2025 Cybersecurity Trends – AI Risks and Soaring Attack Costs

by

Netwrix has published its 2025 Cybersecurity Trends Report, it highlights how artificial intelligence (AI) demands shifts in security strategy, cloud adoption, and insurance requirements. The findings note a rise in attack costs and underscore the need for organizations to adapt as cyber threats evolve in conjunction with the advancement of AI. Netrwix surveyed over 2,150 IT professionals across 121 countries.

Cyber Insurance: More Crucial and Conditional Than Ever

“Cyber insurance won’t recover lost data or restore operations, but it can ease the financial hit and even prevent bancruptcy” – Netwrix 2025 Cybersecurity Trends Report.

In 2025, 62% of organizations either have or plan to obtain cyber insurance. Yet, securing a policy is no walk in the park, or even a hike in the woods.

Bar chart comparing cyber insurance requirements for organizations in 2023, 2024, and 2025. It shows the percentage of organizations required to meet specific security measures such as multifactor authentication (MFA), patch management, identity and access management (IAM), regular cybersecurity training for business users, privileged access management (PAM), and security information and event management (SIEM). In 2025, MFA (72%) and IAM (48%) are among the top insurer demands, reflecting stricter cyber insurance requirements in 2025.

Nearly half of respondents had to adjust their security posture to meet insurers’ rising expectations. Requirements for identity and access management (IAM) and privileged access management (PAM) rose significantly, from 38% to 48% and 36% to 45%, respectively, over two years.

Bar chart displaying cyber insurance claims usage among organizations in 2024 and 2025. It shows the percentage of organizations whose payout requests were fully approved (8% in 2025), partially approved (9% in 2025), or denied (1%). A majority, 65% in 2025, did not use their cyber insurance policy. The chart highlights the growing relevance of cyber insurance claims in 2025 due to escalating cyber threats.

No surprise here: cyber insurance requirements are tightening. The risk of a successful attack—and the chance of a claim, remains high. Just like in 2024, nearly 1 in 5 insured organizations (18%) used their policy in the past year.

AI Redefines Security Posture

The report shows 60% of organizations already use AI in their infrastructure, with another 30% considering it. However, with this adoption comes new challenges. Over a third (37%) of respondents say AI-driven threats have forced them to adapt their security strategy. A new attack surface and compliance burdens follow close behind.

See also  Ten Cybersecurity Tips for Small Businesses from the FCC

“AI workloads trained on proprietary enterprise data represents intellectual property and are attractive targets for cybercriminals,” says Dirk Schrader, VP of Security Research at Netwrix. “Security teams should apply Zero Trust principles in the world of AI: assume every interaction with the AI system, internal or external, could be malicious.”

Security Incidents Rise—and Cost More

More than half of the respondents (51%) reported experiencing serious incidents that required dedicated security responses in the past year. Attack costs soared, with 75% reporting losses. Alarmingly, those estimating damage at $200,000 or more almost doubled, from 7% to 13%.

Direct breach costs are well understood, but more subtle costs include intellectual property loss, product development delays, and reputational damage” Jeff Warren, Chief Product Officer at Netwrix noted. “Which are all hard to quantify but can be devastating, especially if innovation is essential to the business model.”

Hybrid IT and Cloud: Still Rising

The hybrid IT model dominates, with 77% of organizations using both on-premises and cloud environments. Cloud workload share rose from 41% in 2022 to 49% in 2025, and is expected to reach 55% by 2026. Security incidents in the cloud, especially identity-driven breaches, are rising.

Insider Threats and Identity-Based Attacks Are Growing

On-premises, insiders, usually through negligence, not malice, pose the top threat. In the cloud, external attackers lead. Identity and access mismanagement remain a common vulnerability.

AI-Powered Cyber Tools Gain Traction

While 26% of respondents now see AI as a top IT priority, up from just 9% in 2023, many remain cautious. Defensive tools powered by AI are gaining ground, but attackers are still moving faster.

Netwrix company logo in bold red font, representing a global leader in cybersecurity solutions and data protection software.

“Today’s AI-driven business processes are vulnerable to a host of new threats that security teams must be prepared for,” says Warren. “The data shows a rise in security incidents that are identity-driven and infrastructure-focused.

See also  Cyber Monitoring Centre Launches UK Cyber Event Classification System
Staffing, Budget, and User Mistakes Remain Persistent Hurdles

Challenges like understaffed IT teams, limited budgets, and user negligence continue to hinder security improvements. Even as organizations pursue rapid digital transformation, these old problems haven’t gone away.

Cyberattack Consequences Are Hitting Harder

Only 36% of organizations reported no impact from incidents, down from 45% in 2023. Unexpected costs, customer churn, and even changes in senior leadership were common consequences.

Other News: Managed Service Providers Beware – Netwrix Report(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

×