2025 Cybersecurity Trends: AI Expands The Surface of Cyberattacks

Key security challenges brought by artificial intelligence include emerging threats, expanded attack surfaces, and evolving compliance demands.

Netwrix, a vendor specializing in cybersecurity with a focus on data protection and identity threats, has released its 2025 Cybersecurity Trends Report. This report is based on a comprehensive survey of 2,150 IT and security professionals representing 121 countries.

The findings indicate that 60% of organizations have already incorporated AI into their IT environments, while an additional 30% are planning to adopt it.

The research highlights a notable shift in security posture driven by AI:

  • 37% of participants stated that AI-related threats compelled them to modify their security strategies.
  • 30% observed the appearance of new attack vectors due to AI usage by internal business teams.
  • 29% are encountering difficulties with compliance, as auditors increasingly request evidence of data protection and privacy in AI-enabled systems.
How AI is impacting security posture (2025)
How AI is impacting security posture (2025)

Jeff Warren, Chief Product Officer at Netwrix, emphasizes that modern AI-integrated business operations are exposed to a wide range of novel risks that security teams must proactively address. The data reflects a growing number of security breaches focused on identity exploitation and infrastructure compromise. Attacks targeting identities are expected to become even more prevalent. These include advanced methods for bypassing multi-factor authentication, misuse of machine-to-machine identities such as service accounts and access tokens, AI-driven deepfake-based phishing using voice and video, and large-scale generation of synthetic identities.

Dirk Schrader, VP of Security Research at Netwrix, emphasizes that AI processes trained using proprietary enterprise data constitute valuable intellectual property, making them attractive targets for cybercriminals. Securing data throughout the AI lifecycle is essential – from data ingestion and model training to vigilant monitoring of API endpoints for indicators of prompt injection, abuse, or leakage of the model. Applying Zero Trust principles is critical in AI environments. Every interaction with an AI system, whether internal or external, should be treated as potentially malicious. As a result, organizations must enforce strict authentication protocols, apply least privilege access, and maintain continuous monitoring.

This year’s survey focused on incidents that required direct involvement from security teams, rather than those handled automatically.

Under this definition, 51% of respondents confirmed experiencing at least one such incident over the past year. The proportion of organizations reporting no security incidents has sharply declined, dropping from 45% in 2023 to only 36% in 2025. Additionally, 75% of participants disclosed financial losses due to attacks, a significant increase compared to 60% in 2024. The share of organizations estimating losses of $200,000 or more has nearly doubled, rising from 7% to 13%.

Cost of security incidents (2023, 2024, 2025)
Cost of security incidents (2023, 2024, 2025)

While direct costs associated with breaches are well recognized, there are also indirect costs that can be equally or more damaging. These include the loss of intellectual property, delays in product development, and reputational harm. Such impacts are difficult to quantify but can be severe, particularly for businesses where innovation is a key component of the value proposition. Breaches erode trust in the brand, and customer attrition often peaks during contract renewal periods – long after the immediate effects of the incident appear to be resolved.

For further insights into prevalent types of security incidents, IT priorities within organizations, cyber insurance trends, and more, the full report is available for download.

Subscribe to news