What are the top cyber security threats for businesses?
This Cyber Security Awareness Month, BDO takes a look at the threats faced by businesses from nation state actors to cyber criminals.
Photo: Unsplash.
New technology has given organisations greater data analytics, communication, and operational efficiency capabilities.
However, it has also made threat actors, ranging from nation-state actors to cyber criminals, more sophisticated. As our world becomes more digitally interconnected, we see the integration of artificial intelligence with cyber attacks enhancing the severity of these attacks.
Staying one step ahead in this digital race requires adopting cutting-edge measures. For example, leveraging Generative AI-enabled security solutions can drastically improve how security teams operate, driving efficiencies and reducing risks. Generative AI-based security technologies can help surface higher-priority risks and drive automated response procedures. These solutions can help your security team free up valuable time, improve detection, and drive faster response and recovery to keep your business thriving.
Understanding the emerging threats that businesses will face in 2025 is also critical. This article discusses the biggest threats and the key strategies to help you stay protected.
The rising cost of cyber attacks and the importance of resilience
According to the 2024 IBM Cost of a Data Breach Report, breach costs increased ten per cent from the year prior, the largest yearly jump since the pandemic. Additionally, organisations faced severe security staffing shortages, 26 per cent worse compared to the year prior, and observed an average of $2.57m (AUD) in higher breach costs than those with low-level or no security staffing issues. This finding underscores the alarming gap in organisations’ ability to identify, detect, and respond to cyber threats before the impact is felt by the organisation.
There is, however, some good news. The report also found that 42 per cent of data breaches were discovered by security teams, a nine per cent improvement from last year. This increase is attributed to greater investment in cyber planning and threat detection, as well as the adoption of AI technology to bridge resource gaps.
While these improvements are promising, there is still significant room for growth. The evolving threat landscape, fuelled by geopolitical tensions and innovative attack methods, underscores the need for organisations to develop and regularly stress test cyber resilience plans. Leveraging AI tools can free up valuable time for security teams to focus on continued improvements to their programs. Empowering teams with tools and strategies to accomplish more with limited resources remains a critical challenge.
The top cyber security threats for businesses
Your cyber security posture is not just an IT concern but a fundamental aspect of your overall business strategy and resilience. The ability to navigate the complex web of cyber security threats is no longer a matter of competitive advantage but a legal and ethical obligation. Stringent laws and regulations have been enacted, mandating businesses to remain vigilant and proactive in protecting their data to preserve their integrity and uphold the trust and privacy of their customers and partners.
To effectively mitigate risks, organisations must identify and address the following threats in 2025.
Nation-state actors
Nation-states are among the most organised and capable groups in the cyber threat landscape. These threat actors invest significantly in cyber capabilities, both offensive and defensive, to gain geo-political advantages. Their activities often dictate broader trends in cyber security. With current geo-political tensions in eastern Europe and the western Pacific, these actors will continue to drive new trends in cyber security.
On the offensive side, nation-states develop cyber attack platforms and tools that are often highly sensitive and secret, intended to be used stealthily at a time and place of their choosing. Sometimes, these systems are made public or exposed and used deliberately by criminal gangs or even leveraged by other nation-states.
On the defensive side, government agencies like the Australian Security Intelligence Organisation (ASIO) continue to express real concern about nation-states – specifically relating to attempts to leverage cyber attacks in future acts of sabotage by using cyber-vectors to gain persistent access to critical infrastructure assets.
ASIO revealed in their Annual Threat Assessment 2024 that “ASIO is aware of one nation-state conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks”, with the agency expressing concern these attempts will lead to low-cost, high-impact acts of sabotage. The Security of Critical Infrastructure Act 2018 (SOCI) seeks to drive appropriate risk-management activity to thwart such attacks.
The dual role of nation-state actors in advancing offensive and defensive cyber technologies can have a mixed impact on businesses across all industries.
Cyber criminals
Cyber criminal groups often focus on financial gain and range from sophisticated outfits, sometimes operating with a degree of state backing (to act as proxies), to less organised but highly skilled teams. Additionally, the tools used by state actors sometimes find their way into the hands of these criminals, either deliberately or inadvertently, increasing the risks further.
Individual hackers
At the other end of the spectrum are individual hackers and small groups, often called hacker enthusiasts. While their motives vary from activism to financial gain or notoriety, they present different organisational challenges. Technologies that enable hacking are becoming more accessible through platforms that ‘hack-as-a-service’, allowing even less experienced individuals to pose a significant risk.
BDO’s cyber security team understands the risks associated with disruptive technology and offers a comprehensive suite of cyber security services designed to safeguard your organisation. Contact us to learn more about thoroughly assessing your cyber security maturity level, testing your network for vulnerabilities, and comprehensively assessing risk.