2025 in cyber: The threats that changed the landscape, and how to stop them in 2026

2025 has turned out to be one of the most complex, and consequential, years in cyber security. 

AI and increasingly sophisticated attack strategies have pushed once-solid defences to their limits.  

And the Australian Cyber Security Centre’s (ACSC’s) Annual Cyber Threat Report 2024–25 shows it’s costing Australian organisations dearly. While the average cost of cyber crime on small businesses jumped 14% to $56,600, the cost on medium businesses jumped 55% to $97,000. But large organisations (200+ employees) were hit hardest, with the average cost of a cyber crime ballooning, up 219% to $202,700.  

This represents a fundamental shift in the cyber threat landscape. Previously, cyber criminals’ targets skewed smaller, because they were easier to breach. That’s changed. Modern attacker toolkits, automation and AI have lowered the skill barrier and accelerated reconnaissance. The result? Adversaries can now uncover misconfigurations and identity gaps in complex enterprise environments faster than defenders can close them. As a result, high-value targets have become easier to hit.   

Here’s how it’s happening.    

2025’s key cyber threats 

These are the key trends driving a notable shift in the cyber threat landscape.  

AI-Driven attacks 

AI has transformed Australia’s economy and society. Unfortunately, it’s done the same for cyber crime. Cyber criminals are using AI to make some of the most common cyber attacks, such as phishing, social engineering and malware, more convincing and harder to detect.   

 It’s also scaling cyber threats. According to IDC and Fortinet’s 2025 State of Cybersecurity in Asia-Pacific report, nearly 51% of organisations across Australia say they have encountered AI-powered cyber threats in the past year. Of those, 76% reported a 2x increase and 16% reported a 3x increase in threat volume. 

Cyber criminals use Generative AI to create high-quality videos, fake voices, websites, know-your-customer records and spearphishing emails. These AI-enabled improvements are turning threat detection practices on their head. For example, defences that rely on spotting typos or contextual inconsistencies in phishing emails are becoming redundant, as AI makes lures polished and highly convincing. 

 Cyber criminals are also using AI to scale the impact of breaches. The Australian Cyber Security Centre has observed cases where cyber criminals use Generative AI to automate the analysis of stolen datasets, so they can identify valuable credentials or extortion material.  

 The rise of AI as a tool in the adversarial arsenal is a turning point for cyber security programmes. Training and awareness must evolve to reflect this new reality.   

Supply chain compromises

Suppliers are an often overlooked, but integral part of any organisation’s cyber security posture. Your organisation might have strong security controls. But if a supplier doesn’t, cyber criminals will target them to get to you instead. Not only do suppliers provide a “back door” to an organisation’s systems, they do so at scale. Compromising a single vendor can give attackers access to all their customers.  

2025’s Qantas data breach shows how suppliers can make their customers vulnerable. In that case, attackers gained access to six million customer records by compromising a third-party supplier. The airline’s own systems remained secure, but that didn’t matter.  

 To streamline third-party supplier security, the Australian Cyber Security Centre recommends choosing services that are: 

• Secure-by-design: Effective security controls are natively built into the product.  
• Secure-by-default: The product has been set to the highest security standards out-of-the-box.  

The evolution of ransomware 

Ransomware is no longer just about encrypting data and demanding payment. It has evolved into a complex, multi-layered criminal ecosystem that operates with enterprise-like structure and scale. 

With more organisations able to recover from encryption using backups, ransomware groups increasingly rely on stealing data and threatening to publish it to restore their leverage. 

 Australia’s data breach notification laws, which require organisations to notify authorities and affected individuals as soon as practicable after discovering a data breach, make Australian organisations an attractive target for this kind of ransomware. Attackers know the regulatory pressure increases the likelihood that victims will pay.  

Stopping modern ransomware requires controls that address each stage of the attack lifecycle: securing initial access, detecting data exfiltration, segmenting internal networks and ensuring backups remain isolated and recoverable.  

*ASD’s ACSC categorises each cyber security incident it responds to on a scale of Category 1 (C1), the most severe, to Category 6 (C6), the least severe. Cyber security incidents are categorised on severity of impact and significance of the organisation’s impact to Australia. 

Looking ahead: Strengthen your security controls in 2026 

As the threat landscape evolves at an unprecedented pace, 2026 is shaping up to be a pivotal year for cyber security in Australia.  

But while attacker strategies shift, the foundation of a robust cyber security posture remains the same: The best defence is to stop attacks before they happen. 

True cyber resilience starts with visibility and proactive action. That means staying ahead of known threats, meticulously closing every gap as soon as it appears and removing easy opportunities for attackers. It’s not a one-time thing either. Strong security means constantly reviewing your defences to validate their continued effectiveness.  

 If you’re looking to strengthen your preventative security posture, Interactive and Slipstream Cyber can help you stay ahead. Our security offerings are designed to reduce risk before incidents occur. We do this through our Active Defence model, which combines:
  

• Sovereign 24×7 SOC operations. 
• SIEM, SOAR and EDR. 
• Comprehensive penetration testing. 
• Managed vulnerability scanning. 
• Secure access controls such as CASB and Secure Web Gateway.  

Together, we reinforce prevention with advisory services aligned to ASD Essential Eight, NIST and ISO27001 frameworks, providing maturity assessments, governance support and Virtual CISO guidance. Our credentials underpin that commitment. Slipstream Cyber is ISO27001 certified and DISP accredited, while Interactive maintains ISO9001, ISO27001, ISO45001 and ISO14001 certifications.   

Get in touch with us, and we’ll give you a tailored roadmap to secure your organisation for 2026 and beyond.