Experian’s just released 12th annual Data Breach Industry Forecast has found that emerging cybersecurity threats may come from unexpected sources as teens and AI-savvy employees may perpetrate more attacks next year.
The report includes five predictions for 2025 covering a range of potential trends with AI at the forefront, including growing sources of threats and fresh targets for hackers of AI power centres.
Global data breaches show no signs of slowing down. This year has already exceeded 2023 in the number of data breaches and consumers impacted. Businesses and consumers need to stay vigilant and keep an eye on these five predictions for 2025:
- Smells like teen secret: Today, the world of cyber hacking is not confined to grown-ups, nor is the fallout. According to the FBI, the average age of someone arrested for cybercrime is 19 versus 37 for any crime. Many teens will have been recruited into the business by more sophisticated fraudsters, who reach them through online gaming, chat and social media. As more states pass legislation against revenge porn, cyberbullying, and other forms of online fraudulent attacks, we may see a dramatic increase in the number of teens prosecuted for hacking and fraud.
- The enemy within – internal fraud will rise: As more companies continue to train their employees on the responsible use of AI, we could see a marked increase in the use of that AI education by those very same employees for internal theft, sensitive information sourcing, and much more. Next year may see at least one global brand impacted by fraud perpetrated by an insider to whom it provided educational AI training.
- Power-hungry data centres become favoured targets: Global cyberattackers have had large data centres in their sights for years, but one clear attack vector has emerged with the exponential growth of consumer and business use of generative AI power. On average, a single ChatGPT query uses nearly 10 times more electricity to process than a standard Google search. All these entities represent new attack surfaces that could be disrupted by bad actors. Globally, the problem is exacerbated. Cloud infrastructure and data centre technology and security vary wildly from country to country. Within the next year, cyberattackers may successfully jeopardise a nation-state’s cloud infrastructure through an attack on the power needed to run it.
- Eating their own – predators become prey: A recent story of hackers being duped by sophisticated malware from a more malicious hacker and losing their funds points to a fast-growing trend in the high-stakes world of cybercrime: the predators becoming the prey. The next year may see a marked increase in hacker-on-hacker attacks either for political or monetary reasons. These incidents highlight how the boundaries between predator and prey in the digital world are increasingly blurred.
- Dynamic identification is the next defence against fraud: Normal 256 Bit Encryption is becoming obsolete, and AI-driven fraud is increasing in sophistication so quickly that fraudsters will soon be able to create virtually undiscernible proof-of-life documents that will fool even the most discriminating eye or identification system. To combat this evolving reality, nation-states and government agencies could move to dynamic identification that will replace static driver’s licenses and social security cards with dynamic PII that continually changes like an online 3D barcode used for event tickets.
“While supply chain breaches and ransomware dominated the cyber landscape in 2024, AI-related incidents will likely become a major headline maker in 2025,” said Michael Bruemmer, vice president of global data breach resolution at Experian. “Investments in cybersecurity will increase to tackle this emerging threat while hackers are having a field day leveraging it for everything from phishing attacks and password cracking to producing malware and deepfakes.”
“We expect that globally data breaches continue at the current pace next year with ransomware being even more sophisticated with the use of AI,” added Jim Steven, head of crisis and data response services at Experian Global Data Breach Resolution. “We may also see threat actors escalating risks to gain greater rewards and the use of consumer data to damage reputations rising in 2025.”
You can read the full report here.
