Cyber Security Trends – Annual Updates & Insights by Year

Welcome to your go-to source for the latest developments in the rapidly evolving world of cyber threats.

As technology advances, so too do the tactics of those who seek to exploit it. From the rise of AI-driven ransomware to the growing risks of sophisticated bots and supply chain vulnerabilities, every year presents new challenges for businesses. Here, we share insights into the key trends shaping the cyber landscape, helping organisations strengthen their approach to managing risks.

Our timeline shows how these threats have emerged and evolved over the years. Read on to explore the latest trends and discover ways to address the challenges of today and tomorrow.

• Learn about ISO 27001, the international standard for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
• Discover how Cyber Essentials Certification can support UK organisations in improving baseline cyber security controls.

AI-driven threats and defences

AI continues to play a significant role in both improving cyber security measures and advancing cyber threats. Businesses are increasingly using AI for threat detection. However, AI’s capabilities also allow cyber criminals to develop more sophisticated attacks.

For example, cyber criminals have reportedly used AI tools from Anthropic, the maker of the Claude chatbot, to steal and extort personal data.

The government recognises this dual-use nature of AI, and highlights the need for ongoing advances in AI research and implementation to stay ahead of potential threats.

Read more: Is AI Good News for Cyber Security?

Evolving ransomware strategies

Ransomware remains a significant concern, with attackers refining their strategies to include more targeted and impactful attacks. The use of AI in ransomware operations has enhanced the ability to conduct personalised attacks and strategically timed incidents to maximise disruption. Despite successful actions against major ransomware groups, the threat persists, emphasising the need for robust defence mechanisms and incident response plans.

According to the National Cyber Security Centre, AI makes cyber crime easier for novice cyber criminals and hackers. This is likely to contribute to the global ransomware threat in 2025.

The Home Office released legislative proposals in February 2025 to reduce ransomware payments and increase incident reporting.

Strengthening supply chain security

Following the high-profile supply chain attacks of 2024, this trend is continuing into 2025, with securing the entire supply chain now a top priority for businesses. This means securing your own systems and making sure suppliers follow strong security practices too. There is a move towards more formal supply chain security obligations – schemes like Cyber Essentials encourage good baseline practices that can support risk management across the supply chain.

A significant 2025 supply chain security breach was the M&S cyber attack in late April, after hackers infiltrated the retailer’s systems through a trusted supplier using social engineering.

Learn more: How Supply Chains Became The Next Big Cyber Risk.

AI and its impact on SME cyber security

Small and medium-sized enterprises (SMEs) continue to become prime targets for cyber attacks. The technology story of 2023 was the sudden emergence of generative AI, with its potential to transform sectors such as cyber security.

A year on, and despite many alarming predictions about how this technology will be used by attackers, not much has happened. The lesson of AI, however, is that this could change very suddenly, without warning. The gap between the sort of attacks launched against large organisations and smaller ones has been narrowing for some time; AI has the potential to close whatever gap remains, for good.

Read our cyber security guide for SMEs.

Quantum and post-quantum encryption

Meanwhile, while quantum computing remains some way off – the use of post-quantum encryption or PQE (that is, encryption able in principle to resist quantum factorisation) was an almost ignored but important trend, with Cloudflare reporting that 1.7% of its traffic used this format once Google Chrome started supporting it. Is this an issue for SMEs? Arguably, yes. If public key encryption fails, everybody will suffer, so PQE is an issue of interest for organisations across the spectrum.

Multi-Factor Authentication (MFA) challenges

Another important trend of 2023 that will doubtless continue in 2024 is the increasing sophistication with which attackers can bypass multi-factor authentication (MFA). A variety of techniques have emerged, including fatigue attacks against push notification MFA, stealing session cookies (not, technically, a failure of MFA but incredibly effective in some circumstances) and man-in-the-middle attacks using real-time proxying. MFA is a necessary security layer, but the wide range of implementations still makes it a complex technology to manage and secure. Its security should never be taken for granted.

Ransomware developments

For years, ransomware has looked unstoppable. Attack numbers only seem to grow, with experts warning that the risk of an incident big enough to disrupt economies is now on the cards. The data for 2023 bears out the pessimism with most security vendors noticing record or near-record numbers of attacks during the year. Despite this, there is cause for some optimism. In December, the U.S. Department of Justice (DOJ) announced that it had seized infrastructure connected to one of the ALPHV/BlackCat ransomware groups. In October, Europol and the FBI disrupted Ragnar Locker, another prominent ransomware group. This followed similar action against the Hive ransomware. Ransomware is not going away but perhaps some of the impunity is at last fading.

E-commerce bot challenges

For e-commerce companies, bots are a menace whose evolution is starting to outstrip the ability of defenders to contain them. Common uses include product scalping, price scraping, and account takeover. Data scraping bots targeting APIs have become a particular problem and are being used to extract data from large platforms in a way that mimics a data breach. Defending against them is becoming less effective using traditional defences such as web application firewalls (WAFs) and IP blocking.

Software supply chain attacks

Supply chain attacks remain notable, with incidents involving businesses such as Okta, MOVEit, JetBrains, and 3CX. The genius of these attacks is that they allow cyber criminals to compromise a service provider and gain access to their entire customer base without being that obvious until serious damage has been done.

The cyber security skills gap

The cyber security skills gap persists in 2024, with ISC2 estimating a UK gap of 367,000 roles in 2023, up 8.3% year-on-year. This doesn’t just measure the job roles advertised but not filled but also accounts for the underlying need for people that can’t be met, usually for budgetary reasons. SMEs are increasingly using Managed Security Service Providers (MSSPs) to fill the gap although these service providers face similar challenges.

Learn more about available cyber security training options to support staff readiness.

The evolution of ransomware

Outwardly, ransomware in 2023 looks much as it did a year or two ago; there’s a lot of it around and despite governments advising against paying ransoms, many victims are still handing over substantial sums to the criminals. However, it’s clear that its evolution continues apace. On the criminal side, two trends are discernible. The first is the established trend of multi-vector extortion in which attackers not only encrypt data but steal it and threaten to expose it. This is backed up with threats to contact third parties affected by a breach and perhaps a nasty Distributed Denial-of-Service (DDoS) attack thrown in for good measure.

A second tactic is to focus exclusively on data theft for extortion, as seen in the zero-day compromise of Progress Software’s widely used MOVEit file transfer gateways. To work, this approach requires scale, which MOVEiT’s 1,700 enterprise customers offer. For the price of a single compromise, you can extort large numbers of victims. The Clop ransomware group claimed the attack, telling a website that it had moved on from encryption attacks.

On the defending side, the debate over whether to pay extortionists remains, with hints from the Biden administration that it might ban at least some ransom payments.

Business Email Compromise (BEC) fraud

With all the headlines grabbed by ransomware attacks, the threat from BEC fraud tends to get overlooked and yet it is evolving just as rapidly. Part of the problem is that BEC attacks are by their nature less obvious.

During 2022, the FBI’s IC3 complaint centre recorded an astonishing 21,832 BEC incidents which resulted in losses of more than $2.7 billion, far surpassing U.S. ransomware losses. A big part of BEC’s continued success is that it is now deployed via powerful platforms which specialise in this type of attack. These allow attackers to automate a range of techniques for compromising credentials (BEC is still about breaking into email systems to impersonate legitimate users), defeating geographical blocks on non-local IP addresses using residential proxies, and executing sophisticated forms of social engineering.

Read about the top 8 cyber security risks for businesses

API attacks – cyber criminals spot a new opportunity

Behind every great web lies an application programming interface (API). In truth, it’s probably dozens when you add up all the third-party APIs that are now in use. In 2019 content delivery giant Akamai estimated that 83% of all web-related traffic was to and from APIs. If you don’t use multiple APIs in 2023, you’re probably not in business.

APIs started as tools to make programming easier, but they have become integral to sharing and selling data, birthing the modern software and data economy. However, this API proliferation has come at the cost of security. APIs are software gateways that can suffer from many of the same software and authentication vulnerabilities as normal applications.

Criminals have noticed this, which has resulted in a series of hacks and scraping attacks. Many organisations now use so many APIs (including forgotten ones), that they have lost track of them, creating weaknesses that security teams struggle to manage.

Read about the biggest cyber attacks, year by year.

Multi-factor authentication – still essential, but not foolproof

Today, credentials are probably the biggest universal vulnerability. Attackers devote huge resources to stealing them, knowing that they offer a way to impersonate legitimate users in order to bypass layers of network security. The answer to this problem is multi-factor authentication (MFA), which requires the users to enter an extra credential (a code or present a token) to gain access to an account. Without a doubt, MFA works; numerous surveys show that accounts without MFA turned on are far more likely to be breached.

The caveat is that some types are more secure than others. For example, FIDO2 tokens are extremely secure, while codes sent via SMS text messages aren’t. Increasingly, criminals are finding ways to game MFA or even bypass it altogether. MFA fatigue attacks are a prime example in which attackers who have stolen account passwords bombard their owners with fake push notifications until they click ‘yes’ in exasperation. Worse still, attacks that steal session cookies bypass MFA completely, rendering even the most secure forms moot.

AI disinformation

We’re still in the early stages of artificial intelligence (AI) and its impact on cyber security, but some troubling scenarios are plausible. AI’s potential to create deep fakes and disinformation is advancing faster than the ability of humans and social media to understand this is happening. The incentive to use AI in this way is overwhelming. Conflicts between nations are increasingly fought through information v disinformation, in which the latter drowns out and confuses people’s understanding of real information.

So far, disinformation has mostly targeted countries but there is no reason it couldn’t be used against organisations or individuals too. Disinformation is a lot older than AI, but AI’s appearance makes it much easier to utilise at scale.

Shift towards zero trust security models

In 2022, the adoption of Zero Trust security models gained momentum as cyber threats became more sophisticated. This approach operates on the principle that no user or system should be trusted by default, whether inside or outside the network. It focuses on strict identity verification, continual monitoring, and least privilege access – essential for protecting environments with remote work and cloud reliance.

Expansion of cyber insurance and compliance requirements

The year 2022 saw a rise in demand for cyber insurance as organisations sought financial protection from data breaches. Simultaneously, increased regulatory pressures, with increased enforcement of frameworks like GDPR, compelled businesses to strengthen their cyber security measures. This dual focus on insurance and compliance pushed companies to enhance their data protection strategies and breach response capabilities.

Proliferation of Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) became a prominent threat in 2022, making it easier for cyber criminals to launch attacks. This model allowed technically less-skilled attackers to rent ransomware tools and infrastructure from more skilled developers, leading to a surge in ransomware incidents. The accessibility of RaaS increased the scale and frequency of attacks, prompting organisations to strengthen their ransomware defences and incident response plans.

Ransomware extortion

A big ransomware trend of 2020 that continued into 2021 was the evolution from simply encrypting data to stealing it and threatening to release it publicly – a tactic known as double extortion. For any organisation, this ups the ante, turning a disruptive attack into a notifiable data breach that creates huge reputational risk.

Even if a ransom is paid, there is still no guarantee that stolen data won’t be sold on or released at some future point. Fuelled by ransomware-as-a-service – a model which allows mainstream criminals to rent malware –this tactic is likely to become common in 2021.

Read about how to develop a cyber security policy.

Home working

The pandemic of 2020 has supercharged the trend for organisations to offer home working as an option. Although less pronounced among small businesses, even a small increase in remote working creates cyber security challenges, starting with the technical difficulty of securing both devices and data in the home context where a single mistake can allow an attacker behind a company firewall.

Secure collaboration

Many organisations now rely on software such as Microsoft Teams, Zoom and Slack to make remote working possible without considering their potential risk in terms of handling of sensitive data and the need to secure user accounts against external compromise. Securing these tools is a learning curve that requires early intervention and oversight.

Vulnerable IoT/IIoT

Patching vulnerable software is already a full-time task, made more difficult by a steady stream of weaknesses in many Internet of Things devices. As a report by security company Forescout confirmed, many of these are low-level flaws that are either difficult or even impossible to patch. Organisations should resolve to buy only products that have defined patching processes and a clear lifecycle.

Cloud misconfiguration

Many SMEs have adopted public and private cloud systems for storage and software development, creating new layers of risk. During 2020 there have been numerous reports of cloud databases inadvertently left unsecured, misconfiguration breaches which attackers are set up to quickly exploit. More generally, public cloud storage requires organisations to trust the security of their service providers and the good behaviour of their own employees.

Phishing spoofing

If a phishing email makes it to an employee’s inbox, the chances are it will have been routed or sent from the legitimate but hijacked domain, server, or cloud service that wasn’t on a block list. Combined with increased targeting, such tactics explain why phishing remains hard to detect. The last year has also seen a rise in smishing (SMS phishing) targeting business and personal banking accounts with often convincing-looking financial alerts.

While there’s no single solution, organisations can take practical steps to reduce their exposure by applying a core set of principles, technologies, and best practices.

1. Multi-Factor Authentication (MFA)

An underlying issue in many vulnerabilities is an over-reliance on passwords. Many of these issues can be mitigated by adding a layer of authentication, a simple technical upgrade that consistently improves account security. Too many companies use authentication only in some contexts. Multi-factor authentication (MFA), including even basic SMS-based solutions, is widely acknowledged as improving account security.

2. Data encryption

Encryption tends to be employed where compliance demands it, such as full disk encryption on laptops in financial services or to meet regulations such as PCI-DSS. However, there is a growing realisation that securely encrypting all data at rest – on devices as well as servers – would give organisations a big security upgrade, immediately limiting the exposure from data breaches. Ideally, this should apply even when a file is moved or copied, including to the cloud.

3. Patching vigilance

Patch management best practice tends to assume that an organisation is managing an internal network. However, home working and ‘bring your own device’ (BYOD) are good examples of trends that challenge this assumption. Organisations need to remember that the edge of their network is wherever their data and applications are being used, including shared home devices that might not have been patched against known vulnerabilities.

4. Penetration testing

Penetration testing comes in many forms, but even a basic service can provide smaller organisations with insights into specific vulnerabilities or cyber security weaknesses. Cyber Essentials Plus includes vulnerability assessment as part of its technical verification process (but it is not a substitute for a full penetration test).

5. Trained and vigilant employees

Despite the high-tech threats and security risks presented by hackers, they are far from an organisations biggest threat. In our free guide we explain why hackers aren’t the greatest threat and provide greater detail around measures organisations can take to protect themselves. One of the key measures is to ensure staff are made aware of the risks and are properly trained on how to spot them and how to avoid becoming a victim.

We have produced a couple of low-cost, easy to understand e-learning courses that businesses can make available to their staff. Our cyber security awareness course and our phishing awareness course provide useful insights and guidance that may prove invaluable in the battle against cyber criminals.

6. An Information Security Management System (ISMS)

An ISMS supports organisations in systematically managing information security risks, which could help to limit exposure to cyber threats, depending on how the ISMS is implemented and maintained. An ISMS relies on the successful alignment of three key areas – people, processes and technology – to implement best practices for protecting your organisation, as well as complying with applicable laws, such as GDPR.

Successful deployment of an ISMS not only helps to protect your organisation, but it can also offer new business opportunities as it is common for businesses to require their partners and suppliers to demonstrate their ability to resist cyber crime. This is especially true if you handle their customers’ data.

Having your ISMS certified to ISO/IEC 27001 by a UKAS-accredited body provides independent assurance that your organisation meets recognised international requirements, which provides business owners, their staff and customers with confidence that their data is appropriately protected.

Find out how to begin the certification process for Cyber Essentials and ISO/IEC 27001 certification for your business with British Assessment Bureau.

Request a quote today or contact our team to discuss your needs.