Cybersecurity in 2025: Insights and predictions from Yubico’s experts

With 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the importance of wide-scale adoption of cybersecurity tools like multi-factor authentication (MFA) and phishing-resistant passkeys.

While the survey results were eye-opening, it allowed businesses an opportunity to reflect on the effectiveness of existing cybersecurity practices and what changes should be made in 2025. Whether the changes are spurred by increasing threats or the evolution in global government regulations, it’s clear that the year ahead will bring many cybersecurity changes across the enterprise. To get a better understanding of where the cybersecurity landscape sits heading into a new year, we sat down with Yubico’s experts to discuss what top trends they’re seeing unfold across the industry in 2025.

Check out insights from our experts below, as well as in our recent webinar detailing our top recommendations for staying cyber resilient in 2025 here. Visit part two of our 2025 predictions here focusing on government regulations, and cybersecurity across critical infrastructure and financial services.

The future of digital identity wallets: Stina Ehrensvard, Founder

The Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust due to bad actors leveraging it to attack individuals, companies, and nations. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability and privacy – but there is a clear solution focused on the broad adoption of digital identity wallets and open standards for digital identities. 

Digital identity wallets aim to offer a new approach to the use of federated identities where users are in control of when and where their personal data is shared – and with whom. User credentials and data includes important things like driver’s licenses, insurance cards, work and student visas, travel documents, credit card data, educational credentials, and digital medical prescriptions. Modern FIDO-based authentication is a natural fit to secure digital wallets as users are becoming more familiar with its associated registration and sign in flows now that many websites have adopted passkeys as a means to access their services. 

As we continue seeing more success stories about digital identity wallets and continued momentum of open standards for digital identities, in 2025, I expect many more countries around the world to adopt the technology and secure citizens and organizations with these digital wallets backed by FIDO-based security.

A look at a passkey future: Derek Hanson, VP of Standards and Alliances

Passkeys have taken the world by storm as the de facto authentication solution to replace passwords. As we continue navigating the ever-changing landscape of cybersecurity, embracing passkeys will be critical – but the role passkeys actually play in securing our online identities depends heavily on how they are used. Unless organizations do all the right things and have an effective strategy in place throughout the user lifecycle, passkeys won’t reach their potential. Over the next year, I expect to see a rapid rise in adoption of passkeys across the enterprise – but it will still take time for organizations and consumers to fully take advantage of the benefits passkeys provide as they continue understanding the new technology.

In the short term, consumers may continue to be hesitant to adopt MFA – primarily because their experience with MFA has traditionally been cumbersome and difficult. While better than no MFA at all, the reliance on SMS-based OTP as a primary MFA factor is dangerous. SMS-based OTP is widely available and offered as a standard by organizations around the world and because of this customers are now accustomed to it. When we’re talking about consumer behavior, there is hesitancy to change or adopt anything else unless they see it in more places where they’re familiar with and respect. 

I believe the solution is clear: enable broad support for passkey authentication. Like any new technology, passkey adoption will be slow – unless organizations begin to remove unsafe methods of authentication for users, like SMS OTP. It’s also important to prioritize following recommended guidelines around creating a good user experience that encourages users to enroll passkeys and educates them on the value to them as users.

The rise of AI-driven cyber threats: Chad Thunberg, CISO

More than 80% of all cyber attacks start with phishing, primarily due to its relatively low cost and high success rate. That number will continue to grow even higher with the advent of AI-driven phishing attacks. By automating the most time, skill, and labor-intensive parts of running phishing campaigns, generative AI is making it possible to dramatically increase the number of attacks and lowers the bar for less capable attackers to get involved with phishing.

The risk doesn’t end there, though. We’ll continue to see generative AI make each social engineering attempt more potent and likely to succeed because modern AI leverages massive amounts of data to support generating realistic text and voice-based attacks, or generate a dossier on specific targets to be used in a sophisticated campaign. For example, AI can mimic someone’s writing style or reference relevant and accurate details extracted from previous breaches. It can even create “deep fakes,” where attackers use AI to synthesize someone’s voice and speech patterns.

These types of attacks usually focus on convincing the victim to take action but can be mitigated by validating the request using an alternative communication path – ideally one that is known to be good. For example, if you receive an email from a family member asking you to send them money to help them get out of a situation, call them using a phone number that you already possess for them to confirm the situation.

We’re likely to see broader adoption of standards like those from the Coalition for Content Provenance and Authenticity (C2PA), which help consumers verify content authenticity. As the volume of generated content surges, confidence in content will decline—unless countermeasures like these are widely adopted and well understood by consumers.

Legacy MFA solutions are already under attack, and generative AI will make them even less effective. This is why it’s more critical than ever to be vigilant of these threats, and stay one step ahead of attackers with phishing-resistant security keys by removing the human error that leads to the success of AI-driven phishing attacks.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey