2025 Midyear Outlook: 5 Cyber & Fraud Trends Threatening Businesses

Read Time: 6 Min
Learn the prevention strategies to help protect against the top five cybersecurity and fraud trends threatening organizations.

Key takeaways

  1. People can be the weakest link in a cyber defense strategy. Training employees regularly on social engineering tactics is recommended.
  2. Focusing on business continuity practices and monitoring suspicious behavior can help prevent damage from malware and ransomware.
  3. Rising attacks on critical infrastructure and supply chains highlight the need for businesses to carefully vet third-party partners and control access.
  4. Educate employees on AI-enabled scams and update internal protocols to help combat evolving AI- and deepfake-driven attacks.
  5. Never skip an update or patch. Threat actors continuously watch for known weaknesses to infiltrate networks.

Cyber threats grow more sophisticated every year, but the most effective prevention strategies remain simple. Many breaches still stem from well-known attack methods that manipulate human behavior, system delays, or gaps in third-party controls.

Huntington’s Cybersecurity and Enterprise Fraud teams track emerging threat patterns across industries. This year, what stands out is the frequency of incidents and how often they trace back to ignored fundamentals. The cost of leaving these gaps unaddressed is only getting higher. In 2024, the average data breach cost was $4.88 million, up 10% from the year prior. Reducing the risk of evolving threats still comes down to consistently applying basic controls across people, systems, and vendors.

In this article, we highlight five threats expected to remain prominent throughout this year and into the next and strategies to help reduce exposure.

1. Social Engineering & Human Error

Social engineering attacks manipulate people rather than systems. With this tactic, threat actors impersonate internal staff, vendors, or executives to request access, information, or funds transfers. This can be accomplished with phishing emails, fake login pages, and live phone calls. The attacker’s success depends on workplace norms of helplessness, familiarity, and urgency. Between September 2024 and February 2025, one in five reported phishing emails relied solely on social manipulation, and the most common words used were “urgent,” “review,” and “sign.”

A combination of training and process discipline can help prevent employees from becoming victims of these attacks. Consider taking these actions:

  • Offer regular role-specific phishing simulations and training that reflect actual tactics seen in the wild.
  • Require dual approvers or verified callback steps for sensitive financial transactions.
  • Apply control policies to limit access to systems and data based on necessity and role.

2. Malware and Ransomware

Malware refers to any software designed to harm systems. Ransomware is a type of malware that threat actors use to lock systems or data and demand payment to restore access. Increasingly, attackers extract sensitive data before triggering the lockout, which increases legal exposure and operational risk.

Many attacks bypass traditional antivirus protection. Prioritizing prevention and recovery can help defend against it:

  • Back up data regularly, including copies stored offline and tested for recovery.
  • Use endpoint detection and response tools that flag unusual behavior.
  • Segment networks to help prevent threat actors from moving freely across systems.

3. Supply Chain Attacks and Vendor Weaknesses

As businesses rely more on third-party platforms and providers, threat actors are targeting the weakest link in those networks. Recent findings from a data breach investigations report found 30% of reported breaches involved a vendor, double the rate from the year prior§. These ranged from exploited software vulnerabilities to compromised partner credentials.

These attacks are especially difficult to contain because they extend beyond internal systems. A breach at a payroll vendor, infrastructure partner, or software provider can cascade into business interruption or legal exposure, even if the company wasn’t directly targeted. This risk has grown with the rise of nation-state actors and the expanded attack surface created by supply chains.

To help strengthen resilience, organizations should consider the following:

  • Include cybersecurity requirements in vendor contracts and onboarding.
  • Require multifactor authentication, passkeys, and encryption standards from third parties.
  • Monitor for unusual activity in shared interfaces.
  • Control vendors’ network access by implementing network segmentation and time-based restrictions.
  • View vendor trust as a process, not an assumption. Verify, then trust.

4. AI Scams and Deepfake-Driven Attacks

Advances in generative tools have reshaped fraud. Threat actors use voice cloning, fake videos, and personalized phishing emails to convincingly mimic executives or employees, all with minimal resources or expertise.

Deepfakes use synthetic audio or video to imitate real people, often executives. In one recent case, a finance employee at a multinational firm received a video call that appeared to come from the CFO requesting an urgent funds transfer. The face and voice were convincing, but the message was fake. The result? The equivalent of $25.6 million was transferred to the fraudster.

Phishing messages using these generative AI tools have doubled over the past two years. In 2024, 82.6% of phishing emails identified showed signs of using AI§.

Companies can help limit exposure to these threats:

  • Educate teams on how these scams work and what to watch for.
  • Require internal authentication for high-risk requests, such as verbal codes or secondary confirmation through secure apps. This is especially important for finance, HR, and IT requests.
  • Use domain authentication to flag spoofed company emails.

5. System Vulnerabilities and Missed Patches

Many breaches exploit known and unpatched software vulnerabilities. A "zero-day" vulnerability is one that becomes known before a fix exists, but most attacks succeed by exploiting older, well-documented issues that simply haven't been addressed. One data breach report found 20% of identified breaches involved exploited vulnerabilities, up 34 percent from the previous year§.

Attackers scan the internet for unpatched systems and outdated software. Once inside, they can install malware, steal data, or quietly expand their presence within the network.

These prevention strategies can help organizations address vulnerabilities quickly:

  • Patch critical systems as soon as software updates are released, especially for operating systems, VPNs, and remote access tools.
  • Maintaining a complete asset inventory to help avoid blind spots.
  • Using automated scanning tools to detect and prioritize vulnerabilities.

Where Focus Matters

Most breaches don't begin with breakthrough tactics. They start with untrained users, missed updates, or over-trusted partners. While headlines may highlight new threat technology, the root causes are often avoidable lapses in execution or training.

Prioritizing the basics of access control, verification, patching, and monitoring remains the most effective strategy to help reduce exposure.

Financial & industry insights delivered to your inbox.

Subscribe to Huntington Insights

Sign up to receive emails about our latest articles, case studies, and events on topics that matter most to your business.
Subscribe

Related Content

Cybersecurity & Fraud
Cybersecurity & Fraud
Understanding cybersecurity best practices can help protect your organization against bad actors and better manage risk. Read about threat trends, security insights, combatting fraud, and more from Huntington’s cybersecurity team.
Cybersecurity & Fraud
Read Time: 6 Min
Your cybersecurity checklist to help strengthen defenses this year
Implementing these cybersecurity best practices can help bolster your defenses and develop a strong security culture.
May 06, 2025

IBM. July 2024. “Cost of a Data Breach Report 2024.” Accessed June 25, 2025.  

KnowBe4. March 2025. “Phishing Threat Trends Report.” Accessed June 25, 2025.  

§ Verizon Business. 2025. “2025 Data Breach Investigations Report.” Accessed June 25, 2025.  

Chen, Heather and Kathleen Magramo. February 2024. “Finance Worker Pays Out $25 Million After Video Call with Deepfake ‘Chief Finance Officer.’” CNN. Accessed June 25, 2025.

The information provided in this document is intended solely for general informational purposes and is provided with the understanding that neither Huntington, its affiliates nor any other party is engaging in rendering tax, financial, legal, technical or other professional advice or services or endorsing any third-party product or service. Any use of this information should be done only in consultation with a qualified and licensed professional who can take into account all relevant factors and desired outcomes in the context of the facts surrounding your particular circumstances. The information in this document was developed with reasonable care and attention. However, it is possible that some of the information is incomplete, incorrect, or inapplicable to particular circumstances or conditions. NEITHER HUNTINGTON NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS OR EXPENSES (DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT OR OTHERWISE) RESULTING FROM USING, RELYING ON OR ACTING UPON INFORMATION IN THIS DOCUMENT OR THIRD-PARTY RESOURCES IDENTIFIED IN THIS DOCUMENT EVEN IF HUNTINGTON AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF OR FORESEEN THE POSSIBILITY OF SUCH DAMAGES, LOSSES, COSTS OR EXPENSES.

Huntington, Huntington Bank, and the Huntington Brandmark are service marks of Huntington Bancshares Incorporated.