Each year, cybersecurity increasingly becomes a crucial pillar of digital ecosystems, and 2025 will be no exception. The rapid changes in the technological landscape, coupled with the growing ambitions of cyber attackers, are constantly redefining the rules of the game. Here are our predictions for a pivotal year.
"Cybersecurity in 2025 will no longer be just a defensive barrier, but a strategic innovation ground where technologies such as AI and quantum cryptography will reshape our certainties. Organizations capable of adopting a forward-looking vision will transform digital challenges into opportunities."
-- Clément Saad, CEO and Co-founder of Pradeo
The Rise of Super-Apps and Associated Risks
Super-apps, these multifunctional applications integrating various services (payments, messaging, commerce, etc.), will become essential tools in regions such as Asia, Africa, and South America. However, their adoption will be hindered in Europe due to strict regulations on personal data handling and the presence of well-established sector-specific digital ecosystems.
The centralization of multiple services within a single application makes super-apps highly critical, as they handle a wide variety of sensitive data: banking information, health records, personal data, etc. As such, their compromise can give cybercriminals access to highly lucrative data.
Super-apps rely heavily on numerous APIs (Application Programming Interfaces), significantly expanding their attack surface. On one hand, communications between modules can serve as backdoors for targeted attacks, while on the other, APIs from various sources often present inconsistent security levels. A vulnerability in one module can be exploited to compromise the entire application. Another risk lies in the cross-permissions between different modules of a super-app, often poorly controlled, increasing the likelihood of misuse.
To address these threats, companies developing super-apps must adopt a security-by-design, integrated, and proactive approach to minimize risks while anticipating potential attacks.
The Emergence of Offensive AI Ecosystems
The widespread adoption of Artificial Intelligence (AI) is radically transforming the landscape of cyberattacks. In 2025, we anticipate the emergence of offensive AI ecosystems capable of orchestrating multi-vector attacks with unprecedented precision. These systems will leverage generative models to design hyper-personalized phishing campaigns, detect zero-day vulnerabilities, and carry out evolving assaults that adapt in real-time to countermeasures.
Offensive AIs will push the boundaries by relying on predictive analysis to identify potential flaws before their public disclosure. In the coming years, they will also be able to synchronize attacks on complex infrastructures, such as cloud or IoT systems, creating strategic diversions while conducting primary attacks on critical targets.
To counter this threat, organizations will need to invest heavily in explainable AI models (XAI), which can not only detect anomalies with precision but also understand their origins. The combined use of artificial and collective intelligence will become crucial to develop adaptive countermeasures capable of responding in real-time to these new forms of attacks.
A Global Regulatory Turning Point
2025 will mark the advent of a new era of digital governance. The increase in cyber incidents affecting critical infrastructures has prompted states to tighten their regulatory frameworks. In Europe, the implementation of the NIS2 directive will impose stricter requirements for cyber resilience. Meanwhile, the United States and China will adopt an even more sovereign approach, establishing rigorous controls over technology exports.
With the NIS2 directive (Network and Information Security Directive) coming into effect, the European Union is significantly strengthening its cybersecurity requirements. This directive expands its scope to include new critical sectors such as health, water, and energy, while imposing stricter obligations on companies along with increased sanctions. The expected impact is twofold: an overall improvement in the cyber resilience of European companies, but also an increase in compliance costs.
Across the Atlantic, the United States is also taking a proactive approach to international cyber threats by incorporating specific clauses into their trade agreements, limiting the export of strategic technologies to nations deemed at risk.
China, for its part, continues its cyber sovereignty strategy. With laws like the Data Security Law (DSL) and the Cybersecurity Law, it imposes strict restrictions on cross-border data transfers and requires all companies operating on its territory to store their data locally. These measures aim to protect sensitive national interest information while consolidating government control over data and digital infrastructures.
These growing regulations create a fragmented environment where international organizations must navigate sometimes conflicting requirements. This fragmentation, in addition to generating geopolitical tensions, profoundly redefines corporate strategies, forcing them to navigate an increasingly complex regulatory framework.
The Rise of Application Supply Chain Attacks
The growing complexity of software ecosystems, marked by hard-to-monitor dependencies and insufficiently controlled use of third-party components, offers fertile ground for cybercriminals.
In 2025, attacks targeting the application supply chain are expected to intensify significantly. Cyber attackers will focus their efforts on injecting malicious code or vulnerabilities into widely-used third-party libraries and Open Source projects. Once compromised, these components will allow systemic breaches of the vast ecosystems of applications that integrate them, causing large-scale cyberattacks.
The impacts of such attacks will be considerable: user data compromise, disruption of critical services, and business interruptions. Faced with these risks, the European NIS2 Directive, which came into effect at the end of 2024, imposes new requirements, including regular security audits of applications. This text marks a turning point in terms of responsibility: organizations are now held accountable for the security of third-party modules integrated into their applications.
To counter these threats, the adoption of advanced analysis tools and the integration of certification mechanisms become imperative to ensure the integrity of software components from the development stages. Securing the application supply chain thus becomes a strategic priority, essential to preserving the stability and security of modern digital ecosystems.
A Future Shaped by Quantum Computers
The emergence of quantum computers, although far from dominating the current technological landscape, represents an emerging threat that organizations must anticipate today. In July 2022, the NIST (National Institute of Standards and Technology, USA) announced four cryptographic algorithms designed to withstand quantum computing, marking the beginning of an era where traditional cryptography will need to be completely rethought.
Major players like Gartner and Palo Alto Networks already consider quantum computing a major priority for 2025. Although quantum computers are not yet an immediate threat, organizations must begin planning their transition to quantum-resistant cryptographic algorithms. This transition is far from a simple update: there are no "off-the-shelf" solutions that allow direct replacement of current ciphers with quantum-resistant ciphers.
The NIST emphasizes in a white paper that each class of candidate algorithms imposes specific technical requirements, making direct replacements unsuitable. Therefore, upgrading cryptography must be approached as a large-scale project.
For decision-makers, the first step is clear: inventory sensitive data and existing encryption systems. Transitioning to quantum-resistant algorithms requires careful planning and gradual implementation. This ambitious project is nevertheless essential to ensure the resilience of systems in a future where quantum computing will be ubiquitous.
