Cyber threats have become a strategic risk for governments, businesses and citizens. Essential sectors such as energy, healthcare and mobility face increasingly complex security challenges, exacerbated by tightening regulations and the proliferation of generative artificial intelligence. In this context, transforming cybersecurity strategies is essential to ensure business continuity and the protection of critical infrastructure.
S2GRUPO’s cyber intelligence team, Lab52, has identified five key factors that will define digital resilience in 2025.
Five key trends in cybersecurity for 2025
1. Tighter regulations and greater compliance requirements
Regulations such as NIS2, DORA and the Cyber Resilience Act (CRA) impose stricter security requirements on thousands of companies in critical sectors. In Europe, more than 100,000 companies will be obliged to comply with these standards, facing sanctions of up to 5% of their annual turnover in the event of non-compliance. In Latin America, countries such as Colombia and Chile have also strengthened their legislation to protect strategic infrastructures.
2. The evolution of threats in cloud environments
The use of the cloud continues to grow, but so do the attacks aimed at these infrastructures, which have increased by 75% in the last year. It is predicted that by 2027, 99% of data breaches will be the result of human error, forcing organisations to adopt Zero Trust strategies and advanced identity and access controls.
Impact on critical sectors:
- Energy sector: The digitisation of networks and production plants increases the risk of attacks in hybrid cloud environments.
- Health sector: Hospitals and healthcare providers store critical data in the cloud, making them a priority target.
3. Greater visibility and control in OT network monitoring
Critical infrastructures increasingly depend on interconnected OT systems, which amplifies security risks. It is estimated that 30% of these organisations will experience security breaches by 2025, many of them due to unprotected third-party access. The implementation of advanced monitoring and proactive threat detection will be key to preventing incidents.
Impact on critical sectors:
- Energy sector: Protecting OT networks in power plants and refineries will be essential to prevent blackouts and sabotage.
- Transport and mobility: Connected fleets and traffic management systems have become an attractive target for cybercriminals.
4. Generative artificial intelligence: a double-edged sword
Generative AI is transforming cybersecurity for both defence and attack. Cybercriminals use it to automate attacks, develop undetectable malware and execute large-scale, personalised fraud. In response, companies will allocate more than 70% of their cybersecurity budget to the use of generative AI to detect and counter threats.
Impact on critical sectors:
- Mobility: AI allows for optimising the security of fleets and transport systems, but it is also used to launch targeted attacks against them.
- Industry 4.0: The integration of AI in industrial control systems requires cybersecurity measures adapted to automated processes.
5. Security based on human behaviour
95% of successful cyberattacks continue to originate from human error, from weak passwords to malicious emails. However, it is necessary to move beyond simple awareness. Using an approach of behavioural security will allow risk patterns to be identified and automated protection mechanismsto be established.
Impact on critical sectors:
- Healthcare: The manipulation of patient data and attacks targeting medical systems can have catastrophic consequences.
- Finance: Digital fraud is growing exponentially, driven by automated social engineering tactics.
A call to action for strategic sectors
Safer Internet Day reminds us that cybersecurity is an essential pillar for the economic and operational stability of any country. Failure to protect critical infrastructure can result in power cuts, healthcare chaos or massive transport disruptions.
Organisations must evolve from a reactive strategy to a proactive security posture. The combination of advanced cybersecurity solutions, artificial intelligence and a robust security culture will be key to the future.
The full report is based on the analysis prepared by Lab52, the cyber intelligence division of S2GRUPO.
To find out more and read the full article, get in touch with S2GRUPO experts.
