Austria 
Azerbaijan 
Bosnia and Herzegovina 
Bulgaria 
Croatia 
Czech Republic 
Estonia 
Georgia 
Germany 
Hungary 
Kazakhstan 
Kyrgyzstan 
Latvia 
Lithuania 
Moldova 
Montenegro 
North Macedonia 
Poland 
Romania 
Serbia 
Slovakia 
Slovenia 
Switzerland 
Tajikistan 
Turkmenistan 
Ukraine 
Uzbekistan INDEX.PHP: Cybersecurity trends to watch in 2025: insights from Fortra’s annual cybersecurity survey
Find out how this year’s security concerns compare to last year — and what they signal for the road ahead
Fortra has conducted a global, large-scale survey for the second year running, gathering insights from cybersecurity professionals across more than 20 industries worldwide. The aim? To pinpoint emerging trends, capture hard data, and analyze how the cyber threat landscape continues to evolve. For a clearer picture of how this year stacks up against the past, explore the State of Cybersecurity 2024 report. After all, the best way to move forward is to understand the hurdles we’ve already overcome.
Planning for the future is nearly impossible without understanding the past. Fortra’s 2025 State of Cybersecurity survey sheds light on the key challenges that have dominated cybersecurity professionals’ minds over the last 12 months. And if we look closely, we can start to track how cybersecurity concerns are evolving.
Unsurprisingly, artificial intelligence (AI) — and the many ways it’s transforming the threat landscape — was a major driver of change compared to the 2024 report. But beyond the shifting concerns, what really stands out is how organizations are stepping up their cybersecurity maturity in response. These actions will shape strategic planning for the months ahead.
Top cybersecurity risks and trends
According to the latest survey, these threat vectors stood out as key priorities for cybersecurity professionals:
1. Phishing and smishing
Phishing remains a constant concern, but with the rise of generative AI, it’s becoming a much more dangerous game. This year, concern around phishing increased slightly from 81% to 83%. While it might seem like widespread adoption of tools like integrated cloud email security (ICES) should help reduce this threat, GenAI continues to outpace defenses with nearly flawless social engineering techniques. The result? A persistent — and growing — sense of unease.
2. Malware and ransomware
Ransomware isn’t going anywhere. These attacks remain a top threat, with 71% of respondents ranking malware/ransomware as their second-biggest concern. That’s down slightly from 76% last year — possibly a sign that detection tools and extended detection and response (XDR) platforms are starting to pay off. As phishing and social engineering threats rise, we may be seeing a shift in attacker preference or simply improved defenses on the malware front.
3. Social engineering
Social engineering jumped in perceived risk this year, up 5% from 2024. This broad category includes everything from fake job offers on LinkedIn to QR code scams and Business Email Compromise (BEC). Fortra’s BEC Global Insights Report (January 2025) found a 10% rise in BEC scams from the previous month, with international banks being the most targeted — making up 30% of all attacks. Even more concerning, the average amount requested in fraudulent wire transfers rose significantly, from $16,799 in December to $24,586 in January.
The growing concern around evolving technology is closely tied to this rise in social engineering. Half of respondents cited it as a top issue — up from just 35% last year. The cause? AI-powered threats like:
- Deepfakes
- Perfectly written phishing emails in any language
- Hyper-targeted, AI-crafted phishing scams
And more. The challenge now is for defenders to harness AI just as effectively.
4. Cybersecurity initiatives
One of the more surprising trends in the 2025 report is the lukewarm adoption of trusted cybersecurity frameworks. Despite their modernization efforts, even top-tier standards like NIST are seeing only moderate usage — just 54%, down 5% from last year. Are organizations losing faith in these frameworks? Or are they shifting focus to internally developed zero trust models and mandatory compliance frameworks that feel more tailored to their specific needs?
Want the full picture? Download the complete Fortra 2025 State of Cybersecurity report to explore this year’s biggest threats, strategic responses, and the tools experts are counting on to stay ahead.