Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage

Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber adversaries, providing advice for increasing security posture in the coming year.

The year of AI-driven cyberattacks

The report highlights a shift in the cybersecurity landscape: the rise of artificial intelligence (AI) as a double-edged sword. While AI offers new tools for defenders, it also empowers malicious actors with advanced capabilities.

2025 is poised to be the year AI moves from pilot programs and prototypes to large-scale adoption, leading to a new era of semi-autonomous security operations. This integration of AI will help automate tasks, analyze vast datasets, and streamline workflows, ultimately enabling security teams to work more efficiently.

However, the report also warns of a surge in AI-powered cyberattacks. Attackers are expected to leverage AI, including large language models (LLMs) and deepfakes, to enhance social engineering attacks, conduct vulnerability research, and develop more sophisticated malware.

“2025 is the first year where we’ll genuinely see the second phase of AI in action with security,” said Sunil Potti, VP/GM, Google Cloud Security.

“2025 is going to be the year when AI moves from pilots and prototypes into large-scale adoption,” Phil Venables, VP, TI Security & CISO, Google Cloud, added.

Geopolitical conflicts fuel complex cyberattacks

Geopolitical tensions continue to spill over into cyberspace, driving increased complexity in the threat landscape. The report predicts continued cyber activity from “The Big Four” nation-state actors – Russia, China, Iran, and North Korea – as they pursue their geopolitical goals.

China’s aggressive approach and high-risk tolerance will likely result in continued stealthy tactics, including the use of zero-day vulnerabilities and custom malware designed for embedded systems. Russian cyber espionage is predicted to target governments, politicians, and critical infrastructure primarily in Europe and NATO countries. Iran will continue its cyber activity related to the Israel-Hamas conflict while also focusing on government and telecommunications organizations in the Middle East and North Africa. North Korea, driven by economic need, will target cryptocurrency exchanges in the JAPAC region, using tactics like impersonating remote IT workers.

Sandra Joyce, VP of Google Threat Intelligence at Google Cloud said: “Geopolitical conflicts will continue driving cyber activity around the world, creating more complexity.”

Ransomware persists, infostealers on the rise

Cybercrime remains a significant threat, with ransomware and extortion predicted to become major disruptors in 2025. The report highlights the expansion of these threats beyond the U.S., fuelled by the emergence of new ransomware-as-a-service offerings and an increase in data leak sites.

The report also sounds the alarm on the growing threat of infostealer malware. These sophisticated programs are designed to steal sensitive information like login credentials, posing a particular risk to organisations without robust multi-factor authentication in place.

Adding to the complexity, cybercriminals, particularly in Southeast Asia, are becoming increasingly innovative. They are rapidly adopting advanced technologies, including AI, malware-as-a-service models, and sophisticated money laundering techniques, posing a growing challenge to law enforcement and security professionals.

“Without question, multifaceted extortion and ransomware will continue in 2025, likely with an increase outside the U.S.,” said Charles Carmakal, Mandiant CTO, Google Cloud.

Preparing for a secure future: Cloud security, identity, and quantum computing

The Google Cloud Cybersecurity Forecast 2025 offers a call to action for organisations to bolster their defenses and proactively address emerging threats.

Key recommendations:

• Prioritize cloud security: Organisations should embrace cloud-native security solutions, such as cloud-based SIEM and SOAR platforms, to improve visibility, threat detection, and incident response capabilities.
• Strengthen identity and access management: Implement strong multi-factor authentication, continuous identity risk assessments, and robust access controls to mitigate the risks associated with compromised identities, particularly in hybrid environments.
• Prepare for post-quantum cryptography: Organisations must begin assessing the risks posed by quantum computing and plan for the adoption of quantum-resistant cryptographic solutions to protect sensitive data in the long term.
• Stay informed and adapt: Continuously monitor the threat landscape, leverage threat intelligence, and adapt security strategies to counter emerging risks and tactics.

The Google Cloud Cybersecurity Forecast 2025 report equips security professionals and executives with the knowledge and insights needed to navigate the complex cybersecurity landscape and proactively address emerging threats. By taking a proactive and comprehensive approach to security, organisations can mitigate risks, enhance their resilience, and protect their valuable assets in the year ahead.