Google Cloud Security has published its 2025 Cybersecurity Forecast, offering an expert-driven analysis of key trends set to shape the global threat landscape. Developed in collaboration with Google Threat Intelligence, Mandiant, and VirusTotal, the report dives into the evolving techniques of threat actors, with input from Google Cloud Security leaders including Sunil Potti (VP/GM, Google Cloud Security), Sandra Joyce (VP, Google Threat Intelligence), and Charles Carmakal (Mandiant CTO). The forecast emphasizes how AI, geopolitics, and shifting attacker priorities will drive security challenges in the year ahead.
The Age of AI-Driven Threats
The integration of artificial intelligence into cyberattack strategies is emerging as a significant challenge for defenders. Attackers are expected to leverage large language models (LLMs) and AI tools to scale their efforts, automating phishing, identity theft, and social engineering attacks with alarming precision. Generative AI technologies also present a heightened risk for creating realistic deepfakes and bypassing standard identity verification measures. Organisations must prepare for adversaries that use AI to automate reconnaissance, streamline exploit development, and scale attacks in ways previously unseen.
AI in Defence: Moving Toward Semi-Autonomous Security
In response to these developments, Google Cloud predicts a shift toward semi-autonomous security operations. With AI already assisting in incident analysis, workflow automation, and large-scale threat management, the next phase will see teams relying on AI to handle more complex tasks like real-time threat prioritisation and mitigation. While humans will remain at the helm for critical decision-making, AI will continue to redefine how cybersecurity teams operate, enabling faster, more accurate threat responses.
JAPAC in the Crosshairs
The report pays particular attention to the Japan-Asia-Pacific (JAPAC) region, which is experiencing an intensification of cyber threats. North Korean operatives are targeting cryptocurrency firms and Web3 companies in the region, often posing as remote IT workers to infiltrate organisations. Meanwhile, Southeast Asian cybercrime groups are leveraging generative AI and advanced malware, creating underground ecosystems for illicit transactions. These developments highlight the growing sophistication of threat actors in JAPAC and the urgent need for regional collaboration to combat emerging risks.
A Global Perspective: The Role of Geopolitics
Geopolitical tensions are expected to continue driving state-sponsored cyber activity. The “Big Four” threat actors—Russia, China, Iran, and North Korea—are prioritising espionage, election interference, and critical infrastructure disruption. Russia’s campaigns remain linked to the Ukraine conflict, while China’s efforts will likely focus on maintaining stealthy, long-term access to sensitive data. The report also predicts significant cyber activity around the 2025 elections in Taiwan and the U.S.
Ransomware, multifaceted extortion, and information-stealing malware are also evolving, with attackers deploying more sophisticated techniques to extract value from victims. These trends underline the importance of robust threat intelligence and proactive measures to protect sensitive data and critical systems.
Building Resilience for 2025
To counter these advanced threats, the report encourages organisations to:
- Adopt cloud-native security: Benefit from scalable, real-time defence mechanisms.
- Improve identity and access management: Implement zero-trust architectures to reduce risks.
- Invest in AI-enhanced security tools: Leverage AI for faster detection and automated responses.
As the cybersecurity landscape grows increasingly complex, collaboration and innovation remain key to staying ahead of adversaries.
Learn more: Access the full 2025 Cybersecurity Forecast on the Google Cloud website.
