By Brandon Welch – Director of Cyber Services, Western Region
As widespread adoption of AI continues to grow in 2025, we can expect to see an increase in privacy and security incidents that are attributable to misconfigured and misunderstood systems.
In a sprint to use AI systems and gain an edge over competitors, organizations will unintentionally open themselves to security incidents and create privacy incidents. Several factors will contribute to these events, including misconfiguration of AI systems and misunderstanding of their actual impact and sensitivity. In addition, we will increasingly see general issues stemming from AI Exceptionalism, such as overestimating AI’s capabilities and failure to fully accept or address its limitations.
To combat these issues, organizations must take steps to understand what constitutes an AI problem and, if it is determined that they have one, what level of due diligence and human interaction are required to address the issue. Additionally, organizations should have an AI Focused Incident Response Plan in place that clearly delineates the steps to take when an AI system creates unintended security or privacy issues.
Out With Windows 10, in With Migration Gaps and Legacy System Vulnerabilities
By Christian Taube – VP Cyber Services International, Beazley Security
As we approach the complete phasing out of Windows 10 in 2025, businesses face a critical inflection point in their cyber risk posture. The transition to newer operating systems presents opportunities for enhanced security, but it also opens the door to new vulnerabilities as attackers leverage gaps in migration strategies to their benefit. Many organizations will scramble to deal with the fall-out and struggle to find resources to help them mitigate the consequences.
Historically, end-of-life operating systems like Windows 10 have become attractive targets for bad actors, particularly as updates and patches cease. In the months following the EOS (“end of support”) date in October 2025, we anticipate a wave of exploitation attempts aimed at organizations that have delayed upgrading, especially small to mid-sized businesses lacking robust security resources.
The complexity of transitioning legacy systems and integrating them with modern solutions could also create additional unforeseen security blind spots. To mitigate this risk, organizations should proactively audit their systems, prioritize timely migrations, and implement strong endpoint protections. Preparation is essential, as the cost of addressing breaches that exploit these transitional vulnerabilities far exceeds the investment in preventative measures.
Identity security takes centre stage in the cyber battlefield
By Mandeep Gosal – VP Global Professional Services, Beazley Security
Identity security is set to play an even more pivotal role in 2025, driven by the proliferation of “reverse identity theft” and exposure of concealed privilege pathways. While Zero Trust principles, centred on identity verification and ‘never trust, always verify’, have been established for decades, they remain challenging for enterprises to adopt and implement. This is largely due to their complexity and the significant investment required in both technology and training.
Threat actors will continue to exploit obscure identity pathways that grant privileged access. Cybercriminals are set to shift their focus from endpoints, where visibility has improved, to less monitored areas including network appliances like VPNs and firewalls. Here, visibility is scant, making them prime targets for attack. The exploitation of newly discovered security flaws, known as zero-day vulnerabilities, in these systems is expected to rise sharply, as evidenced by incidents reported by Mandiant in 2023. Additionally, attackers are likely to weaponise known vulnerabilities, referred to as n-days, with greater speed, exploiting these known issues before organisations can patch them.
Increasingly, attackers are combining stolen data and credentials with additional personal information to craft false digital identities. It is vital for organisations to identify the blind spots in their IT environments through understanding their assets, risk posture and potential threats to remove opportunities for malicious actors to cause serious disruption. Businesses that implement pre-emptive, responsive, and adaptive solutions to cyber risk strategies - enhanced through continuous staff training, robust hygiene practices and a re-evaluation of Zero Trust Models – can confidently pursue their strategies without being hindered by unmanaged risks