Black Arrow’s Key Cyber Predictions for 2025

At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.

Phishing in 2025, Powered by AI

In 2025, we see phishing continuing its alarming rise. Attackers are using AI to amplify the dangers of phishing, not just in emails but also in Teams and other messaging platforms. AI-generated messages adapt to bypass existing controls, with greater success in landing in employees' inboxes. Gone are the days of spotting phishing through bad spelling and grammar; AI will generate perfect communications tailored to specific sectors and will flex to penetrate victims' security.

Deepfake: A Growing Threat in 2025

Deepfake audio and video calls form part of a modern attack scenario, no longer limited to sophisticated attackers. The deepfake video attack on Arup last year, which resulted in USD 25 million in fraudulent bank payments, was a trailblazing example. With the rapid development of AI, we predict that deepfake attacks will affect small and medium-sized businesses as much as large organisations. The technology and kits for such attacks are set to become cheaper and more accessible in 2025.

Supply Chain Risks: No Company is an Island

Organisations heavily rely on other companies to manage key activities or systems, including outsourced payroll, IT, accounting, legal services, and marketing. This trend will continue to grow in 2025, along with substantial cyber security risks. Attackers will increasingly focus on supply chains as an easy way to access data for ransom or payment fraud. An example of the most popular attack we see would be where an attacker gains access to your third party’s email account (known as business email compromise, or BEC), and then interacts with you from that trusted email account to make changes to bank account details for upcoming payments. BEC and other attacks often start with phishing emails which we see will be enhanced by AI and deepfake in 2025.

Quantum Computing: On the Horizon

With many organisations developing quantum computing, we expect advances in 2025 and beyond that will present opportunities for both organisations and attackers. Quantum computers have the potential to solve highly complex problems at high speed, but this capability could also be used by attackers to break encryption. We see 2025 as the year when many organisations start to reexamine their security approaches to withstand the malicious use of quantum computing.

Constant Innovation: The Need for Threat Intelligence

The sudden appearance of DeepSeek AI in late January 2025, which sent shockwaves through the global technology sector, reminds us that all businesses need to stay abreast of technological developments and understand their cyber security implications. We encourage you to subscribe to our free weekly threat intelligence briefing, sent by email every Monday, to help keep up to date. Visit our website at www.blackarrowcyber.com/subscribe for more information.