Emerging cyber threats for 2025 target healthcare & industry

New research from Secureframe has identified the five most significant emerging cyber threats for 2025, focusing on the risks posed to critical sectors including healthcare, infrastructure, and small and medium-sized businesses.

The report by Secureframe analyses recent high-profile breaches along with global threat trends and highlights an environment increasingly shaped by AI-driven attacks, organised cybercrime groups, and the rapid exploitation of newly discovered vulnerabilities.

Rising threats across sectors

Findings within the report indicate ransomware attacks on industrial operators grew by 46% in the first quarter of 2025 alone. Healthcare breach costs have reached an average of USD $5.3 million per incident, marking a 25% increase above the next closest industry. AI-driven criminal tools are enabling the widespread use of advanced phishing schemes, deepfakes, and malware that adapts to targets in real-time.

Supply chain vulnerabilities are also being targeted more frequently by cybercriminals, with third-party vendor breaches now a primary vector for large-scale attacks. One cited example was the collapse of the 158-year-old KNP Logistics due to a ransomware incident, underscoring the real-world impact on businesses of all sizes.

Organised cybercrime syndicates

The report lists organised criminal networks as the number one threat, noting that these groups are expanding their activities through tools such as automation and ransomware-as-a-service platforms. LockBit is highlighted as an active player despite international efforts to dismantle such organisations, while new groups, including Interlock, are emerging to mimic these operations.

AI-powered attacks

Attackers are leveraging generative AI to craft realistic phishing lures, create deepfakes, and generate malware that adapts in real-time. In one case, AI-generated content helped defraud over 500,000 investors in the JuicyFields scam.

Such developments signify a shift in the sophistication of cyber threats, demanding equally advanced detection and response capabilities.

Advanced persistent threats

Nation-state actors are intensifying long-term, covert attacks primarily targeting energy providers and defence contractors. Groups such as APT33 and APT39 were particularly active across North America and Europe in 2025, with campaigns designed to evade traditional security measures for months at a time.

Zero-day vulnerabilities

The research outlines that previously unknown and unpatched weaknesses are being exploited at a record pace. An example in 2025 was a critical flaw in Microsoft SharePoint (CVE-2025-53770) which was actively targeted globally before vendors released a remedy.

Software supply chain attacks

Third-party software platforms are being leveraged as a point of entry for cyberattacks against broader enterprise ecosystems. Secureframe notes that attacks involving compromised SAP SuccessFactors providers resulted in breaches extending into sectors from healthcare to consumer goods.

Industry-specific warnings

The healthcare sector is seen as especially vulnerable. The report states: "With 92% of organizations reporting attacks in 2024, the sector must prioritize HIPAA-compliant training and secure offline backups."

Critical infrastructure operators in the defence and energy fields are advised to implement the NIST 800-172 and CMMC 2.0 frameworks to respond to escalating threats from nation-state actors. Financial services continue to face risks associated with investment fraud and business email compromise, prompted by increasingly refined social engineering attacks.

Mitigation strategies

Secureframe's report includes a recommended 10-step cybersecurity playbook designed to align with NIST CSF 2.0 and ISO 27001 standards. Suggested actions consist of emergency patching, multi-factor authentication enforcement, privileged account monitoring, third-party vendor assessments, continuous threat detection, and regular employee phishing simulations and tabletop crisis exercises.

Methodology

The findings were generated through the examination of cybersecurity incidents across multiple industries, using case studies of attacks on healthcare organisations, infrastructure systems, and large corporations during 2024 and 2025.