Forrester warns of deepfakes & AI extortion in 2025 threats

Today

A report by Forrester has identified the top cybersecurity threats anticipated to impact organisations and security teams in 2025.

The Forrester report, entitled "The Top Cybersecurity Threats in 2025," outlines five key risks confronting companies, ranging from global regulatory upheavals to the proliferation of high-quality deepfakes and the rise of advanced extortion schemes powered by generative AI (GenAI).

According to Forrester, the first major threat area concerns global regulatory disruptions. In its 2024 Business Risk Survey, 24% of enterprise risk management leaders cited regulatory changes as a top concern. The report notes that shifting global regulations are contributing to a complex compliance environment. Organisations must pay particular attention to those requirements currently enforceable, including major regimes such as the European Union's AI Act, the Digital Operations Resilience Act (DORA), and the forthcoming CMMC 2.0 requirements. Forrester states, "With so much regulatory change, organisations must focus on compliance change management and prioritise requirements that are being enforced now."

The second threat highlighted in the report is the danger posed by deepfake technology. The increasing availability and sophistication of tools and algorithms for producing high-quality deepfakes threaten authentication processes, erode trust, and put brand reputations at risk. Forrester emphasises the importance of both end-user education and robust authentication measures in tackling this issue. The report projects, "Forrester anticipates biometrics vendors will allocate 20-30% of R&D budgets to enhance deepfake detection by 2025."

Another listed concern is the potential for so-called "tech exuberance" over generative AI. Forrester warns that the ungoverned deployment of AI without adequate security evaluation and oversight may create fresh vulnerabilities for enterprises. "Organisations must implement a comprehensive AI security strategy that includes discovery, policy enforcement, and detection and response capabilities for real-time detection," Forrester advises.

Economic pressures and their impact on insider risks comprise the fourth area of concern in the report. The ongoing trend of job cuts worldwide has created conditions under which the risk of insider threats is elevated. According to Forrester, "Post-layoff dissatisfaction increases the risk of insider threats as financially stressed employees may turn malicious, leading to data breaches and other security incidents." The report recommends that organisations combine proactive insider risk management with efforts to encourage a positive workplace culture: "A robust insider risk management program combined with initiatives to foster a positive work culture is critical for minimising these threats."

The fifth threat outlined is a shift from traditional ransomware to GenAI-driven extortion schemes. Forrester points to the growing sophistication of such schemes, which now use generative AI for advanced sentiment analysis as part of broader data breach strategies. To address these threats, Forrester says, "Businesses must adopt a holistic Zero Trust approach and consider investing in phishing-resistant multifactor authentication and passkeys, data loss prevention tools, and ongoing employee training to counteract these threats."

With cybercriminal tactics continuing to evolve and regulatory requirements growing in complexity, the report indicates that security teams will need to adopt multi-faceted and adaptive cybersecurity strategies to prepare for the year ahead. The full Forrester report provides detailed analysis and specific recommendations for Chief Information Security Officers and risk management leaders navigating these developments.

Share on: