The cybersecurity landscape is about to undergo a significant transformation in 2025, primarily driven by the evolution of Artificial Intelligence (AI) and the sharp increase in costs associated with cyberattacks. With average global losses ofUS$ 3.32 millionper company in the last three years, according to a survey by PwC, and a third of Brazilian companies suffering losses of at least US$ 1 million in the same period, the need to strengthen digital defenses has become more critical than ever.
AI is emerging as a protagonist in this new phase of cybersecurity, shifting from being just an auxiliary tool to becoming an autonomous active defense agent. According to thereportCybersecurity Forecast 2025 by Google Cloud, 2025 will mark a significant turning point, with the consolidation of semi-autonomous operations and preparation for a future of fully automated digital protection. In Brazil, this movement is already evident, with 85% of companies increasing their investments in generative AI in the last 12 months, surpassing the global average of 78%.
However, this evolution brings new challenges and concerns. OnegivenAlarming revelation this year shows that 89% of IT leaders fear impacts on cybersecurity due to failures in Generative AI. Additionally, 87% of professionals express concern about the potential lack of responsibility for digital security due to overconfidence in technology. This scenario is even more complex when considering that only 2% of global organizations have fully implemented resilience actions in the area.
The use of AI to detect anomalies, respond to incidents, and anticipate threats will become increasingly prevalent, enabling much faster response times, one of the main current challenges in cybersecurity. However, this progress will not be without challenges. The maturation of AI models, trust in automated systems, and governance issues will be crucial to ensure that these technologies help without compromising the security and privacy of organizations. For companies, this will mean the need to review their governance policies, ensuring that AI is used ethically and in compliance with increasingly strict regulations.
The World Economic Forumhe addsanother layer of complexity by highlighting that 54% of corporate representatives consider thesupply chainInformation System (IS) as the greatest obstacle to cyber resilience. This concern is amplified by the increasing interconnection of supply chains, geopolitical tensions, and the rise of emerging technologies such as new AI languages and quantum computing. In other words, cybersecurity will therefore be a shared responsibility, requiring collaboration between companies, governments, and other entities.
In the Brazilian context, regulations have played a crucial role in strengthening digital security. A large portion of Brazilian leaders recently stated that regulations have encouraged increased security investments over the past 12 months, with 89% recognizing that these standards have helped strengthen their security postures. However, there remains a trust gap between CEOs and CISOs regarding the ability to meet regulatory requirements, especially concerning AI and cyber resilience.
Organizations also face significant financial challenges related to the implementation of Generative AI. While 75% of IT leaders agree that the costs of Generative AI in cybersecurity products are difficult to quantify, 87% believe that the savings generated by the technology will offset the investments. This positive outlook is counterbalanced by concern over the pressure to reduce the number of cybersecurity professionals, expressed by 84% of respondents.
In the national context, there is also a growing concern about financial scams, particularly those related to PIX. According to areportRegarding the topic, losses due to fraud are expected to grow by 39% by 2028, potentially reaching US$ 1.937 billion. This increase is directly related to the expansion of social engineering-based scams, which do not require advanced technical knowledge on the part of the criminals.
The future of cybersecurity and digital security for companies in 2025 and beyond will require a balanced approach between technological innovation and prudence. Companies will need to invest not only in advanced protection technologies but also in staff training, risk awareness, and the establishment of robust security protocols. Collaboration between the public and private sectors, as well as sharing threat information, could become increasingly crucial to building a safer and more resilient digital environment – and at the right price.
