IT Professionals Brace for 2025 Threats as U.S. Businesses Face Growing AI-Enhanced Cyberattacks

STAMFORD, Conn.--(BUSINESS WIRE)--U.S. businesses are preparing for the new normal of AI-enhanced cyberattacks, which are now ranked as the top threat by IT professionals for the year ahead.

GetApp’s 6th Annual Data Security Report reveals that 37% of U.S. IT professionals view AI-enhanced attacks as their primary concern for 2025, with AI-enhanced malware cited as the top AI-generated threat by 60% of global IT professionals. While phishing and ransomware attacks remain prevalent and pervasive, the increasing sophistication of AI-augmented threats signals the need for businesses to prioritize new defensive strategies.

This survey of 4,000 cybersecurity and IT professionals from 11 countries, including 500 U.S. IT professionals, uncovers five additional key trends and how to address them:

1. Ransomware remains a significant challenge, but recovery rates are improving.
In 2024, ransomware attacks affected 44% of U.S. companies, with 43% of those paying a ransom. However, 36% of businesses were able to recover their data without payment, indicating improvements in incident response and decryption capabilities.

2. Phishing is still widespread despite ongoing prevention efforts.
Phishing continues to plague businesses with 87% of U.S. organizations reporting phishing attempts in the past 12 months. Alarmingly, 74% of employees who received a phishing email clicked on malicious links, highlighting the ongoing need for security awareness training.

3. Cloud security vulnerabilities are a growing concern.
As more businesses adopt cloud solutions, 56% of data breaches in the U.S. were attributed to software vulnerabilities, emphasizing the importance of securing cloud-based infrastructure.

4. U.S. data breaches are below global averages, but risks remain high.
The U.S. fared better than its global counterparts in terms of data breaches, with 54% of businesses reporting them in 2024 compared to the global average of 62%. Despite this, over half of U.S. organizations still experienced a breach, underscoring the need for continued vigilance.

5. Multi-factor authentication (MFA) adoption rises as cyberthreats evolve.
Over half (51%) of U.S. companies have implemented MFA for all applications, higher than the global average of 44%. This increased use of MFA is helping businesses fend off some of the most damaging cyberattacks.

“Increased investments in MFA are certainly paying off, but AI is pushing cyberattacks into uncharted territory and businesses can’t afford to fall behind,” says David Jani, security analyst at GetApp. “While efforts to mitigate risks like ransomware and phishing are improving, AI-driven threats require a faster, more adaptive approach. The companies that succeed in 2025 will be the ones that enhance their defenses now.”

Read GetApp’s 6th Annual Data Security Report for more insights and recommendations on how businesses can protect themselves against AI-enhanced cyberattacks through training, upgraded tools, and response plans.

About GetApp
GetApp is the recommendation engine small businesses need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. For more information, visit www.getapp.com.

Visit our newsroom for information on our recent announcements.