Understanding the Sources of Cyber Threats in 2025

As we enter 2025, businesses must prepare for a challenging and rapidly evolving cyber landscape. From nation-state conflicts to hybrid warfare, the ripple effects of global events increasingly reach the digital domain.  

The ongoing war in Ukraine has provided stark lessons.  Since 2014, long before the conflict being fought with conventional weapons began in 2022, the nation has been a testing ground for offensive cyber capabilities by their adversaries.  Warfare accelerates innovation and the cyber-attacks born in such high-stakes environments are invariably adopted by cyber-criminals.  

There is no universally agreed definition of the term hybrid warfare, but it has been described as a fusion of conventional and unconventional instruments of power to achieve political advantage.  Basically, a combination of psychological manipulation of social media to sow doubt and destabilise societies, economic exploitation to weaken economies, political interference and industrial espionage.  Cyber-attacks underpin all these activities and the fallout from these attacks not only directly impacts many innocent people and organisations, but also provides criminals with new methods to steal, cheat and cause harm.  

One of the best-known examples of this phenomenon is a cyber-attack launched at the Ukrainian Government which spilled over into border control systems and then shipping companies, leaving millions of parcels sitting on container ships without any way of tracking where they came from or where they were going.  This attack impacted millions of people and cost an estimated $10 billion worth of damage worldwide.   

There is a simple equation used in cyber:  “Risk = Threat + Vulnerability”. 

So, on one side of this equation, as cyber threats continue to rise in frequency and complexity, the first priority for businesses of all sizes this year must be enhanced awareness. Too often, organisations separate global events from their operations, believing the issues are far removed from their day-to-day challenges. But the reality is very different.  

On the other side of the equation, the digitalisation of our world means that geopolitical tensions can quickly translate into vulnerabilities. For example, if your business relies on automation tools or a specific software platform to operate, you need to understand how it could be targeted by actors trying to damage your industry and/or how it could fall foul of being collateral damage in the complex shenanigans of hybrid warfare between nations. 

This doesn’t need to be over-complicated, it just means taking more of an interest in nation-state activities and how they may impact you, your company and your industry and then being a bit more proactive about identifying possible vulnerabilities in any major systems you rely on.  

For SMEs, this might mean ensuring secure backups, updating software regularly, and providing staff with training on cyber hygiene. For larger organisations, it may involve more advanced measures like penetration testing, hiring cyber specialists, or working with managed security service providers. 

Here in Wales, we’re fortunate to have a thriving cyber ecosystem. Cyber Wales has grown into one of the largest cyber clusters in Europe. Its members range from security operation centres and consultancy firms to those providing managed security services. This ecosystem plays a crucial role in raising awareness, sharing threat intelligence, and supporting businesses in bolstering their defences. 

Cyber risks are constantly evolving, and complacency can be a significant weakness. Just as warfare drives innovation, the relentless march of technology drives haste in bringing products and systems to market, resulting in opportunities for attackers. This cycle is ongoing, so businesses would benefit from viewing cyber security as a continuous journey rather than a one-off expense. 

2025 presents an opportunity to turn the tide. By staying informed about global threats, addressing system vulnerabilities, and tapping into the wealth of expertise available here in the Welsh cyber ecosystem, businesses can strengthen their defences and protect their operations.  

As the world becomes increasingly digital, cyber resilience is no longer optional. It’s a critical component of business success. The stakes have never been higher, but with vigilance and action, businesses can navigate the challenges ahead and emerge stronger.