Top cybersecurity trends to watch in 2025

The top five trends we're seeing

1. Nation-state affiliated cyber activity

Nation-state affiliated actors increasingly target critical infrastructure and financial sectors to further their geopolitical objectives, making them a formidable cybersecurity threat. These actors employ a range of tactics, from cyber espionage aimed at stealing sensitive information and gaining strategic advantages, to conducting retaliatory cyberattacks in response to geopolitical tensions. Their operations are often sophisticated and well-coordinated, leveraging advanced technologies and exploiting vulnerabilities to infiltrate networks and systems.

2. Exploitation of artificial intelligence (AI)

Nation-state affiliated actors and cybercriminals are leveraging AI to craft highly sophisticated phishing emails that are more convincing and harder to detect, as well as creating deepfakes—realistic fake images, videos and audio—that can be used for impersonation and disinformation campaigns. Additionally, AI is being used to develop more advanced malware that can adapt and evade traditional security measures. Beyond these direct applications, cybercriminals are also exploiting vulnerabilities within AI platforms themselves, gaining unauthorized access to sensitive data.

3. Supply chain vulnerabilities

In today's interconnected world, businesses rely heavily on vendors and suppliers, which introduces cybersecurity risks. Threat actors are targeting vulnerabilities in supply chains, especially those with weaker security measures, to access sensitive information. These vulnerabilities can lead to data breaches, service disruptions and reputational harm.

4. Fraud and impersonation threats

As technology advances, fraudsters are using increasingly sophisticated methods, such as AI-driven deepfakes and synthetic identities, to bypass security measures and commit fraud. These technologies enable criminals to create convincing fake images, videos and identities, allowing them to gain unauthorized access to sensitive information. Impersonation scams are also on the rise, with fraudsters using voice cloning and generative AI to pose as trusted individuals or organizations, making it difficult for targets to distinguish between legitimate and fraudulent communications.

5. Evolving tactics

Cybercriminals are diversifying their tactics, including in ransomware operations to better evade security systems that are meant to detect and stop them, making it easier for them to slip past defenses. Additionally, the shifting landscape of cryptocurrency, with its potential for anonymity and decentralized transactions, is complicating efforts to track and intercept illicit financial activities. This evolution in tactics facilitates the undetected movement of funds, posing significant challenges for cybersecurity professionals tasked with safeguarding digital assets and maintaining the integrity of financial systems.

5 things you can do to protect yourself

1. AI and other technological advancements have enabled adversaries of all skill levels to conduct convincing phishing and other social engineering attacks. Learn how to recognize and handle suspicious emails and calls. For examples of fraudulent communication tactics and what to do when you encounter them, click here.

2. Install security patches and software updates on your personal devices as soon as they become available.

3. Protect your online accounts. Use multifactor authentication where you have the option, and don’t reuse the same passwords. Consider creating a passphrase.

4. Be smart about social media. Don't share too much personal information on your social media accounts and always check privacy controls.

5. Back up your data to a secure cloud-based service or external hard drives.

For more resources from JPMorganChase on how you can protect yourself, your loved ones, and your organization, visit the following links:

https://www.chase.com/digital/resources/privacy-security/security/cybersecurity

https://www.jpmorgan.com/insights/cybersecurity