By Rick Goud
Since 2019, the ICO has reported over 60,000 data incidents, with data emailed to the wrong recipient being the most common type in 2024, accounting for 17% of incidents in Q3 of this year. Email and communication platforms remain the largest risk vectors and 2024’s proliferation of AI has advanced the capabilities cybercriminals as they were able to exploit vulnerabilities, prompting organisations to implement stronger precautions and navigate heightened regulatory pressures.
As we approach 2025, we share our four predictions for organisations looking to get a head-start on cybersecurity:
1. Adopting Secure Behaviours
50% of UK businesses experienced cyber incidents in the last 12 months, which is why new regulations like NIS2 and DORA have tightened up data protection requirements as part of a broader global trend to counter the growing threat posed by cybercriminals. Phishing attacks have continued to plague businesses with 84% reporting to have experienced them in 2024. With threats rising and a growing complexity of data protection legislation, manual processes are no longer enough to meet these evolving requirements.
Fears of financial penalties will continue to loom over the heads of senior leadership teams unless systemic changes are made. We foresee a shift towards a more risk-based approach—prioritising measures based on relevance and impact—that will make compliance efforts more effective and reduce unnecessary demands on employees. Aligning security measures with real, identifiable risks will help employees to see the value in following protocols and will mark a shift away from point-in-time audits to continuous compliance monitoring, reinforcing cyber resilience in a constantly developing regulatory environment.
2. UK Businesses ‘Neighbourhood Watch’ to Take on Cyber Gangs
‘Five Eyes’, an intergovernmental intelligence-sharing alliance, has advocated for increased collaboration between private businesses and law enforcement to combat cybercrime. While cross-collaboration at the government level has proven effective, the next step involves closer cooperation between technology vendors and governments to disrupt the cycle of cybercrime.
By sharing intelligence with authorities, businesses can play a pivotal role in this effort. AI-powered threat intelligence facilitates the secure exchange of information about security incidents while protecting sensitive data. This would be similar to a digital ‘neighbourhood watch’, when one company identifies a new type of cyberattack, AI systems can analyse the threat, learn from it, and share preventive measures with others.
3. Preparations for Quantum Based Attacks
Developing Post-Quantum Cryptography (PQC) standards will be crucial for safeguarding sensitive communications against quantum computers, which can solve complex calculations far beyond traditional capabilities. Although quantum computers are expected to mature within 15 years, the urgency is now, as cybercriminals engage in ‘harvest now, decrypt later’ attacks, stealing encrypted data to exploit in the future. With state-sponsored hacktivism on the rise, quantum-powered attacks could devastate Critical National Infrastructure (CNI), driving regulatory mandates for quantum-safe encryption to address these emerging threats, especially as AI-powered cyberattacks become more prevalent.
4. Email Encryption is No Longer Enough
AI-powered threat detection enables businesses to identify and prevent malicious activities before they become disruptive. Coupled with a human-centric security system — featuring contextual prompts, automated content classification, and integrated user education — employees can better avoid human error. With AI fuelling more sophisticated cyberattacks, encryption alone is no longer enough to protect email communications. Encryption may safeguard outgoing messages, but it cannot defend against threats, such as phishing, malware, account takeovers and business email compromise (BEC). As a result, 2025 we anticipate that businesses embrace a more holistic approach to security, electing to implement multiple layers of defences.
Striking a balance between technology and human oversight
In 2025, achieving data security will require continuous compliance monitoring, AI-enabled threat sharing, layered defences, tailored staff training, and the development of quantum-safe encryption. By adopting these strategies, organisations can strengthen their safeguards, reduce human error, and build a culture of resilience and accountability.
Before co-founding Zivver,