As we navigate through 2025, the cyber landscape continues to evolve rapidly. Here are the PTC team’s top 5 cyber considerations that organisations should prioritise to stay ahead of emerging threats.

Digital Operational Resilience Act (DORA)

The EU’s Digital Operational Resilience Act (DORA) goes live on January 17, 2025. This regulation mandates that boards define, approve, oversee, and be responsible for the implementation of all arrangements related to the ICT risk management framework. Supply chains are included. Organizational leaders are required to take charge of cyber risk. Several cyber-related bills are making their way through parliament for potential release later this year. Best Practices for Defence: Implement a comprehensive ICT risk management framework, conduct regular penetration tests, deploy basic defences such as Cyber Essentials Plus & OWASP Top 10, vet suppliers to a similar standard; ensure board-level oversight.

Windows 10 End of Life (EoL)

Windows 10 will reach its end of life on October 14, 2025. This significant milestone will require organizations to update their workstation estates to meet requirements including Cyber Essentials, Plus, ISO27001, and IASME Cyber Assurance, as well as adhere to security best practices. Ensuring updated hardware and software will be crucial for maintaining a secure network infrastructure. Best Practices for Defence: Plan and execute a migration strategy to supported operating systems, update hardware as needed, and ensure compliance with relevant security standards.

AI-Powered Cyberattacks

The risk of attacks from AI-generated deepfakes and identity theft is on the rise. Supply chain attacks have increased significantly due to these advancements, necessitating robust defences. While malware-based attacks have decreased, there is a growing trend in MFA bypass, credential harvesting, and social engineering. Ransomware gangs and organized crime groups have streamlined their attack methods, making it easier to launch sophisticated attacks. For instance, in 2024, a deepfake video conference was used to manipulate a finance worker into transferring $25 million. Best Practices for Defence: Implement multi-factor authentication (MFA), CE/+, OWASP top 10, and CREST Pentests, conduct regular security awareness training, and deploy advanced threat detection systems

Geopolitical Changes

The recent changes in the UK and US administrations and the ongoing military operations in Ukraine and Middle East will have international effects, including an increase in attacks on critical national infrastructure (CNI) by state and organized crime actors. Additionally, the removal of Meta’s “fact checkers” and similar initiatives will impact the information landscape. A notable example is the breach of the US Treasury in 2024, which highlighted the persistent threat of nation-state actors. Best Practices for Defence: Ensure fundamental defences such as Cyber Essentials Plus and e.g. CREST pentests are deployed and maintained. Enhance monitoring and protection of key information assets. Stay informed about geopolitical developments, government and industry partners.

Cyber Personnel Availability

In the UK Significant layoffs, market contraction, and aggressive acquisitions of private cyber suppliers by venture capital backed larger firms in 2024 will affect the availability and pricing of cyber defence and related services in 2025. The recent UK government budget will also play a role in shaping the cybersecurity workforce landscape. Organizations will need to navigate these challenges to ensure they have the necessary talent to defend against evolving cyber threats. Best Practices for Defence: Partner on multi-year contracts with leading privately owned cyber defence providers such as Pentest Cyber Ltd.

Conclusion

In 2025 the Cyber Threat landscape looks more dynamic and challenging than ever. The forever game of cat and mouse continues, why not Contact us today to help you navigate whatever this year brings.

Invest in cybersecurity defences such as Cyber Essentials Plus, CREST OSWE level pentests, training and development programs. Consider outsourcing to reputable security firms, and implement retention strategies to keep key personnel.

Sources

InformationWeek: “The Biggest Cybersecurity Issues Heading into 2025”
ValidSoft: “AI Deepfake Fraud: 2025 the Year of Deepfake Defense”
Microsoft: “End of support for Windows 10”
Allied Global: “Cybersecurity Staffing Why 2025 Will Be the Year of Cyber Talent”
ESMA: “Digital Operational Resilience Act (DORA)”