Cybersecurity Predictions in 2019
In 2019, cybersecurity experts identified key risks and developments that would dominate the industry. Some of the most notable predictions included:
1. Rise of Ransomware
Prediction: Ransomware was expected to become more targeted and sophisticated, posing a major challenge to businesses.
Reality: This prediction held true. By 2025, ransomware attacks have evolved, with attackers leveraging AI to automate and personalise attacks. Double extortion techniques—where data is both encrypted and threatened with public exposure—became widespread. Australian businesses, particularly in critical infrastructure and healthcare, have been heavily targeted.
2. Phishing Attacks Surge
Prediction: Phishing attacks would grow more sophisticated, tricking users with better-crafted scams.
Reality: Phishing remains a dominant attack vector in 2025. AI-powered phishing campaigns, including Adversary-in-the-Middle (AiTM) attacks, are now bypassing traditional security measures, such as multi-factor authentication (MFA). The Australian Cyber Security Centre (ACSC) has issued repeated warnings about highly sophisticated phishing attacks targeting businesses and government agencies.
3. Remote Work Security Challenges
Prediction: The rise of remote work would lead to increased endpoint security concerns.
Reality: The prediction was accurate. The COVID-19 pandemic accelerated remote work adoption, and by 2025, hybrid work environments remain standard. Endpoint security solutions, such as zero-trust architecture, have become essential for businesses, with a strong focus on securing remote access and mitigating risks from unmanaged devices.
4. Cloud Vulnerabilities and Hijacking
Prediction: Cloud security threats, including data breaches and hijacked accounts, would become more prevalent.
Reality: Cloud security remains a priority in 2025. Australian businesses have invested in robust cloud security measures, but misconfigurations and API vulnerabilities continue to be significant risks. Data sovereignty concerns have also led to increased scrutiny of cloud providers handling Australian data.
5. Identity as the New Perimeter
Prediction: Identity security was not a primary focus in 2019.
Reality: By 2025, identity has emerged as the backbone of cybersecurity. The shift to cloud-based applications, hybrid work, and increased remote access have made Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) essential security components. Multi-factor authentication (MFA) is no longer enough—businesses now prioritise continuous authentication and identity verification to mitigate risks.
6. IoT Security Risks
Prediction: The growing number of IoT devices would introduce new attack surfaces.
Reality: IoT threats have intensified. In 2025, supply chain attacks often target IoT ecosystems, and security standards are struggling to keep pace with device proliferation. Industrial IoT deployments are particularly vulnerable.
7. Deepfake Technology Exploited for Cybercrime
Prediction: Deepfake technology would be used for fraud, misinformation, and impersonation.
Reality: AI-generated deepfakes are now being leveraged in sophisticated social engineering campaigns, including voice and video impersonation for financial fraud and business email compromise (BEC) scams. Financial institutions have seen an uptick in such attacks.
8. Third-Party Risk Becomes a Top Priority
Prediction: Supply chain security was a concern, but not a top focus in 2019.
Reality: Third-party breaches have become one of the largest sources of cyber risk. Attackers increasingly exploit vulnerabilities in vendors, service providers, and suppliers to gain access to organisations. The Australian government has introduced stricter cybersecurity regulations for third parties handling sensitive data.
Cybersecurity Predictions for 2025
Fast forward to 2025, and cybersecurity trends have evolved further, with key focus areas including:
1. AI-Powered Cyberattacks
Cybercriminals are using AI to create hyper-realistic phishing emails, automate cyberattacks, and develop AI-driven malware. Defensive AI tools are crucial in countering these threats, with Australian government agencies prioritising AI-powered threat detection.
2. Advanced Phishing Techniques
Traditional phishing continues to evolve with AiTM techniques, which allow attackers to intercept credentials even when MFA is enabled. Businesses are increasingly adopting phishing-resistant authentication methods.
3. Identity-Centric Security
As identity becomes the new perimeter, businesses are investing heavily in IAM, PAM, and IGA solutions. Continuous authentication, passwordless security, and identity-based Zero Trust strategies are now essential for cybersecurity resilience.
4. Supply Chain Attacks
The rise of supply chain compromises has made third-party security a priority. Attackers exploit vulnerabilities in vendors and partners to infiltrate organisations. The Australian government has introduced stricter cybersecurity regulations for suppliers handling sensitive data.
5. Zero-Trust Adoption
Zero-trust architecture, which requires continuous authentication and micro-segmentation, has become a standard approach to mitigate insider threats and external breaches. Australian enterprises are accelerating zero-trust adoption to counter persistent threats.
6. Cloud Security Reinforcement
Organisations are implementing stronger cloud security measures, including AI-driven anomaly detection and automated compliance enforcement. The ACSC continues to push for improved cloud security frameworks tailored to Australian businesses.
7. Insider Threat Mitigation
The insider threat landscape has worsened, with organisations focusing on behaviour analytics and real-time monitoring to detect malicious activities from within. Businesses are strengthening employee security awareness training and insider risk management programs.
Latest posts
Cybersecurity 2019 vs. 2025 – Predictions and Realities
12 March, 2025
Accelerating Your Zero Trust Journey with Converged Identity
21 August, 2024
Securing Businesses through Cybersecurity Awareness
10 July, 2024
Key Takeaways: What Have We Learned?
Many of the 2019 predictions were accurate, though some threats evolved more aggressively than expected.
- Identity has become the foundation of modern cybersecurity, with IAM, PAM, and IGA at the forefront.
- AI has become both a powerful defense tool and a dangerous weapon for cybercriminals.
- Phishing remains one of the most effective attack vectors, with techniques becoming more sophisticated.
- Cloud security and zero-trust principles have become fundamental to modern cybersecurity strategies.
- Third-party risk is now a top concern, reinforcing the need for robust vendor risk management.
Conclusion
The cybersecurity landscape from 2019 to 2025 has undergone significant transformation, with predictions largely materialising. As we move forward, businesses must continuously adapt to new threats, invest in AI-driven security solutions, and enforce proactive risk management strategies to stay ahead of attackers. The next five years will likely bring further advancements in AI, quantum computing risks, and more sophisticated cyber threats—demanding
constant vigilance and innovation in cybersecurity defense strategies tailored to Australia’s unique cyber landscape.
