Business leaders warn of rising AI-driven cyber risks in 2025

Talan has published a report indicating that most business leaders expect the cyber threat landscape to grow increasingly complex over the coming year.

The research, which surveyed 200 Chief Information Security Officers (CISOs) across the United Kingdom and Europe, found that 69% of executives foresee greater complexity in cyber threats in the next 12 months. A significant number of respondents believe that these developments will test their organisations' resilience, particularly as AI-driven attacks, ransomware, and supply chain compromises push cyber risk higher on corporate agendas.

Executive concerns

According to the survey, 62% of participating executives expressed strong confidence in their ability to marshal the appropriate resources needed to tackle cyber and privacy threats. Nonetheless, most acknowledged the severity and immediacy of such risks, particularly in a context punctuated by financial and geopolitical uncertainties.

The most pressing concerns identified by CISOs included AI-accelerated attacks and abuse of AI systems (69%), ransomware targeting critical infrastructure (62%), compromises within the software supply chain (55%), and targeted attacks on user identities in cloud and SaaS platforms (55%).

Cyber threats are now a top business risk - no longer 'just' a tech problem, but a leadership test. Executives now rank cyber alongside financial and geopolitical uncertainty as one of the biggest challenges facing organisations today.

This was the view of Mandeep Thandi, Director of Cyber and Privacy at Talan, who highlighted how AI-driven attacks have advanced in sophistication over recent months and years.

Thandi added, "With AI-driven attacks growing more sophisticated by the month, the next year will test just how resilient organisations really are. Those that combine strong governance with engaged employees and a responsible approach to AI will be best placed to adapt and thrive."

AI adoption and risks

The growing adoption of artificial intelligence was notable across surveyed organisations, with 98% reporting investment in AI and two-thirds (66%) already integrating the technology into their products and services. However, this progress also presents new types of vulnerabilities. One key finding was that 69% of respondents expressed concerns about attacks that exploit AI-driven social engineering and system abuse, while 62% worried about ransomware and extortion that could seriously disrupt critical services.

Boards and workforce readiness

While the survey suggests that a majority of executive boards are highly engaged with cyber and privacy topics-63% rate their board's understanding of cyber and data privacy risks as excellent-this level of awareness does not consistently extend to the wider workforce. Only 44% of respondents rated overall staff understanding as excellent.

Encouragingly, executive commitment appears high, as 76% indicated that cyber and privacy considerations are very important when selecting suppliers. These figures point to a gap between boardroom vigilance and broader employee awareness-a trend that presents ongoing risks related to social engineering and the potential misuse of AI.

People and regulatory confidence

Unlike other recent industry surveys highlighting talent shortages, 77% of respondents stated that recruiting and retaining the right cyber security talent is relatively easy. Business leaders were generally supportive of new legislative measures in this area, with 90% viewing recent initiatives such as the UK Data Act and EU AI Act as positive contributions to online safety.

Steps for resilience

The report recommends that organisations strengthen board-level accountability, invest in AI governance, and maintain open channels of communication between security teams and leadership. With 64% of surveyed businesses already developing plans to become quantum-ready, there is evidence of a proactive approach as companies seek to prepare for emerging technological risks.

Mandeep Thandi cautioned that even mature organisations are not immune to recent types of cyber incidents, saying, "While it's encouraging to see businesses feeling well-prepared, they are only ever as strong as their weakest link." He added, "Recent incidents - from supply chain breaches impacting household names such as Marks & Spencer and Jaguar Land Rover - demonstrate that even mature organisations remain vulnerable. These are not isolated cases - such attacks are becoming increasingly common across sectors.

"Gaps in knowledge, and even discontented individuals, continue to leave entry points open for attackers."

"To stay secure, organisations should make security awareness part of everyday practice, strengthen supplier oversight, and ensure rapid response protocols are tested and understood at every level."

The findings highlight that, despite strong confidence among leadership, business resilience in 2026 will depend on bridging gaps in workforce awareness and maintaining vigilance across all layers of an organisation.