Against this backdrop, this post examines the cyber threats expected to emerge within the next 3 to 5 years. It explores the challenges posed by these constantly evolving risks, analysing the technical aspects of cyber threats as well as the strategic, regulatory, and human factors that define the modern security landscape. Most importantly, it provides actionable insights that organisations can utilise to strengthen their cyber resilience. By exploring these trends and their implications, organisations can position themselves to better anticipate, adapt to, and mitigate the rapidly evolving risks inherent in an increasingly digital and interconnected global environment.
AI‑driven attacks and autonomous threat agents
The integration of advanced artificial intelligence into cyberattack tools is rapidly changing the dynamics of the threat landscape. Attackers are leveraging generative AI, deep learning, and reinforcement learning to automate attacks, develop adaptive malware, and conduct highly targeted spear-phishing campaigns at a scale previously unimaginable.
The rise of AI-powered tools, underground services, and autonomous threat agents enables adversaries to scan for vulnerabilities, bypass security controls, and exploit systems with unprecedented speed and sophistication. These agents can autonomously learn from failed attacks and modify their tactics in real-time, dramatically reducing the window organisations have to detect and respond to threats.
With deepfake technologies and AI-driven social engineering attacks becoming more realistic and widespread, even traditional security awareness programs struggle to keep pace. Furthermore, democratising AI tools lowers the barrier-to-entry for cybercriminals, enabling a surge in sophisticated attacks from less technically skilled actors. As AI systems become targets, adversaries also develop techniques to poison training data, manipulate AI model outputs, and undermine AI-powered defences, escalating the arms race between attackers and defenders.
What to expect in the coming years
Expect AI-driven threats to become more autonomous, creative, and difficult to attribute. Attackers will leverage multi-modal AI (combining text, audio, image, and video) to create almost undetectable social engineering and fraud attempts. “Off-the-shelf” AI attack platforms will empower even non-experts to launch sophisticated attacks, resulting in a surge of diverse threat actors. AI-powered defences will enter a continuous cycle of adversarial evolution, where blue and red teams use AI to outpace each other. The risk of AI-generated misinformation and synthetic media attacks will escalate, impacting trust in business, elections, and public discourse. Ultimately, the complexity and frequency of AI-driven cyber incidents will increase, challenging organizations to maintain the speed and adaptability needed for effective defence.
How to anticipate and respond
Organisations must adopt a proactive, intelligence-driven cybersecurity strategy to counter the evolution of AI-driven threats. This entails integrating AI and machine learning tools for detection and response, anticipatory threat hunting, anomaly detection, and behavioural analytics. Building robust threat intelligence capabilities and collaborating with external partners and information-sharing networks will be essential to identifying emerging AI-based threats early. Organisations should prioritise the development of resilient AI models, with mechanisms for ongoing validation, adversarial testing, and defence against data poisoning and model manipulation. Employee training must evolve to address new forms of AI-powered social engineering, and security teams need to invest in rapid response and remediation capabilities. Moreover, embracing explainable AI and transparency in defensive AI models will be critical for building trust and ensuring compliance with regulatory requirements in AI-augmented environments. Strategic investment in AI talent and upskilling security teams will help organisations stay ahead of adversaries in this fast-moving landscape.
Quantum computing threats and cryptographic risks
The emergence of quantum computing represents a significant and imminent shift in the cybersecurity landscape, particularly concerning ransomware and other malware threats. By harnessing the principles of quantum mechanics, quantum computers process information in fundamentally different ways than classical computers, unlocking the ability to solve complex issues at unprecedented speeds. This transformative leap in computational power carries profound implications for digital security. While quantum computing promises advancements in various fields, it poses serious challenges for existing cryptographic systems, many of which underpin current methods of protecting data from malicious actors. As ransomware and malware continue to evolve and threaten organisations worldwide, the prospect of quantum-enabled attacks intensifies the urgency for developing quantum-resistant security strategies. Understanding the potential impact of quantum computing on cybersecurity is, therefore, essential as we prepare for a future where these powerful machines could both disrupt and redefine the digital threat landscape.
Cryptographic risks
Modern digital security relies heavily on cryptographic algorithms such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography). These public-key encryption schemes are widely used to secure communications, protect sensitive data, and authenticate users across the internet. The security of these algorithms is based on the computational difficulty of factoring large numbers (RSA) or solving discrete logarithm problems (ECC) — tasks that are infeasible for even the most powerful classical supercomputers within a reasonable timeframe. Once sufficiently advanced, however, quantum computers can break these cryptographic schemes using algorithms such as Shor’s. Shor’s algorithm enables a quantum computer to efficiently factor large numbers and solve discrete logarithms, rendering RSA and ECC encryption obsolete. This vulnerability threatens data security at rest, in transit, and across a wide array of critical infrastructure.
Ransomware implications
The advent of quantum decryption capabilities could be transformative for ransomware actors. Many ransomware operations rely on strong encryption to lock victims out of their data, demanding payment for its return. If quantum computers can easily break existing encryption, attackers could bypass these defences altogether, potentially gaining unauthorised access to sensitive information without needing to deploy traditional ransomware payloads. This would enable them to extort organisations for data access and prevent mass disclosure of previously protected data. Moreover, quantum-powered attacks could render current recovery and mitigation strategies ineffective. The sheer speed at which quantum computers could decrypt data would shorten the window for detection and response, increasing the likelihood of catastrophic breaches and large-scale data leaks.
“Harvest now, decrypt later” attacks
In recent years, harvest-now, decrypt-later (HNDL) attacks have become a growing phenomenon due to the introduction of quantum computing. These attacks involve adversaries intercepting and storing encrypted communications or sensitive datasets today, expecting future quantum computers to decrypt them once current cryptographic standards are broken. The danger lies in the long-term value of the stolen information, such as government communications, research archives, intellectual property, and defence data that could remain strategically valuable for decades.
HNDL campaigns are not isolated cyber incidents, but rather components of long-term, state-sponsored espionage operations. Such campaigns typically progress through several key stages:
- Infiltration: Attackers gain access by exploiting weaknesses in public or private networks, supply chains, or managed service providers. Common entry vectors include zero-day vulnerabilities in VPNs and firewalls, compromised software dependencies, and phishing campaigns aimed at administrators or contractors.
- Data Harvesting: Once inside a target environment, attackers collect large volumes of encrypted data, including secure emails, TLS-encrypted communications, and encrypted database backups. Rather than attempting immediate decryption, they store this data for future use.
- Stealth and Persistence: Advanced Persistent Threat (APT) groups maintain long-term access through covert tools such as backdoors, rootkits, and malware that imitate legitimate system processes. These implants are engineered for longevity, often remaining undetected for years.
- Storage and Exfiltration: The stolen data is then exfiltrated to state-controlled or anonymised infrastructure for long-term storage. Analysts often use machine learning tools to catalogue and index the datasets, preparing them for decryption once quantum capabilities mature.
According to intelligence assessments from the EU, the United States, and allied cybersecurity agencies, state-sponsored threat actors from China, Russia, and North Korea are at the forefront of such operations. Their campaigns often combine traditional cyber espionage with advanced cryptographic interception. Typical methods include supply chain compromises, targeted intrusions into telecommunications networks, and data exfiltration from cloud storage and VPN infrastructure, all designed to harvest large volumes of encrypted traffic. Chinese cyber units, for example, are believed to focus on long-term collection of diplomatic and industrial data. At the same time, Russian actors often target government networks and critical infrastructure systems to secure intelligence and strategic leverage. North Korean groups, though smaller in scale, have been linked to financially motivated quantum-era data theft and cryptocurrency exchange breaches.
What to expect in the coming years
Quantum attacks will shift from theoretical to practical as advancements accelerate. The likelihood of “breakthrough” announcements in quantum computing will rise, sparking urgent, global cryptographic migration campaigns. We will probably see more harvest now, decrypt later attacks, and see breaches come to light, exposing sensitive data from years past. Standards for PQC will solidify, but adoption will be uneven, creating a window of vulnerability for late adopters. Sectors with long data retention or high-value secrets (e.g. finance, defence, healthcare) will be prime targets. Expect new hybrid crypto attacks (mixing classical and quantum techniques) and potential attacks against blockchain and digital identity infrastructure. As the race for quantum supremacy heats up geopolitically, national-level initiatives and mandates for PQC transition will become common.
How to anticipate and respond
In response, organisations must take immediate and proactive steps to prepare for the era of quantum-enabled ransomware. Transitioning to post-quantum cryptography (PQC) is a complex but necessary undertaking, requiring extensive upgrades, pilot programs, and collaboration with standards bodies like NIST to ensure compliance and alignment with best practices. Identifying and prioritising cryptographic assets that require long-term confidentiality, architect systems for cryptographic agility, and staying vigilant through ongoing risk assessments and engagement with quantum-safe technology providers is crucial. Only through coordinated global action, leadership involvement, and widespread awareness can organisations hope to mitigate the catastrophic risks posed by future quantum-powered ransomware attacks.
Geopolitical cyber threats and hybrid warfare
The landscape of geopolitical cyber threats is intensifying, with state-sponsored actors leveraging cyberspace as a critical domain for power projection, espionage, and disruption. Over the past decade, cyber conflicts have escalated between major powers such as the United States, China, Russia, Iran, and North Korea, as well as between regional adversaries. The war in Ukraine has showcased the integration of cyber operations with kinetic military campaigns, involving disruptive attacks on critical infrastructure, information warfare, and coordinated influence operations targeting civilian populations and international allies. Hybrid warfare, a blend of conventional, cyber, economic, and informational tactics, is expected to become the norm, with sophisticated threat actors targeting governments and private-sector organisations that play vital roles in supply chains, energy, finance, and healthcare. Critical infrastructure is increasingly vulnerable to disruptive attacks that can cause cascading impacts across borders.
What to expect in the coming years
Cyberattacks are expected to become increasingly sophisticated and closely coordinated with physical and economic pressure campaigns, further blurring the boundaries between cybercrime, espionage, and warfare. Attacks targeting critical infrastructure, especially in the energy, communications, healthcare, and food supply sectors, will rise in frequency and scale. Attribution will become even more challenging as state actors leverage proxy groups, artificial intelligence, and advanced obfuscation tactics. The growth of “cyber privateering” (state-sanctioned criminal operations) and hacktivists’ involvement in state-sponsored conflicts will also accelerate.
How to anticipate and respond
Public and private organisations must recognise that geopolitical cyber risks are not isolated to governments or the defence sector. According to the World Economic Forum’s Global Cybersecurity Outlook 2025, nearly 60% of organisations acknowledge that geopolitical tensions are shaping and influencing their cybersecurity strategies. Proactive engagement with national cyber defence agencies, information sharing with industry consortia, and participation in public-private threat intelligence platforms are crucial for timely awareness of emerging geopolitical threats. Developing and regularly exercising incident response and crisis management plans for large-scale, coordinated attacks will build organisational resilience. Supply chain risk management must be prioritised, with continuous vetting of vendors and partners for exposure to state-sponsored threats. Enhanced monitoring for advanced persistent threats (APTs), investment in network segmentation, and adopting zero-trust architectures will help contain and mitigate breaches. Strategic board-level engagement and scenario planning, including tabletop exercises focused on hybrid warfare scenarios, are essential to ensure readiness.
Regulatory and cybersecurity governance
The regulatory landscape governing cybersecurity is rapidly evolving in response to escalating threats and high-profile breaches. The convergence of privacy, security, and ethical considerations, particularly with the proliferation of AI and IoT, complicates compliance and risk management. With diverging standards, cross-border data flow restrictions, and conflicting regulatory frameworks, international fragmentation persists, making global compliance a daunting challenge for multinational organisations. Regulatory enforcement is becoming more aggressive, with significant penalties for non-compliance, while boards and executives face growing personal liability for cybersecurity failures. Amid this complexity, many organisations struggle with inadequate governance structures, unclear roles and responsibilities, and insufficient board oversight, exposing them to regulatory and operational risks.
What to expect in the coming years
Regulation will intensify, becoming more prescriptive, real-time, and enforcement-heavy, especially following major cyber incidents or data leaks. AI-specific regulations, including rules on explainability, data provenance, and model risk, will emerge globally but may be fragmented. In some regions, boards will face an expanding set of cybersecurity obligations. Expect new mandates around quantum-readiness, breach reporting within hours, and mandatory transparency on incidents. Directors and executives will also face increasing personal accountability for managing cyber risk. Cross-border data transfer rules will get stricter, and fines for non-compliance will rise. The regulatory “patchwork” will persist, driving demand for compliance automation, continuous monitoring, and legal-technical teams that can interpret requirements in near real time. Expect attempts at harmonisation, but persistent regional and sectoral differences will make this difficult, especially due to the differences in what the rationale is for these requirements in the first place.
How to anticipate and respond
Organisations must adopt a holistic and adaptive approach to cybersecurity governance, elevating it to a board-level priority. Establishing clear accountability for cybersecurity, ensuring executive engagement, and integrating cybersecurity into enterprise risk management frameworks are foundational steps. Compliance programs must be continuously updated to keep pace with evolving regulations across the organisation’s jurisdictions. Leveraging automation and advanced analytics can streamline compliance monitoring, reporting, and audit processes. Engagement with policymakers, industry groups, and regulatory bodies can provide insight into forthcoming regulatory trends and help shape practical, effective standards. Cross-functional collaboration, bridging security, legal, privacy, and risk management teams, is essential for cohesive governance and rapid response to regulatory changes. Investment in third-party risk management, privacy-enhancing technologies, and continuous board education on cybersecurity will position organisations to meet compliance obligations and demonstrate resilience and accountability in the face of growing regulatory scrutiny.
Human resilience at the heart of cybersecurity strategy
Despite the proliferation of advanced technologies, the human factor remains the most persistent vulnerability in cybersecurity. Phishing, social engineering, insider threats, and inadvertent errors continue to account for most breaches, underscoring the limits of purely technical defences. The accelerating pace of digital transformation, remote and hybrid work, and the blurring of personal and professional digital boundaries introduce new vectors for exploitation. Employee burnout, security fatigue, and a global shortage of skilled cybersecurity professionals further compound the challenge, leaving organisations struggling to maintain effective vigilance. Meanwhile, adversaries target organisational life’s psychological and emotional dimensions, exploiting fear, uncertainty, urgency to bypass controls. Culture, leadership, and trust are increasingly recognised as critical determinants of cyber resilience, with organisations that foster a strong security culture and adaptive workforce proving better able to anticipate, withstand, and recover from attacks.
What to expect in the coming years
The human attack surface will expand as attackers use AI-driven psychometrics and real-time social engineering to exploit individuals. Burnout and security fatigue will reach crisis levels as change intensifies, making staff errors more likely. Insider threats, including unintentional ones, will increase, especially with workforce churn and hybrid work. New generations of immersive, scenario-based training and AI-powered “cyber coaches” will emerge. Organisations will recognise mental health as a cyber risk factor, investing in support, flexibility, and well-being as a core part of security. Expect growing demand for cross-disciplinary cyber talent, “cyber ambassadors” within business units, and leadership development to foster resilience and trust.
How to anticipate and respond
Building human resilience must be at the core of organisational cybersecurity strategy for the coming years. This requires moving beyond checkbox compliance and one-off training to a continuous, context-aware, and engaging security awareness program tailored to the organisation’s evolving threat profile. Leaders must cultivate a culture of shared responsibility, openness, and psychological safety, encouraging employees to report incidents and near-misses without fear of reprisal. Investing in mental health and well-being programs can help mitigate burnout and improve decision-making under stress. Recruitment and retention strategies should prioritise diversity, inclusion, and upskilling to build a dynamic, resilient security team capable of addressing new and unexpected threats. Scenario-based training, immersive simulations, and red team exercises can develop adaptive thinking and crisis management skills at all levels. Ultimately, organisations that empower their people, invest in leadership development, and integrate human resilience into their broader risk management frameworks will be best positioned to thrive amid an unpredictable cyber threat landscape.
Future outlook: building cyber resilience
In the next 3 to 5 years, the cybersecurity landscape will be marked by an unprecedented convergence of emerging technologies, regulatory shifts, and global instability. The rise of AI-powered attacks, the imminent threat and potential promise of quantum computing, and the weaponisation of disinformation amid rising geopolitical tensions promise to transform cyber risk from an IT concern into a fundamental business issue. Traditional reactive measures will prove obsolete as malicious actors become more sophisticated, exploiting automation, deepfakes, supply chain vulnerabilities, and ever-expanding attack surfaces.
Boards and organisational leaders must radically rethink their approach, shifting from compliance-driven programs to ones focused on continuous risk anticipation and strategic resilience. This requires investing in adaptive security architectures, AI-powered threat intelligence, and quantum-resistant cryptography while upskilling employees and establishing a culture of widespread cyber vigilance. Proactive collaboration with regulators, industry consortia, and competitors will be essential to shape common defences and keep pace with rapidly evolving standards.
By making cybersecurity a driver of innovation rather than just a cost item, organisations can seize new opportunities, protect their critical assets, and build lasting trust with their customers and stakeholders. The organisations that thrive will view cyber resilience as vital to their agility and sustainability, thereby transforming potential threats into catalysts for strategic advantage in an increasingly volatile digital age.