In 2024, we saw an already hyperconnected world become even more entwined through digital operations. It's no longer just tech-focused enterprises relying on digital ecosystems to function, but businesses across every sector, of every size.
From managing supply chains to serving customers and safeguarding sensitive data, digital operations have become a backbone of modern commerce.
But with this reliance comes risk. Cybersecurity threats are no longer abstract or confined to headlines about breaches at multinational corporations. They've become everyday realities for all businesses, whether they're a small SME or a multinational enterprise.
Alarming cybersecurity trends
In late 2024, Cowbell published its latest Cyber Roundup Report 2024, highlighting why companies -- large and small -- must better protect their assets.
Drawing on a vast three-year data set from over 46 million SMEs across the U.S., U.K. and Japan, the report uncovered some of the critical trends outlining what business leaders need to know -- and do -- to safeguard their organizations in 2025:
1. Supply chain attacks on the rise
Between 2021 and 2023, supply chain attacks increased fivefold (up 431%). The complexity of modern supply chains, combined with their reliance on third-party vendors, makes them attractive targets for cybercriminals. These attacks exploit the trust between businesses and suppliers, often cascading through networks to compromise multiple entities at once.
To combat this trend, companies must take a more holistic approach to third-party risk management. This includes rigorous due diligence when selecting vendors, regularly auditing their security practices, and adopting tools to benchmark cybersecurity performance. Additionally, incorporating contractual clauses that mandate specific cybersecurity standards can help mitigate risks.
2. Manufacturing: The sector most at risk
Manufacturing tops the list as the most vulnerable sector, with cyber risk scores 12% below the global average. This stems from heavy reliance on automation, the prevalence of legacy systems, and the high value of intellectual property. Manufacturing companies experience not only more frequent attacks but also more severe claims, often disrupting critical operations or exposing sensitive designs.
For all those companies operating in the manufacturing industry, 2025 is the year to prioritize securing operational technology (OT) environments. This means updating legacy systems, enhancing network segmentation, and adopting robust patch management protocols. Cyber resilience also hinges on securing intellectual property and preparing incident response plans tailored to the unique risks in this sector.
3. Public administration and education: Ransomware's new targets
Public administration and education saw a 70% increase in ransomware attacks last year, with attackers often exploiting the critical nature of these services to demand swift ransom payments, further elevating the stakes. Again, much of this susceptibility can be put down to budget constraints, outdated IT infrastructure, and large user bases with varying levels of cybersecurity awareness.
These sectors -- and others keen to avoid becoming ransomware's next target -- can strengthen defenses by focusing on phishing prevention, implementing comprehensive backup strategies, and providing regular cybersecurity training for employees and stakeholders. Even with limited budgets, incremental improvements in email security and incident response planning can go a long way.
4. Large businesses face more frequent cyber incidents, but SMEs are not immune
One of the most significant findings in the report was that businesses with more than $50 million in revenue are 2.5 times more likely to face cyber incidents, which makes sense given their vast data and complex operations. However, this finding doesn't mean that smaller businesses are immune. While smaller businesses may face a lower frequency of attacks overall, they're grappling with supply chain vulnerabilities and limited cybersecurity resources. What's more, the consequences of a single incident can be devastating for a small SME, including significant financial losses, crippling downtime and business interruption, and, in some cases, closure.
What these findings underscore is the need for scalable cybersecurity solutions tailored to business size. For SMEs, implementing basic measures, such as endpoint protection, regular backups, and phishing awareness training, can significantly improve their security posture. For larger organizations, more comprehensive measures are needed. This includes advanced threat detection tools, zero-trust architecture, and continuous vulnerability assessments. Regardless of size, every company must prioritize cybersecurity education and foster a culture of vigilance.
5. Five risky technology categories to look out for
The analysis identified several technology categories to look out for in terms of presenting cybersecurity risks: operating systems, content management tools, virtualization technologies, server-side technologies, and business applications. Unfortunately, these technologies are fundamental to most business operations, which is what makes them so risky. Vulnerabilities in any of these systems could have far-reaching consequences.
As such, businesses should invest in patch management, encryption, and secure configurations for these critical systems. Adopting AI-driven cybersecurity tools can also help organizations detect and respond to emerging threats more effectively.
Why cybersecurity is non-negotiable in 2025
The trends revealed in the Cyber Roundup Report leave little doubt that cyber threats will only grow in sophistication and impact. But, by embracing a cybersecurity strategy that aligns with industry-specific risks, businesses can build the resilience needed to thrive in an increasingly digital world.
For 2025, the message is clear: Cybersecurity is no longer a cost of doing business; it's a prerequisite for success.
