Cybersecurity in 2025: Insights and predictions from Yubico’s experts

With 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the importance of wide-scale adoption of cybersecurity tools like multi-factor authentication (MFA) and phishing-resistant passkeys.

While the survey results were eye-opening, it allowed businesses an opportunity to reflect on the effectiveness of existing cybersecurity practices and what changes should be made in 2025. Whether the changes are spurred by increasing threats or the evolution in global government regulations, it’s clear that the year ahead will bring many cybersecurity changes across the enterprise. To get a better understanding of where the cybersecurity landscape sits heading into a new year, we sat down with Yubico’s experts to discuss what top trends they’re seeing unfold across the industry in 2025.

Check out insights from our experts below, as well as in our recent webinar detailing our top recommendations for staying cyber resilient in 2025 here. Visit part two of our 2025 predictions here focusing on government regulations, and cybersecurity across critical infrastructure and financial services.

The future of digital identity wallets: Stina Ehrensvard, Founder

The Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust due to bad actors leveraging it to attack individuals, companies, and nations. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability and privacy – but there is a clear solution focused on the broad adoption of digital identity wallets and open standards for digital identities. 

Digital identity wallets aim to offer a new approach to the use of federated identities where users are in control of when and where their personal data is shared – and with whom. User credentials and data includes important things like driver’s licenses, insurance cards, work and student visas, travel documents, credit card data, educational credentials, and digital medical prescriptions. Modern FIDO-based authentication is a natural fit to secure digital wallets as users are becoming more familiar with its associated registration and sign in flows now that many websites have adopted passkeys as a means to access their services. 

As we continue seeing more success stories about digital identity wallets and continued momentum of open standards for digital identities, in 2025, I expect many more countries around the world to adopt the technology and secure citizens and organizations with these digital wallets backed by FIDO-based security.

A look at a passkey future: Derek Hanson, VP of Standards and Alliances

Passkeys have taken the world by storm as the de facto authentication solution to replace passwords. As we continue navigating the ever-changing landscape of cybersecurity, embracing passkeys will be critical – but the role passkeys actually play in securing our online identities depends heavily on how they are used. Unless organizations do all the right things and have an effective strategy in place throughout the user lifecycle, passkeys won’t reach their potential. Over the next year, I expect to see a rapid rise in adoption of passkeys across the enterprise – but it will still take time for organizations and consumers to fully take advantage of the benefits passkeys provide as they continue understanding the new technology.

In the short term, consumers may continue to be hesitant to adopt MFA – primarily because their experience with MFA has traditionally been cumbersome and difficult. While better than no MFA at all, the reliance on SMS-based OTP as a primary MFA factor is dangerous. SMS-based OTP is widely available and offered as a standard by organizations around the world and because of this customers are now accustomed to it. When we’re talking about consumer behavior, there is hesitancy to change or adopt anything else unless they see it in more places where they’re familiar with and respect. 

I believe the solution is clear: enable broad support for passkey authentication. Like any new technology, passkey adoption will be slow – unless organizations begin to remove unsafe methods of authentication for users, like SMS OTP. It’s also important to prioritize following recommended guidelines around creating a good user experience that encourages users to enroll passkeys and educates them on the value to them as users.

The rise of AI-driven cyber threats: Chad Thunberg, CISO

More than 80% of all cyber attacks start with phishing, primarily due to its relatively low cost and high success rate. That number will continue to grow even higher with the advent of AI-driven phishing attacks. By automating the most time, skill, and labor-intensive parts of running phishing campaigns, generative AI is making it possible to dramatically increase the number of attacks and lowers the bar for less capable attackers to get involved with phishing.

The risk doesn’t end there, though. We’ll continue to see generative AI make each social engineering attempt more potent and likely to succeed because modern AI leverages massive amounts of data to support generating realistic text and voice-based attacks, or generate a dossier on specific targets to be used in a sophisticated campaign. For example, AI can mimic someone’s writing style or reference relevant and accurate details extracted from previous breaches. It can even create “deep fakes,” where attackers use AI to synthesize someone’s voice and speech patterns.

These types of attacks usually focus on convincing the victim to take action but can be mitigated by validating the request using an alternative communication path – ideally one that is known to be good. For example, if you receive an email from a family member asking you to send them money to help them get out of a situation, call them using a phone number that you already possess for them to confirm the situation.

We’re likely to see broader adoption of standards like those from the Coalition for Content Provenance and Authenticity (C2PA), which help consumers verify content authenticity. As the volume of generated content surges, confidence in content will decline—unless countermeasures like these are widely adopted and well understood by consumers.

Legacy MFA solutions are already under attack, and generative AI will make them even less effective. This is why it’s more critical than ever to be vigilant of these threats, and stay one step ahead of attackers with phishing-resistant security keys by removing the human error that leads to the success of AI-driven phishing attacks.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless