GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links. 

Security

Four Steps to Get Ahead of AI-Enhanced Cyberattacks, IT Pros Top Worry in 2025

Sep 23, 2024

Artificial intelligence (AI) is a growing threat to a businesses’ data security and IT professionals are taking note. Explore the threat landscape for 2025.

AvatarImg
David Jani
Four Steps to Get Ahead of AI-Enhanced Cyberattacks, IT Pros Top Worry in 2025

What we'll cover

AI enhancements to common threats (such as malware and phishing) and newly developed attacks generated by AI tools are among the top threats for IT data security professionals going into the year 2025. These insights made up some of the key findings of GetApp’s 2024 Data Security report, which surveyed 4,000 participants in 11 countries, 500 of whom were in the USA.* 

Data security and effective data governance are integral to company operations and reputation. Subsequently, CISOs always need to evolve strategies to deal with the latest threats. As cyberattacks are becoming more potent with AI assistance, it’s essential to reprioritize efforts against data security-related threats in the coming year. However, getting up to speed to fight these threats without facing any software vulnerabilities can be challenging. In this article, we share key strategies to boost security and detail four vital recommendations.

Key insights:

  • AI-enhanced attacks are the top threat for 37% of U.S. IT professionals handling data protection for 2025

  • 60% of IT data professionals globally identify AI-enhanced malware as the most concerning AI-generated threat for the next 12 months 

  • 54% in the U.S. have suffered data breaches in 2024, below the global average of 62%.

  • 56% of data breaches in the U.S. were caused by software vulnerabilities

AI is the top concern for 2025

Threat detection and monitoring is an ongoing task for IT security and data security professionals. However, keeping on top of threat intelligence can be a challenge as cyberattacks adapt and evolve, and 2024 has been no exception.

According to our participants, AI-enhanced attacks are the biggest security-related risk factor for this year and going into 2025. This ranked ahead of advanced versions of more established issues such as phishing, ransomware, cloud security issues, and supply chain attacks.

GA_09232024_AIEnhancedCyberattacks-potentialthreats

Security vulnerabilities under a cloud

There are big benefits of using a cloud storage system for small-and-midsize-businesses, allowing them to scale with resources that would be harder to replicate in-house. Despite this, cloud-based vulnerabilities are among the top worries for our American sample and these concerns about data security within the cloud could cause hesitance in adopting these systems.   

GetApp’s guide to mitigating the security risks of cloud computing details important steps to making cloud systems more secure. These include introducing processes such as vulnerability testing for potential risks such as DDoS attacks, configuring systems to permit strong access controls, and creating stronger data policies to help firms secure their data.

In some ways this finding will come as little surprise as the topic of AI-based cyberattacks has been running throughout 2024, as has the rise of easily accessible generative AI technology. [1] The fact that AI has enhanced concerns around security is reflected in our latest findings, where malware and phishing have topped the charts in the U.S. compared to the global average.

GA_09232024_AIEnhancedCyberattacks-concerns

Another emerging risk noted in our global and local samples is AI's potential to create entirely new forms of attacks. This risk was noted in our global and local samples, as in both cases, over half (51%) expressed concern about AI-generated deepfake attacks going into 2025. There are also worries about the ability of artificial intelligence to poison machine learning data or help attackers access injection vulnerability points.

Ransomware and phishing aren’t going away

While AI is the core concern for the year ahead, professionals are still noting high numbers of more conventional attacks, such as phishing and ransomware. These continue to disrupt businesses, exposing them to thousands of dollars in lost revenue.

Phishing remains common, with 87% of participants saying they or others in their organization had received a phishing email in the past 12 months. More worrying still, 74% of that group reported that they or someone else in the business had subsequently clicked on malicious links within the email.

GA_09232024_AIEnhancedCyberattacks-phishingattacks

Ransomware cases in 2024 also affected a significant proportion of the U.S. sample. In total, 44% worked in an organization targeted by one or more system-locking attacks aimed at stealing data to extort money from companies. On a positive note, this was below the numbers seen in our global average of 52%, suggesting companies are weathering these threats effectively. 

However, the consequences of attacks are still dire, with 43% of firms hit by ransomware stings resorting to paying a ransom. For a proportion (36%), it was possible to recover from the attack and decrypt the data without paying.

Unfortunately, equally as many (36%) of ransomware victims lost data in the attack that was never recovered. This includes 2% that had no backups and simply had to accept the permanent data loss without engaging with the hackers. These cases underscore the importance of developing strong ransomware defenses.   

Data breaches in the U.S. are below global averages, but don’t get complacent just yet

A data breach whereby company data is exposed, lost or stolen during a cyberattack is a major threat to business stability. This can be especially harmful to companies if clients are subject to identity theft as a result, and these infractions potentially incur huge fines from the FTC if not dealt with correctly. [2]

In a positive sign, data breaches appear to be on the decline in the US, with 54% of IT data professionals saying their company was hit by one or more data breaches in the last 12 months. This compared well against a global average of 62%.

Nevertheless, while better than global averages, over half of U.S. companies reported a form of data breach over the last year, demonstrating the importance of businesses staying the course to uphold security standards for information. As seen in the graph below, there are many ways breaches can occur, but not all of them involve bad actors or malicious intent.

GA_09232024_AIEnhancedCyberattacks-databreach

CISA pushes for safer software

As a solution to the trend of increasing data breaches a number of major software companies are signing up to guidelines set by The Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. 

Among some of the practices this entails is a vulnerability disclosure policy, easing the ability for public security researchers to report issues to software creators. It also fosters a commitment to more frequent security updates, and overhauling easily exploited settings such as default passwords or a lack of multi-factor authentication (MFA). [3]

4 cybersecurity measures for more secure data in 2025

Based on the findings above, American data security seems slightly more stable in 2024. To ensure that this continues, we’ve leveraged our data to highlight four important tips that can be used to ensure continued security and stability for firms into 2025.

Don’t skimp on security fundamentals

It’s vital to ensure basic protections are covered before worrying about more advanced protection considerations. For example, our sample data's three most used security tools are antivirus, network security, and firewalls, which will surprise very few people. 

While these tools are well-established and fairly encompassing, it is important to use security software with features that make it more adept at dealing with upcoming threats. This may mean using a program with robust malware detection tools and one that also updates its software frequently to address the threat of AI-powered malware and other emerging issues more directly.

Check for gaps in your data security

With AI attacks looking to represent a major challenge in the coming months, it’s important to make sure data security protocols are safely in place. As seen in our findings, 39% of data breaches occurred due to an improperly configured database or errors in the system. This makes regular checks of system integrity a priority. 

The need to review overall data security also represented the biggest priority for over half (53%) globally. This makes sense, especially in situations where vulnerabilities can become wider due to the existence of AI-generated cyberthreats.

GA_09232024_AIEnhancedCyberattacks-companydataprotection

It also goes without saying that data security professionals should implement a decent level of encryption. While most forms of artificial intelligence, such as deep learning, don’t have the capacity to break encryption, AI-powered attacks can make stolen data riskier. [4] Using common encryption methods is a small step to preventing data from being misused if the worst happens. 

Prioritize threat simulation

Cybersecurity protection tools offer a good level of defense against data thieves and cyber attackers. However, these tools aren’t foolproof, and sometimes threats slip through the cracks. Therefore, it is vital to create a level of preparedness within an organization to spot attacks.

Our data showed that 76% workers belong to businesses that simulate phishing attacks, above the global average of 70%. These exercises can enhance email security by promoting awareness of the signs of social engineering attacks before they can do any damage. This practice can also identify the extent to which extra cybersecurity awareness training should be conducted across an enterprise.

Strengthen defenses with multi-factor authentication 

Multi-factor authentication can be a game-changer in preventing an attack. It multiplies the opportunities to thwart a potential attack and prevent a data breach or takeover of a system by a hacker. Therefore, it was no surprise that 51% of IT and data professionals surveyed said that their companies use MFA for all applications, compared with a global average of 44%. 

This appears to be helping companies avoid some of the worst impacts of a cyberattack compared to others abroad. Interestingly, American respondents appear to prefer MFA options that authenticate access via a passcode, received on a mobile device, by email, or found on a dedicated authentication app. Biometrics comparatively appear to be considerably less popular.

GA_09232024_AIEnhancedCyberattacks-biometrucauthentication

These findings may have been compounded by worries about the risks of AI breaking the defense of biometrics. In GetApp’s 2024 Executive Cybersecurity survey, for example, we observed high fears in the U.S. about the potential for biometrics to be compromised by AI-generated fraud. 

Cyberattacks Are Getting Stronger: Make Preparations for 2025 Now 

The picture for data security at the end of 2024 into 2025 has some positive notes. However, that can all be lost if complacency sets in. The cybersecurity infrastructure is always changing, and the growth of AI tools means the nature of threats is evolving fast. 

It is important that companies review and, where necessary, enhance their security coverage and ensure data is properly protected. This will help create the best chance of avoiding looming threats in 2025. 

To study the bigger picture of artificial intelligence in cybersecurity in more detail, the second part of our analysis of GetApp’s Data Security Survey examines how AI is an opportunity as much as a risk. This can help businesses plan ways to incorporate it into their cybersecurity infrastructure and make their network monitoring more secure.

Survey methodology

*GetApp’s 2024 Data Security Survey was conducted online in August 2024 among 4,000 respondents in Australia (n=350), Brazil (n=350), Canada (n=350), France (n=350), India (n=350), Italy (n=350), Japan (n=350), Mexico (n=350), Spain (n=350), the U.K. (n=350), and the U.S. (n=500) to learn more about data security practices at businesses around the world. Respondents were screened for full-time employment in an IT role with responsibility for, or full knowledge of, their company's data security measures.

Sources

  1. AI makes it easier for anyone to become a cybercriminal, top official says, Axios 

  2. Equifax Data Breach Settlement, Federal Trade Commission (FTC) 

  3. Secure by Design Pledge, CISA

  4. Could Deep Learning be used to crack encryption?, GeeksforGeeks

avatar
About the author

David Jani

David Jani is a content analyst at GetApp. With a background in tech journalism, public relations, and marketing, he uses his extensive experience to provide actionable insights for small and midsize businesses.

David’s research and analysis is informed by more than 150,000 authentic user reviews on GetApp and nearly 3,000 interactions between GetApp software advisors and software buyers.

His thought leadership work has been featured in TechRadar, Startups Magazine, and Raconteur.
Visit author's page