Cybersecurity awareness: AI threats and cybercrime in 2025 | #cybercrime | #infosec

Cyberattacks are on a steep rise. Over the past four years, their average weekly number has more than doubled: from 818 per organization in the second quarter of 2021 to 1,984 in the same period this year. In the last two years alone, the global average number of weekly attacks encountered by organizations grew by 58%.

As we approach Cybersecurity Awareness Month this October, it’s clear that the first 10 months of 2025 have been defined by heightened cyber risks and significant challenges for the world’s largest organizations.

Here are 10 headline events and statistics that have shaped the year so far.

Despite the increasing number of attacks, Industry analyst IANS reports stalling budgets for cybersecurity. Growth has slowed from 17% in 2022 to just 4% in 2025, as the graph below shows, rather than increasing in line with threat levels.

Further complicating matters is an acute talent scarcity, making it not only hard but also expensive to recruit cybersecurity experts. The solution for many businesses is to ramp up the use of AI to bolster their cyber defences.

Anthropic, creator of the Claude chatbot, warns that hackers are “weaponizing” its AI, which has been used to develop malicious code affecting at least 17 organizations. The technology also helped hackers choose targets and suggested ransom amounts.

Stolen credentials are among the most widely used ways for cybercriminals to get a foot in the door, making people the weakest link.

That cyber criminals can get hold of such information is not necessarily down to employees’ negligence but down to the increasing ingenuity of the perpetrators themselves.

Scattered Spider, a group of hackers believed to be behind the attacks on companies including Allianz, Quantas, Marks & Spencer (M&S), Victoria’s Secret and Whole Foods, is particularly adept at social engineering techniques. They often impersonate employees or contractors to gain access to corporate IT systems.

Thwarting such attempts is not down to the IT people alone but affects everyone, Ivan John Uy, the Philippines’ former Secretary of the Department of Information and Communications Technology, told the World Economic Forum: “Cybersecurity is not a technical skill but a life skill.”

Deepfakes add another level of sophistication to social engineering, as British engineering firm Arup found to its detriment earlier this year. A group of criminals used AI-generated clones of the company’s senior executives on a video call to successfully trick a finance employee into transferring $25 million.

As cybercrime grows, governments are strengthening legal frameworks to ensure cyber resilience. A series of EU digital resilience laws is coming into force this year, including the Digital Operational Resilience Act, the Cyber Resilience Act and the AI Act. The EU Council also adopted a revised cyber crisis management blueprint to support companies and reduce reliance on US cyber infrastructure.

The UK has announced plans to ban public sector payments for ransomware, removing hackers’ incentives and protecting vital services. Businesses believe ransomware poses the greatest cyber risk to their operations, according to the Forum’s Global Cybersecurity Outlook 2025.

Meanwhile, ChatGPT owner OpenAI will work with the US Department of Defense to boost its AI capabilities, including in cyber defence, as part of a $200 million contract.

The series of attacks presumed to have been carried out by Scattered Spider underlines the global nature of cybercrime. To combat it, wider collaboration across geographies will be key. In August, the World Economic Forum reported on the dismantling of 25 cryptocurrency mining centres in Angola, a joint effort by INTERPOL and AFRIPOL across 18 countries, which saw 1,200 arrests and $97 million recovered.

Talent scarcity is one of the main obstacles to organizational resilience against cybercrime. The Global Cybersecurity Outlook 2025 states that only 14% of organizations have the right talent, with developing nations hit hardest.

In May, the Forum’s white paper Growing Cyber Talent Through Public–Private Partnerships developed a model for partnerships among governments, firms and international organizations to address talent gaps. The suggested approach is modelled on successful PPP projects across healthcare, education and infrastructure, in markets such as Kenya and Saudi Arabia.

This latest incident reinforces the fact that international collaboration will remain vital in the battle against cybercrime, as will fast-tracking new approaches to identifying potential vulnerabilities early, before they can be exploited.

“The recent cyberattack on airport check-in and boarding systems across Europe is a stark reminder that cyber resilience is a shared responsibility across the entire aviation ecosystem—including airlines, service providers, technology partners and regulators,” said Akshay Joshi, Head of the Centre for Cybersecurity at the World Economic Forum. “Strengthening collaboration and preparedness at every level is essential to safeguard public trust and ensure operational continuity.”