Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK and US, the report points to three areas shaping board-level conversations this year: AI, compliance, and supply chain security.
AI: A tool and a target
AI is now woven into security operations and business processes. Almost eight in ten respondents said their organizations adopted AI or machine learning in the past year, but many are struggling to manage it responsibly. The report identifies shadow AI as a significant issue, with 37% of employees using generative tools without approval. That creates risks ranging from accidental data leaks to GDPR violations.
Threat actors are also exploiting AI. Data poisoning, deepfake impersonation, and AI-generated phishing campaigns are emerging as mainstream attack methods. Respondents flagged AI-powered misinformation and disinformation as their top concern for the next 12 months. At the same time, most organizations are planning to invest in AI-powered defences, including…
