The rapidly changing, complex landscape of global cybersecurity has shown no signs of slowing in the first half of 2025; As advanced technologies continue to introduce new vulnerabilities, businesses must build ever more sophisticated defenses to stay ahead. Understanding the latest cyber threats and necessary guardrails is key to not only remaining resilient but proactively protecting reputation.
Our global experts shared a look at the most significant developments so far this year—and the critical issues set to shape cybersecurity for the rest of 2025 and beyond.
Global trends
Across the globe, retailers have become a new top target for cyberattacks. From food giant Whole Foods to clothing retailer The North Face, brands of all sizes have seen an uptick in breaches that have led to data leaks, business disruptions and, in some cases, severe reputational damage.
Just a few months ago, British department store Marks & Spencer (M&S) suffered a breach that disrupted payment systems, causing profit losses, a dip in market value and a media blitz. Perhaps most importantly, it invited a wave of public scrutiny; According to an FGS Global poll of over 2,000 UK adults, 88% said retailers should be doing more to protect themselves and customers from cybercrime, and 24% said they would not shop online in the future with retailers that have been hit by cyber attacks. Ensuring boards and leadership are treating cybersecurity as a core priority – and that they’re communicating incidents with speed and transparency – is now more important than ever.
At the same time, supply chain attacks, such as those targeting third-party vendors and software providers, have continued to be a concern in 2025. The M&S example also illustrates this point – hackers were able to infiltrate via a third-party supplier, who provided them access to internal systems and personal customer data. No matter how resilient an organization’s internal cybersecurity tools may be, any vendor, from a secure file transferring service to a remote access tool for helpdesks, can make a system vulnerable. Careful assessment of supply chain vulnerabilities and comprehensive third-party risk management are essential to keeping customers, employees and business operations safe.
AI has also made its way to cybercrime. Cybercriminals are leveraging the technology to develop more sophisticated and targeted attacks, including AI-generated phishing emails, real-time adaptive malware and deepfake-enabled fraud. And employees are having a harder time discerning the real from the fake, as AI-generated content eliminates spelling errors and creates increasingly convincing videos of leadership. Adapting cybersecurity trainings to these trends, and ensuring all employees and leadership are equipped to flag fraud before it escalates, is essential to combatting these risks.
Regional trends
It’s no secret that 2025 has been volatile politically – but interestingly, this has seeped into the cybersecurity space as well. In the US, for example, involvement in the Iran-Israel conflict has opened new vulnerabilities to attack from Iranian threat actors, who are targeting critical infrastructure like water systems and power grids. Specifically, a memo from The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3) and the National Security Agency (NSA) noted that “Iranian-aligned hacktivists have increasingly conducted website defacements and leaks of sensitive information... against U.S. and Israeli websites due to recent events.”
Likewise, in the US, UK and beyond, North Korean hackers are working to infiltrate crypto exchanges and other platforms for financial gain, with the suspected aim of bolstering military development. Threats from Russia are prevalent in many regions as well.
While political strife will always be present, and in many ways, unpredictable, understanding these trends can help both public and private organizations keep up and stay prepared.
On the flip side, in Europe, new cyber regulations are fortifying defenses. In the second half of the year, many European countries will be implementing NIS2, a new EU regulation that forces companies to increase their cyber resilience, lest management be held liable. Though the law does pose challenges, it also establishes clearer standards for risk management, incident reporting and third-party oversight, all of which could prove crucial as cyber risks continue to multiply.
Watch list
This is but one of many upcoming trends to keep an eye on.
As summer continues, hackers will also take the opportunity to catch companies and their leaders with their defenses down. Organizations should be mindful of moments like this, along with holidays and industry events, which can create windows of vulnerability. Heightened vigilance and proactive planning during these periods are critical to minimizing risk.
The bottom line
In a year where digital threats are evolving at lightning speed, staying up to date on cybersecurity trends is not an advantage—it is a necessity. Proactive organizations understand that preparation, prediction and rapid response are only possible through continuous learning and close collaboration with cyber crisis experts. By forging these partnerships and maintaining vigilance, companies can not only defend their reputations but build resilience to thrive amid uncertainty.
Learn more about FGS Global's Cybersecurity & Data Privacy practice.