next 12 months.
What do you anticipate will be your top security management challenge in the next 12 months?
| Concern | Response |
| Human error | 19% |
| Budget | 16% |
| IT and security skills | 14% |
| Building a security culture | 13% |
| Don’t know | 11% |
| Governance (framework) | 9% |
| Security awareness training | 6% |
| Staffing | 4% |
| Insider risk | 3% |
| Zero-day attacks | 3% |
| Supply chain risk | 2% |
Source: Kaseya
As we look ahead to 2025, the cybersecurity challenges facing businesses require IT professionals to be proactive and pursue forward-thinking strategies. Cyberthreats are evolving rapidly, with AI-powered attacks, complex ransomware and an expanded attack surface all reshaping the risk landscape. To thrive in this new era, organizations must prioritize cybersecurity as a fundamental part of their operations — not just a compliance checkbox. By fostering a culture of security awareness, embracing next-gen technologies and developing a resilient, adaptable IT strategy, businesses can confidently face whatever the future holds.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Our solutions help you build a future-ready defense against cyberthreats
Our cybersecurity solutions offer the tools that MSPs and internal IT teams need to mitigate cyber risk for businesses quickly and affordably.
BullPhish ID – This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID – Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – This automated anti-phishing solution uses AI and a patented algorithm to catch and quarantine dangerous messages. It learns from every organization’s unique communication patterns to continuously tailor protection without human intervention. Best of all, it deploys in minutes to defend businesses from phishing and email-based cyberattacks, including zero day, AI-created and novel threats.
Book a demo of BullPhish ID, Dark Web ID and Graphus. BOOK IT>>
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>