We got it mostly right... with a couple of misses.
At the start of 2025, we made some bold predictions about the cyber landscape. Now, as we look back at the year that was, it’s time to see how accurate our crystal ball really was. Dr. Ann Irvine, Chief Data and Analytics Officer at Resilience, sat down with us to evaluate what happened—and what surprised us along the way.
1. HAPPENED: A little-known company will experience a major cyber incident
The prediction: The largest cyber incident of 2025 would involve a company most people had never heard of.
What actually happened: This prediction hit harder and faster than we expected: the PowerSchool breach became public almost immediately after we made this prediction, in January 2025. Like the CDK attack we referenced last year, PowerSchool demonstrated how sector-specific companies can create outsized impact. The breach affected K-12 schools across North America, disrupting education systems and exposing sensitive student data.
“This is going to keep happening,” Dr. Irvine notes. “These companies sit at critical junctures in supply chains, serving niche markets that most consumers never think about. But when they go down, the ripple effects are massive.”
2. SORT OF HAPPENED: Deepfakes will target major corporations
The prediction: A Fortune 500 company would fall victim to a deepfake attack in 2025.
What actually happened: The answer here is more nuanced than a simple yes or no. While we didn’t see the exact scenario we predicted—a deepfaked executive video call deceiving a major corporation—we did see sophisticated AI-enabled social engineering attacks reach new heights.
The Scattered Spider attacks in the UK exemplified this evolution. These threat actors called help desks and used social engineering (possibly AI-assisted) to impersonate legitimate users and gain access to systems. “They probably used some AI enablement,” Dr. Irvine explains. “That’s how they operated—calling help desks, pretending to be whomever they needed to be.”
The question remains: Did the deepfake scenario we envisioned actually happen without public disclosure? “We haven’t heard of a case where a deepfaked exec called another executive,” Dr. Irvine says. “But I don’t know if we would have heard of it. Unless it results in a major, major financial loss, it may not be disclosed. For a Fortune 500 company to have to disclose something, a breach usually has to be financially or operationally ‘material’—a $1 million transfer wouldn’t necessarily have to be reported.”
The technology is there. The attacks are getting more sophisticated. We’re calling this one “sort of happened,” with the caveat that the full story may not yet be public.
3. HAPPENED: Nation-state actors will not cause a nationwide internet outage
The prediction: Despite fears of nation-state cyberattacks, we predicted that major internet or service providers wouldn’t experience extended outages in 2025.
What actually happened: We got this one right, though not without some drama along the way. AWS, Cloudflare, and other major providers did experience brief disruptions throughout the year, but critically, these were all bugs—not malicious actors.
Internet outages happened, but they were small-scale, short-lived, and ultimately manageable. “All of them got a lot of publicity,” Dr. Irvine notes. “As soon as Instagram and X go offline, the internet loses its mind. They were talked about a lot, but recovered from quickly.”
The infrastructure held. The sky didn’t fall. And while vigilance remains necessary, the catastrophic scenario many feared simply didn’t materialize.
4. HAPPENED: Public awareness of cyber risk will continue to increase
The prediction: High-profile breaches and personal scams would continue to heighten public awareness of cybersecurity risks.
What actually happened: The drumbeat of cybersecurity incidents throughout 2025 kept cyber risk in the public consciousness. Dr. Irvine points to mainstream coverage as evidence, including articles in publications like The Atlantic that brought cybersecurity concerns to broader audiences.
Scams also hit closer to home for many people. These weren’t abstract corporate breaches; they were personal threats that everyday people could understand and relate to.
And as an increasing number of people received security training at work, received breach notifications, and personally knew someone who had been scammed, our collective consciousness about cybersecurity as a societal problem continued to build throughout the year.
5. HAPPENED: The financial impact of ransomware attacks will continue to grow
The prediction: Ransomware would become even more lucrative for cybercriminals in 2025, with attacks growing more sophisticated.
What actually happened: The claims data we manage across our portfolio says yes—emphatically. While the number of ransomware-related claims in the Resilience portfolio dropped, the financial toll of ransomware incidents escalated throughout 2025, with attacks targeting critical sectors and organizations of all sizes.
Organizations that invested in layered defenses and robust incident response plans fared better, but the overall trend line moved in exactly the direction we predicted: upward and to the right, from a threat actor profitability perspective.
6. DID NOT HAPPEN: Insurance companies will drive cybersecurity improvements
The prediction: Insurers would become key drivers of cybersecurity improvement by attaching real financial stakes to their policies.
What actually happened: We got this one wrong, and Dr. Irvine is candid about why: “Soft market equals no.”
The insurance market remained soft throughout 2025, which means competitive pressure kept premiums low and underwriting requirements relaxed. Dr. Irvine points out that when insurers are competing aggressively for business, they’re less likely to impose strict security requirements that might drive potential customers to competitors.
This is perhaps the most concerning miss on our list. A hardening insurance market that demands better security practices could be a powerful force for improving organizational cyber resilience. But in a soft market, that lever simply doesn’t exist.
What we learned
Looking back at our predictions, we got most of them right—but the misses matter as much as the hits. The soft insurance market failing to drive security improvements is a stark reminder that market forces don’t always align with security best practices.
And the predictions that did come true—the supply chain breaches, the growing ransomware impact, the increased public awareness—underscore the persistent nature of cyber risk. These aren’t one-time events; they’re ongoing challenges that require sustained attention and investment.
As we head into 2026, one thing is clear: the threat landscape continues to evolve, sometimes in expected ways and sometimes in ways that surprise even seasoned experts. The key is maintaining vigilance, investing in defense, and being honest when our predictions miss the mark. Because in cybersecurity, being wrong about what might happen is far less dangerous than being unprepared for what does happen.
