Forrester’s 2025 Predictions report outlines critical cybersecurity, risk, and privacy challenges on the horizon. Cybercrime costs are expected to cost $12 trillion by 2025, with regulators stepping up efforts to protect consumer data. Organisations are urged to adopt proactive security measures to mitigate operational impacts, particularly as AI technologies and IoT devices expand.
Another major prediction is that Western governments plan to prohibit certain third-party or open-source software due to rising concerns over software supply chain attacks, which are a leading cause of worldwide data breaches. Increased pressure from Western governments has prompted private companies to produce software bills of materials (SBOMs), enhancing transparency regarding software components.
However, these SBOMs also reveal the reliance on third-party and open-source software in government purchases. In 2025, armed with this knowledge, Forrester says that a government will impose restrictions on a specific open-source component for national security reasons. Consequently, software suppliers will need to eliminate the problematic components and find alternatives to maintain functionality.
Among the key forecasts is the EU issuing its first fine under the new EU AI Act to a general-purpose AI (GPAI) model provider. Forrester warns that companies unprepared for AI regulations will face significant third-party risks. As generative AI models become more widespread, businesses must thoroughly vet providers and gather evidence to avoid fines and investigations. Another major prediction is a large-scale Internet of Things (IoT) device breach, with malicious actors finding it easier to compromise common IoT systems. Such breaches could lead to widespread disruption, forcing organisations to engage in costly remediation efforts.
Forrester also anticipates that Chief Information Security Officers (CISOs) will reduce their focus on generative AI applications by 10%, citing a need for measurable value. Currently, 35% of global CISOs and CIOs prioritise AI to boost employee productivity, but growing disillusionment and limited budgets are expected to hinder further AI adoption. The report reveals that 18% of global AI decision-makers already see budget limitations as a major barrier, a figure projected to increase as organisations struggle to justify investment in AI initiatives.
The report also highlights a rise in cybersecurity incidents. In 2023, 28% of security decision-makers reported six or more data breaches, up 16 percentage points from 2022. Additionally, 72% of those decision-makers experienced data breach costs exceeding $1 million. Despite these alarming statistics, only 16% of global security leaders prioritised testing and refining their incident response processes in 2023, leaving many organisations unprepared for future attacks.
Human-related cybersecurity risks, such as deepfakes, insider data theft, generative AI misuse, and human error, are expected to become more complex as communication channels expand. Forrester also explores how generative AI could reshape identity and access management, addressing challenges like identity administration, audit processes, lifecycle management, and authentication. In conclusion, the report urges companies to brace for evolving threats and adopt forward-thinking strategies to protect their assets as cybersecurity landscapes shift.