“In 2025, every organization will face a major cyber breach,” declared Nimrod Kozlovski, founder and CEO of Cytactic, a cyber crisis management and readiness platform, while hosting a special Cyber Crisis Management Forum, "From Chaos to Control," earlier this month at the iconic Yale Club in New York City.
“In 2025, every organization will face a major cyber breach.”
The forum, which brought together a select group of top cyber industry leaders, aimed to identify the most imminent cyber threats of 2025 and explore how cybersecurity challenges will evolve. Attendees also discussed the strategies necessary to face these challenges head-on.
Cytactic focuses on optimizing crisis readiness, steering crisis response, and accelerating recovery. “Since we know it’s coming, every organization must understand the potential threats and prepare to manage them effectively. We’ve all seen what happens when companies are caught off guard,” Kozlovski emphasized.
Tim Brown, an honorary guest at the event and CISO of SolarWinds, brought a wealth of expertise to the discussion. Drawing on his experience managing the landmark SolarWinds cyber crisis, SUNBURST, Brown emphasized the critical need for proactive preparation through simulations, strategic planning, and advanced tools to transition from chaos to control during crises. The SUNBURST incident left lasting impacts on both the software development and cybersecurity industries, serving as a wake-up call for all companies. Brown underscored that every aspect of the software development pipeline, from source code to content distribution, must be thoroughly secured.
“Crises are unpredictable and chaotic. Resilience requires preparation, training, and envisioning ... [+]
A live crisis simulation conducted during the event vividly demonstrated real-time crisis management, igniting thought-provoking discussions on imminent threats and effective strategies to address them.
Top 5 Cyber Threats of 2025
The central message for 2025 was clear: cyber incidents are inevitable, and resilience paired with strategic preparation is crucial. Accordingly, the forum outlined the top five threats that organizations must address to navigate an increasingly unpredictable digital landscape:
Global Conflicts, Business Casualties
Cyber incidents will increasingly be tied to geopolitical conflicts, with commercial entities caught in the crossfire as both tactical and strategic targets. “Similar to what we see in Russia-Ukraine, Taiwan-China, and the Middle East, global crises lend legitimacy to state-sponsored attacks on the business sector,” said Kozlovski. “In 2025, we’ll see a rise in these attacks, involving disruption, surveillance, data theft, identity theft, and IP theft.”
AI-Assisted Attacks
AI will serve as a double-edged sword, empowering threat actors to exploit deep fakes, social engineering, and automated attack tools. “Deep fake attacks will become more prevalent, with entire attacks orchestrated using AI,” explained Yuval Ben-Itzhak, General Partner at Evolution Equity Partners. “As innovation in AI accelerates, so will the frequency and complexity of these cases in 2025.”
Threat Actor Professionalization
Attackers are becoming more sophisticated. State-sponsored ransomware groups, like those linked to Russia, are refining their techniques, employing complex extortion schemes and increasing the intensity of attacks. “The bad guys are getting smarter,” said William Malik, Principal at Malik Consulting. “The pace, frequency, and creativity of attacks will only escalate, presenting major challenges for CISOs.”
Monolithic Vulnerabilities
Over-reliance on the same technological supply chains creates vulnerabilities where a single compromised entity could cascade into widespread disruption. “Organizations must prepare not only for internal incidents but also for vulnerabilities in their supply chains,” Kozlovski urged. He cited examples like Change Health’s breach and CrowdStrike’s outage, which inflicted over $1 billion in damages in 2024.
Smart Buildings, Smart Targets
Cyberattacks on physical infrastructures, such as smart buildings and manufacturing facilities, will rise. “When cyberattacks extend to physical systems such as elevators, fire controls, access systems and others, it will mark a new phase of risk,” warned Markus Geier, President of Comcode North America Inc.
“Organizations must prepare not only for internal incidents but also for vulnerabilities in their ... [+]
Preparing for the Inevitable
Detecting the top five threats is just the beginning. The forum emphasized that effective cyber crisis management hinges on both resilience and preparation. Tim Brown shared from his experience managing SUNBURST, stating, “Preparedness ensures teams practice managing minor incidents, building muscle memory for major crises. Effective preparedness minimizes recovery time and impact.” Brown highlighted the critical role of automation and tools in reducing reliance on human improvisation during high-stress scenarios, which led him to join Cytactic’s Advisory Board. “The platform’s predefined plans and automated tasks are game-changers, enabling teams to focus on managing crises instead of improvising,” he added.
“Preparedness ensures teams practice managing minor incidents, building muscle memory for major ... [+]
Kozlovski concluded with a call for imagination and adaptability in crisis management. “Crises are unpredictable and chaotic. Resilience requires preparation, training, and envisioning worst-case scenarios to handle them effectively,” he said.
In light of these clear and imminent risks, the forum’s message was clear. Organizations must prioritize preparedness, adopt robust solutions, and build resilience to ensure operations can endure even the inevitable crises of 2025.
