AI threats such as deepfakes and automated phishing and are gaining more recognition, but cyber defenders are struggling to keep up,The SoSafe Cybercrime Trends 2025 report published Thursday found that 91% of respondents expected AI-based cyberattacks to increase in volume and intensity over the next three years and 96% recognized the importance of AI attack detection.However, only 26% of respondents said they would rank their organization’s ability to detect AI attacks as “high.”The use of AI by cybercriminals raises several concerns, with the most common being difficulty in attributing attacks, a concern shared by 51% of survey respondents. Additionally, 45% worried that AI could lead to creation of entirely new attack methods, 42% were concerned about the realism of AI-generated content like deepfakes, and 41% felt AI could lead to more targeted precision of cyberattacks.When it comes to AI attack preparedness, 39% of respondents felt a lack of preparedness and detection tools for these threats was a major concern.

Cybercriminals increasingly using multiple channels, targeting personal identities in attacks

The 2025 Cybercrime Trends Survey, an annual report pushed out by the security training and awareness provider, also yielded insights into growing trends the growing trends of multichannel attacks and attacks targeting personal identities to attack businesses.Multichannel attacks utilize a combination of email, phone calls, social media and messaging apps to strengthen phishing attempts. Of those polled 94% reported that multichannel attacks against their organizations increased over the past year.While 51% said email was still the primary target of phishing attempts. So-called “3D phishing” attacks that integrate voice phishing (vishing), SMS phishing (smishing) and QR code phishing are also gaining traction, receiving an additional boost through the capabilities of generative AI.One cited example was a scam campaign against the advertising agency WPP in May 2024. The attack used a combination of WhatsApp messaging, Microsoft Teams video calls and deepfake voice imitation of the company’s CEO in an attempt to convince employees to share personal details and transfer funds.Attackers are also extending their attacks not only to business accounts, but to personal accounts and devices of employees to ultimately launch attacks on wider organizations. SoSafe’s survey found 83% of organizations have been affected by these types of attacks.“The issue is escalating as the lines between personal and professional life blur. With hybrid and remote work models, employees increasingly rely on personal devices and accounts, expanding the attack surface far beyond corporate firewalls,” the report states.Attackers can leverage personal details shared on social media or exposed through previous large-scale breaches the target the personal accounts of employees and their family members, making it more difficult for businesses to monitor the threat until it’s too late. The trend demonstrates that management of personal digital identities in addition to business accounts should be included in cybersecurity training, said SoSafe.

Supply chain dependencies, cyber resilience inequality and shifting cybercrime tactics also pose risk

Recent major supply chain attacks like the ransomware attack on CDK Global, which ultimately impacted more than 15,000 car dealerships across North America, demonstrate how reliance on third parties poses a risk for many organizations; SoSafe’s trends survey found 93% of companies rely on third-party services to deliver their main value proposition.Both third-party and fourth-party risk – where the impact of an attacks on a vendor’s suppliers can also reach its customers – can threaten an organization’s security and business continuity, and organizations should combat these risks by maintaining thorough third-party inventories, classifying their third-party dependencies by risk level, enhancing their risk assessments of potential business partners and diversifying their supply chain to reduce reliance on a single vendor.Organizations should also consider isolating third-party systems from critical systems wherever possible to minimize and contain the impact of any third-party compromise.Two additional trends highlighted in the SoSafe Cybercrime Trends 2025 report are gaps in cyber resilience and the transformation of cybercrime into a “highly organized, global industry.”The gap in cybercrime defenses between large corporations and smaller businesses, as well as between highly-regulated and less-regulated sectors, only worsens supply chain weaknesses and risks smaller, less-resourced critical infrastructure organizations being targeted by cybercriminals. The vast majority – 98% – of respondents to SoSafe’s survey said they believed the gap was widening.SoSafe report highlighted ways that smaller organizations or less regulated organizations can stay on top of their cyber defenses, for example, by adopting recognized frameworks like ISO 27001 and NIST’s Cybersecurity Framework and networking with organizations in highly regulated sectors to understand how they design their resilience controls.Lastly, cybercriminals are becoming more organized, advanced and profitable, with global cybercrime costs projected to increase from $9.22 trillion in 2024 to $13.82 trillion by 2028.“Combating this growing threat requires more than individual initiatives – it demands collective effort. Collaboration between organizations, industries, and governments is essential to share threat intelligence, establish unified defense strategies, and close enforcement gaps that cybercriminals exploit,” the report concluded.