The cybersecurity landscape is about to undergo a significant transformation in 2025, driven primarily by the evolution of Artificial Intelligence (AI) and the substantial increase in costs associated with cyberattacks. With average global losses of US$3.32 million per company over the last three years, according to a PwC survey, and one-third of Brazilian companies suffering losses of at least US$1 million in the same period, the need to strengthen digital defenses has become more critical than ever.
AI is emerging as the protagonist in this new phase of cybersecurity, transitioning from a supporting tool to becoming an autonomous agent of active defense. According to the report Cybersecurity Forecast 2025 by Google Cloud, 2025 will mark a significant turning point, with the consolidation of semi-autonomous operations and preparations for a future of fully automated digital protection. In Brazil, this trend is already evident, with 85% of companies increasing their investments in generative AI over the last 12 months, surpassing the global average of 78%.
However, this evolution brings new challenges and concerns. An alarming statistic revealed this year shows that 89% of IT leaders fear cybersecurity impacts due to failures in Generative AI. Additionally, 87% of professionals express apprehension about the potential lack of accountability for digital security due to over-reliance on technology. This scenario becomes even more complex when considering that only 2% of global organizations have fully implemented resilience measures in this area.
The use of AI to detect anomalies, respond to incidents, and anticipate threats will become increasingly prevalent, enabling much faster response times—one of the main current challenges in cybersecurity. However, this advancement will not be without challenges. The maturation of AI models, trust in automated systems, and governance issues will be crucial to ensuring these technologies aid without compromising organizational security and privacy. For businesses, this will necessitate revising governance policies to ensure AI is used ethically and in compliance with increasingly stringent regulations.
The World Economic Forum adds another layer of complexity by highlighting that 54% of corporate representatives consider the supply chain of Information Systems (IS) as the greatest obstacle to cyber resilience. This concern is amplified by the growing interconnectedness of supply chains, geopolitical tensions, and the rise of emerging technologies, such as new AI languages and quantum computing. In other words, cybersecurity will therefore be a shared responsibility, requiring collaboration between businesses, governments, and other entities.
In the Brazilian context, regulations have played a crucial role in strengthening digital security. A majority of Brazilian leaders recently stated that regulations have encouraged increased security investments over the last 12 months, with 89% acknowledging that these norms have helped strengthen their security postures. However, a trust gap persists between CEOs and CISOs regarding the ability to meet regulatory requirements, especially concerning AI and cyber resilience.
Organizations also face significant financial challenges related to implementing Generative AI. While 75% of IT leaders agree that the costs of Generative AI in cybersecurity products are difficult to quantify, 87% believe the savings generated by the technology will justify the investments. This positive outlook is counterbalanced by concerns over pressure to reduce the number of cybersecurity professionals, expressed by 84% of respondents.
On the national front, growing concerns about financial scams, particularly those related to PIX, stand out. According to a report report on the topic, losses from fraud are expected to grow by 39% by 2028, potentially reaching US$1.937 billion. This increase is directly linked to the expansion of social engineering-based scams, which do not require advanced technical knowledge from criminals.
The future of cybersecurity and digital security for businesses in 2025 and beyond will demand a balanced approach between technological innovation and prudence. Companies will need to invest not only in advanced protection technologies but also in staff training, risk awareness, and the establishment of robust security protocols. Collaboration between the public and private sectors, as well as the sharing of threat information, may become increasingly crucial to building a safer and more resilient digital environment—at the right price.
