Will 2025 be the turning point for cybersecurity in finance?
Could 2025 be the year that reshapes cybersecurity in the financial services industry for good? With increasingly sophisticated cyber threats and emerging technologies like AI impacting every sector, many believe the financial services industry is on the brink of a major transformation. If that’s the case, the industry must adapt.
Global cybercrime costs are predicted to reach $10.5 trillion by 2025
According to Cybersecurity Ventures, global cybercrime costs will increase by 15% annually over the next five years, reaching $10.5 trillion by 2025. This growing threat landscape is driving a fundamental shift in cybersecurity strategies.
As Mikko Hypponen, a global security expert, speaker, and author, says: “Financial institutions must recognise the simple fact. The traditional approaches are no longer sufficient. The game has changed. And 2025 could be the year the industry finally catches up.”
Let’s put cybersecurity in finance under scrutiny and see if 2025 will be a year of major changes.
The escalating cyber threat landscape
The finance industry has always been a prime target for cybercriminals and with the evolving nature of cyber threats, concerns are growing. Cybersecurity solutions provider Checkpoint Research predicts a surge in artificial intelligence e (AI) driven cyberattacks by 2025. While banks and financial institutions use AI for threat detection, cybercriminals have leveraged machine learning (ML) to outmanoeuvre traditional security measures. These attacks will be more sophisticated, personalised, and more complex to detect.
Naturally, the more cyberthreats financial institutions face, the more money will be spent on countermeasures (see Figure 1). Otherwise, the ones failing to adapt will collapse under pressure.
Figure 1. Estimated cost of cybercrime worldwide in trillion USD. Source: ResearchGate
One should not underestimate the power of cybercriminals. Sophisticated tools like AI and ML lack an ethical foundation and can be exploited by those who know how to use them. This is precisely why financial institutions must adapt and implement measures to protect valuable data and assets.
Regulatory shifts – the dawn of DORA
In a logical move, regulatory bodies respond to these emerging threats with stringent new frameworks. One of the key developments expected to shape 2025 is the emergence of new regulations to mitigate systemic risk in the financial services industry. The Digital Operational Resilience Act (DORA) is set to come into effect on 17 January 2025. It aims to unify and strengthen ICT risk mitigation requirements across financial entities.
According to Gartner, financial institutions are expected to increase cybersecurity spending by $212 billion by 2025 in response to stricter regulatory measures. This regulatory push is further emphasised by McKinsey’s analysis, which highlights the urgency for financial services to “de-risk” emerging technologies through stringent operational resilience measures.
Overall, 2025 will be the year for more stringent regulation and the push to impose more significant penalties for breaches and non-compliance. This suggests a shift from a reactive stance, where companies respond after an incident occurs, to a more proactive approach – addressing threats before they escalate into full-blown crises.
Zero Trust Architecture – a new security paradigm
The consensus is that traditional perimeter-based security models cannot withstand the pressure of looming tech-pumped cybersecurity threats. Deloitte reports that by 2025, many organisations strive to adopt Zero Trust Architecture (ZTA). The premise of Zero Trust is simple: trust no one, verify everyone. The approach requires strict identity verification for every person and device accessing resources on a private network (see Figure 2). After all, as per an IBM report, 95% of all cybersecurity breaches involve human error.
Figure 2. Key elements of the ZTA implementation model. Source: Deloitte
ZTA offers enhanced security for sensitive data and transactions in the finance sector. Many cybersecurity experts believe ZTA is essential in mitigating insider threats and securing remote work environments.
In an industry where one wrong move can result in the loss of millions of dollars – not to mention damage to reputation – ZTA is becoming crucial for closing security gaps. By 2025, many companies and organisations will make their decision on adopting ZTA. The more the approach is battle-tested, the sooner its significance will be widely recognised.
Quantum computing – preparing for the next frontier
Quantum computing promises immense computational power, with processing power 100 million times greater compared to the fastest supercomputer to date (in 2015, Google and NASA reported that their D-Wave quantum computer had solved an optimisation problem in just a few seconds and claimed this would have taken a classical computer 10,000 years to solve).
While everyone marvels at the potential speed of quantum computers, Deloitte warns that these machines could break RSA and ECC encryption within minutes.
As a countermeasure, experts in the financial industry need to explore quantum-resistant cryptography. McKinsey highlights that quantum attacks could become feasible by the late 2020s and particularly palpable closer to 2030, which is not that far away. All of this emphasises the need for quantum-resistant encryption methods.
“Quantum computers have already initiated a paradigm shift in how researchers think about data security,” says Sarvagya Upadhyay, senior research scientist manager at Fujitsu Research. With the quantum computing market going through the roof, a similar tendency should be expected for quantum-resistant cryptography (see Figure 3).
Figure 3. Quantum computing market size in USD million. Source: Precedence Research
As we saw previously with AI and ML, quantum computing can be used by friends and foes. It all depends on who will have better minds and more funds invested. And the financial institutions cannot afford to lose this race.
What does this all mean for financial institutions?
Financial services have always been a high-stakes game. As regulators tighten their grip and the technology at the industry’s disposal becomes more sophisticated, 2025 could mark the turning point where proactive, strategic cybersecurity becomes the norm rather than the exception.
According to McKinsey, the key to success lies in de-risking emerging technologies by adopting a balanced approach incorporating robust cybersecurity measures at every stage of technology implementation. The financial sector cannot afford to be complacent.
The volume of threats is growing. Addressing these risks with a strategic, well-integrated approach is a must. Whether it involves adopting ZTA, complying with DORA, leveraging AI, or preparing for quantum threats, companies must ask themselves: Are we prepared for what’s coming?
Conclusion
2025 will be the start of a turning point for cybersecurity in finance. The industry is on the cusp of significant change in the coming years. Seizing this opportunity requires more than just new tools – it demands the right partners to help navigate this complex landscape.
Whether your organisation is already on the path to implementing these changes or just starting, the journey to robust cybersecurity begins with selecting the right expertise to guide the way. Staying one step ahead will be crucial to ensuring that businesses are not adversely affected.
Is your organisation ready to tackle these cybersecurity challenges? We invite you to connect and explore how we can help strengthen your cybersecurity strategy for 2025 and beyond.
Reach out to the Avenga experts or contact Toni Trpkovski directly and let’s have a chat.
Sponsored by Avenga
