Osakwe also predicts an increase in third-party liability clauses within contracts and the continued enforcement of regulations like the EU AI Act, DORA, and the Personal Information Protection Law (PIPL) in China. He warns that ransomware will remain a prevalent threat, evolving into a model where hackers demand multiple payments. As these threats increase, organizations will need more security professionals to mitigate risks, manage compliance, and maintain operational integrity.
Key takeaways:
- Fene Osakwe, a top cybersecurity advisor, highlights the top cyber risks for 2025, including neglect of foundational security measures, vulnerabilities in legacy systems, spear phishing, third-party risks, prompt injection attacks, nation-state threats, increased regulations and fines, and ransomware.
- Osakwe warns against the trend of neglecting essential security governance and vulnerability management practices in the rush to adopt AI and machine learning capabilities.
- He emphasizes the need for organizations to manage the information individuals put online, regularly update and fine-tune large language models (LLMs), and hold third parties accountable in the event of a breach or operational disruption.
- Osakwe predicts that ransomware will evolve into triple extortion, where hackers could demand payments in multiple ways, creating a difficult dilemma for victims.