Cybercrime Predictions for the Next 12 Months

How To Prevent Issues

From hacks aimed at the National Health Service (NHS) to data breaches at the BBC, most people have heard of at least one large organisation being targeted.

However, the world of cybercrime is changing all the time, and, over the next 12 months, cybersecurity teams have their own set of predictions as to what the largest potential issues will be relating to businesses.

So, here is a quick run-down of those predictions and how best to prevent them.

AI-Driven Cyberattacks

AI-based cyber hacks are one of the most prominent predictions for the coming year. Even in 2025, cyber attackers were already using AI to automate phishing campaigns, as well as generating realistic false emails and even mimicking human speech.

Prevention

Companies will need to invest in AI-enhanced security tools as standard, not as a fancy way to defend their online data. These tools can spot unusual behavioural patterns rather than relying on signature-based detection and previous predictive insights. Many businesses use managed detection and response (MDR) software, which is backed by AI, allowing reactions to occur to threats quickly, reducing the risk of data breaches. If that sounds good, then you should check out articles on MDR at Red Canary for more guidance.

Increased Attacks on Supply Chains

Cybercrime is now turning its focus to supply chains, which exploits the trust between the organisation and the vendors. By exploiting a security issue with a single supplier, attackers can gain access to multiple downstream organisations that are linked. This is a particularly insidious threat as it often goes for long periods without being detected.

Prevention

Companies need to conduct intense security assessments of third-party vendors and ensure that all of their cybersecurity standards are up to standard. This will prevent exposure risk and will also ensure smooth future relationships.

Expansion of Cloud and SaaS Vulnerabilities

More companies are relying on the cloud and software as a service, or SaaS platforms. Therefore, any issues with access or lax controls are becoming prime targets for online criminals.

Prevention

To stop this, you will need to ensure that you have strong identity and access management (IAM) policies. Multi-factor authentication should also be standard for all staff who use cloud services, as well as administrators, and regular reviews of permissions.

Deepfake and Social Engineering Scams

As mentioned before, deepfake technology is advancing quickly, and this enables scammers to use voice-based software to impersonate people higher in businesses with an unnerving accuracy.

Prevention

It is now advised that all businesses implement verification procedures when looking to push through financial transactions and sensitive requests. Employees will also need to be trained in how to follow protocols, rather than relying on the perceived authority of the person who is seeking access.

Targeting of Small and Medium-Sized Businesses

Unfortunately, small to medium-sized businesses are predicted to be the biggest targets for cybersecurity hacks. Why? They often have lower-level security teams, making access to their data easier.

Prevention

Businesses of this size need to train their staff in cybersecurity hygiene, as well as install firewalls, endpoint protection, and potentially outsource their cybersecurity efforts, to ensure that they get professional help.