Evolving Cybersecurity Threats and Organizational Preparedness in 2025
Geopolitical instability, rapid technological advancement, and persistent skills shortages are fundamentally reshaping the cybersecurity landscape for organizations worldwide. According to a PwC report, 60% of executives now rank cyber risk investment among their top three strategic priorities, driven by concerns over political instability, trade disputes, and shifting alliances. Despite this heightened awareness, only about half of surveyed organizations feel very capable of withstanding cyberattacks on common vulnerabilities, and a mere 6% report preparedness across all vulnerabilities, highlighting significant exposure through legacy systems and complex supply chains. The financial impact of breaches remains severe, with over a quarter of respondents experiencing incidents costing at least $1 million in the past three years, disproportionately affecting large enterprises and technology-driven sectors. Spending on cybersecurity is increasing, with 78% of organizations expecting budget growth, yet only 24% are channeling more resources into proactive measures such as monitoring, testing, and training, indicating a continued reactive posture. The ENISA Threat Landscape 2025 report underscores the professionalization of cybercrime, the convergence of criminal and state-aligned actors, and the rise of hacktivist groups leveraging ransomware for both ideological and financial gain. Ransomware remains the most disruptive threat across the EU, with groups adopting decentralized operations, double- and triple-extortion tactics, and exploiting regulatory compliance fears to pressure victims. The proliferation of Ransomware-as-a-Service (RaaS), public leaks of builder tools, and the emergence of access brokers have lowered barriers to entry, fueling a diverse and persistent threat ecosystem. Weak authentication practices persist in many organizations, with passwords and SMS codes still dominant despite their vulnerability to phishing and credential theft. A significant portion of employees have never received cybersecurity training, and outdated policies further exacerbate risk, as personal and professional security habits often overlap, creating additional attack vectors. The adoption of stronger authentication methods, such as device-bound passkeys, remains limited, and resistance to multi-factor authentication is common due to perceived complexity. The use of AI in both attack and defense is accelerating, with AI-generated phishing campaigns and adaptive malware becoming more prevalent, while defenders also leverage AI for predictive threat detection. The overall picture is one of rising threat sophistication, uneven organizational preparedness, and a pressing need for sustained investment in proactive security measures, workforce training, and the adoption of advanced technologies to build resilience against an increasingly complex cyber threat landscape.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
PwC reports U.S. firms see cyber risk outpacing response capability
PwC published findings from a March survey of more than 600 U.S. executives showing cybersecurity had become one of the top business risks shaping corporate strategy, while only a small minority felt their organizations could manage that risk effectively. The report also highlighted increased technology and AI spending since January 2025 and growing concern over cyberattacks and regulatory uncertainty.
PwC releases Global Cyber Risk Trends 2026 report
PwC published a new report describing how AI, quantum computing, geopolitics, legacy systems, supply chain exposure, and skills shortages are shaping cybersecurity strategy. The report says many organizations are increasing cyber investment but remain underprepared, with spending still largely reactive.
Help Net Security highlights persistent weak authentication practices
Help Net Security published coverage on the ongoing risks posed by outdated authentication habits in organizations, indicating continued concern over weak authentication practices. No earlier event date is provided beyond the article's publication date.
ENISA publishes Threat Landscape 2025 report
ENISA released its Threat Landscape 2025 report, outlining major cybersecurity trends and threats observed across the European threat environment. The report was discussed in media coverage published on 2025-10-06.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage
govinfosecurity.com
Open sourcePwC Annual Threat Dynamics 2026 discloses that identity attacks surge as AI reshapes cyber threat landscape - Industrial Cyber
industrialcyber.co
Open sourceCybersecurity’s next test: AI, quantum, and geopolitics
helpnetsecurity.com
Open sourceOld authentication habits die hard
helpnetsecurity.com
Open sourceReading the ENISA Threat Landscape 2025 report
securityaffairs.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Trends and Challenges in Cybersecurity for 2025-2026
Cybersecurity experts and industry reports highlight evolving threats and persistent challenges as organizations prepare for 2026. Attackers are increasingly exploiting misconfigurations, leveraging AI-driven social engineering, and taking advantage of complex, rapidly changing cloud environments. Despite technological advancements, human error and configuration drift remain leading causes of breaches, with automation and policy enforcement recommended as key mitigations. The financial services sector, while showing improved prevention effectiveness due to regulatory pressure and investment, still faces critical weaknesses at specific attack stages, underscoring the need for continuous validation and adaptive controls. Industry commentary and newsletters reflect on the rapid pace of change, with significant M&A activity, the growing impact of AI on cybersecurity strategies, and ongoing struggles with vulnerability management and software supply chain security. The sector is urged to address these systemic issues by adopting risk-based approaches, improving transparency, and integrating new frameworks such as the OWASP Agentic AI Top 10. As organizations look ahead, the consensus is that while progress is being made, the threat landscape is becoming more sophisticated, requiring ongoing vigilance and innovation.
Mar 21, 2026
Major Cyber Threat Trends and Shifts in 2025
Cybersecurity research throughout 2025 revealed significant changes in the threat landscape, with both SentinelLABS and KrakenLabs reporting a marked evolution in attacker tactics and the professionalization of cybercrime. Threat actors increasingly leveraged artificial intelligence to automate attacks, generate convincing social engineering content, and bypass security controls, making AI a practical tool for both sophisticated and commodity threats. The exploitation of legitimate infrastructure, such as free-tier publishing platforms and commercial AI APIs, became commonplace, while adversaries also began monitoring defender intelligence-sharing platforms to stay ahead of detection. The rise of crimeware-as-a-service (CaaS) further industrialized cybercrime, enabling a broader range of actors to access advanced capabilities and monetize initial access to corporate networks. Geopolitical tensions and the convergence of organized cybercrime with emerging technologies accelerated the pace and scale of attacks, with threat actors blending ideological motives with financially driven ransomware and extortion campaigns. Traditional carding fraud declined due to regulatory and law enforcement efforts, but attackers shifted focus to abusing trusted third-party platforms and exploiting identity and access management weaknesses. These developments defined the cyber threat environment in 2025 and set the stage for ongoing risks into 2026, as organizations faced increasingly sophisticated and industrialized adversaries.
Mar 21, 2026
Evolving Cybersecurity Training and Incident Response for Modern Threats
Security leaders are increasingly recognizing that traditional approaches to cybersecurity training and incident response are insufficient in the face of rapidly evolving threats. According to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, 57% of significant cyber incidents involve attack scenarios that organizations have never rehearsed, highlighting a critical gap in preparedness. Many organizations focus their tabletop exercises on well-known threats such as ransomware, but the real challenge often comes from novel and unexpected attack vectors. Security experts argue that tabletop exercises are frequently either too specific or too grandiose, failing to address the nuanced and likely scenarios that teams are more apt to encounter. For example, some enterprises have gone to great lengths, such as purchasing burner phones for secure communications during exercises, only to discover practical issues during the simulation. Analysts and consultants point out that these exercises often lack realism and do not align with the actual risk and threat profiles of the organization. Meanwhile, a global survey by DarkTrace found that 74% of cybersecurity professionals view AI-powered threats as a major challenge, and 90% expect these threats to significantly impact their organizations within the next one to two years. The increasing use of AI-generated malware and autonomous reconnaissance by adversaries means that threats are evolving in real time, outpacing the static, compliance-driven training models many organizations still use. Legacy approaches, such as annual penetration tests and semi-annual tabletop exercises, are no longer adequate, as they provide limited visibility and fail to build lasting strategic capabilities. These outdated models also assume that adversaries are predictable, which is no longer the case in the current threat landscape. Experts advocate for a shift toward Continuous Threat Exposure Management (CTEM), a discipline that emphasizes ongoing, threat-informed practice rather than occasional, fragmented exercises. This approach requires organizations to move from reactive defense to operational resilience, fostering cross-functional collaboration and daily engagement with emerging threats. By making training exercises more relevant, realistic, and tailored to the organization's specific context, security teams can better align with business objectives and improve their ability to respond to unforeseen incidents. The consensus among industry leaders is that a transformation in both mindset and practice is essential to keep pace with the dynamic nature of cyber threats. Organizations that fail to adapt risk being unprepared for the next wave of sophisticated attacks, particularly those leveraging artificial intelligence and automation. Ultimately, the future of cybersecurity training lies in continuous, adaptive, and business-aligned preparation that mirrors the complexity and speed of modern adversaries.
Mar 21, 2026