Cybercrime to cost $12 trillion by 2025, says Forrester

Forrester's recently published 2025 Predictions report for Cybersecurity, Risk, and Privacy highlights the challenges and changes anticipated in the coming years.

With cybercrime costs projected to reach $12 trillion by 2025, the report suggests that regulators will play a more significant role in safeguarding consumer data. Organisations are expected to adopt more proactive security measures to mitigate potential impacts on their operations.

The report outlines several key predictions. Among these is the forecast that the European Union will issue its first fine under the newly enacted EU AI Act to a general-purpose AI (GPAI) model provider.

Forrester warns that organisations unprepared for such regulations may face significant third-party risk issues. As companies diversify their use of generative AI models, it becomes essential to thoroughly vet providers and gather requisite evidence to avoid investigations and fines.

Another notable prediction is the occurrence of a major Internet of Things (IoT) breach that could disrupt a large class of devices. Forrester suggests it is now easier for malicious actors to compromise common IoT devices and execute wide-scale attacks. Organisations affected by such breaches may have to engage in extensive and costly remediation efforts.

Moreover, the report anticipates that Chief Information Security Officers (CISOs) will reduce their focus on generative AI applications by 10% due to perceived lack of quantifiable value.

According to Forrester's data from 2024, 35% of global CISOs and CIOs currently prioritise exploring and deploying AI to enhance employee productivity. However, disenchantment with AI is expected to grow, with 18% of global AI decision-makers already citing inadequate budgets as a significant barrier to AI adoption. This number is projected to climb, as organisations struggle to justify the necessary budget allocations.

The insights presented are part of a broader examination into global cybersecurity trends. Forrester's State of Incident Readiness and Response report for 2024 highlights an alarming trend: in 2023, 28% of security decision-makers reported their organisation experienced six or more data breaches, marking a 16 percentage point increase from 2022. Additionally, 72% of these decision-makers stated that data breaches in 2023 resulted in costs of at least $1 million, an increase from 2022.

Despite these risks, only 16% of global security decision-makers viewed testing and refining incident response processes as a top tactical priority in 2023. This suggests potential vulnerabilities in organisational readiness for coping with cybersecurity incidents.

The report also covers human-related cybersecurity risks, which include misunderstood yet significant threats such as deepfakes, insider data exfiltration, genAI misuse, and human error. With the rise of generative AI and the expansion of communication channels, these risks are expected to become increasingly complex.

Forrester also provides insights into how generative AI might influence identity and access management technologies. The report explores the potential of genAI to address challenges in identity administration, audit processes, lifecycle management, authentication, and data services.