A third of all cyber exploit attempts target vulnerabilities dating back to the 2010s, according to the 2025 Cyber Security Trends & Predictions report from Integrity 360.
This focus on old flaws underscores a critical message from Richard Ford, CTO at Integrity 360: companies must return to the basics of cyber hygiene and build resilience rather than chase silver bullets.
Integrity 360’s 2025 Cyber Security Trends & Predictions report details the increasing impact of vulnerabilities within companies, as threat actors continue to test cyber security resilience.
The report states 70% of recorded incidents were targeting high-impact vulnerabilities, and it took companies 97 days on average to patch critical vulnerabilities.
The report pools data from several sources to highlight the level of threats to cloud, the use of AI by threat actors and defenders, the prevalence of ransomware as well as the need to invest to strengthen cyber security.
According to Crowdstrike, there was a 75% increase in cloud intrusions, which emphasises the need for robust cloud security measures. Gartner adds there was a 25% increase in spending on cloud security products and services in 2024.
AI continues to impact cyber security. Gartner says 64% of organisations have adopted AI or machine learning in their cyber security measures as of 2024, and 68% of UK and Ireland-based companies will make AI their top deployed technology in 2025.
Deep Instinct claims 97% of cyber security professionals fear their companies will face AI-generated security incidents.
Darktrace adds that 74% of IT security professionals report their companies are impacted by AI-powered threats, and 95% of security professionals anticipate that adopting AI cyber security tools will strengthen their security efforts.
The rate at which AI has permeated markets is an eye-opener, said Ford.
“Even three years ago, if we had said AI is going to be able to deliver what it's delivering today in terms of LLMs and GenAI using AI agents, it would have astonished people. The technology is now a commodity item that is being used in everyday life.”
Quantum on the rise
Ford said quantum has been on the horizon for some time and is expected to make a significant difference to cyber security strategies going forward.
“Probably not as quick as some might say, but we've already seen a quantum computer break 22-bit RSA encryption. The fact that we're getting quantum computers to do that just shows the pace of change,” he said.
According to Ford, while quantum technology is still in development and its influence still limited, companies are advised to prepare for the technology’s impact down the line.
“We need to make sure we're implementing quantum safe encryption now or post-quantum encryption standards,” Ford continued.
Consistency and continuity
Ford noted that some technology professionals, like former Gartner analyst Anton Chuvakin, advocate for a new cyber security approach due to limited progress over the past two decades. Ford emphasised, however, that cyber security demands consistent and constant attention.
“We need to go back and check on the basics like the state of vulnerability, the state of configuration and other challenges,” he said. “We see that something like 30% of vulnerabilities that attackers are trying to exploit are from the last decade, and you're only going to continue trying to exploit those vulnerabilities if you're getting success."
Share