Published in August 2025, the CrowdStrike Global Threat Report 2025 provides a detailed overview of the evolving cyber threat landscape, drawing on data from millions of endpoints and cloud workloads worldwide.
We set out below a concise overview of the critical findings:
Surge in Threat Sophistication and Speed
In 2024, adversaries dramatically improved their speed and efficiency. The average “breakout time” (being the time before attackers begin moving laterally within a network) was just 48 minutes, with the fastest taking only 51 seconds. This emphasizes the urgent need for real-time threat detection and quick incident response. Delays can result in increased legal and regulatory exposure, making immediate containment essential.
Explosion in Social Engineering and Vishing Attacks
Voice phishing (vishing) skyrocketed by 442% between the first and second halves of 2024. Social engineering tactics, such as vishing, callback phishing, and help desk impersonation, are now primary entry points for attackers. These methods bypass technical controls, exposing companies to internal fraud and escalating breach notification obligations. Organizations must focus on enhanced security policies and ensure compliance with evolving regulatory frameworks.
Rise of Malware-Free and Identity-Based Intrusions
A striking 79% of cyberattack detections in 2024 were malware-free, signaling a shift to tactics like credential abuse and hands-on-keyboard attacks. Identity-based intrusions were found in 35% of cloud incidents, often facilitated through access broker markets, which grew 50% year-over-year. This highlights the need for robust identity management strategies, including multi-factor authentication (MFA) and access controls, to protect sensitive data.
Generative AI: A Double-Edged Sword
Generative artificial intelligence (GenAI) and large language models (LLMs) are now widely used by adversaries for phishing, business email compromise (BEC), and creating fraudulent personas. These AI-driven tactics are significantly more effective than traditional methods, with phishing attempts crafted by LLMs achieving a 54% click-through rate, compared to just 12% for human-generated attempts. Organizations should consider the implications of AI in cybersecurity policies and breach detection.
Cloud/SaaS and Supply Chain: Expanding Target Surface
Cloud intrusions increased by 26% in 2024, with valid account abuse becoming the top method for attackers. Software-as-a-service (SaaS) platforms and cloud services are frequent targets, with many breaches resulting from compromised single sign-on (SSO) credentials. Businesses must focus on strengthening cloud security protocols, particularly by enforcing MFA and ensuring thorough audits of third-party vendor data and access.
Regulatory, Compliance, and Notification Pressure
Rapid breakout times and reliance on stealthy, legitimate remote tools hinder timely detection and reporting, increasing legal exposure regarding breach notification and regulatory investigation timelines. This also elevates contractual risk, especially where service-level agreements and vendor obligations stress quick detection and containment across hybrid IT environments.
Action Items for Legal and Compliance
The report’s key recommendations include the following:
- Mandate phishing-resistant MFA (e.g., FIDO2 hardware keys) and strict identity management for privileged and SaaS accounts
- Proactively audit and restrict user/app permissions, particularly for cloud environments, require robust vendor security assessments and certifications
- Maintain continuous cybersecurity awareness training, with emphasis on social engineering and vishing
- Integrate real-time threat intelligence, incident tabletop exercises, and cross-domain detection into compliance programs
- Embed incident response readiness and supply chain security requirements in third-party contracts
Summary
The 2025 threat environment is defined by speed, stealth, and ingenuity, with identity compromise, social engineering, and GenAI at the forefront. Enterprises must ensure cybersecurity controls, vendor management, and incident response obligations are current, notification protocols are tested, and regulatory requirements are mapped to these evolving threats.
How We Can Help
Our team assists in-house teams in translating complex cyberthreat intelligence into actionable legal, compliance, and contractual strategies. Our lawyers can help organizations assess and mitigate regulatory exposure, review and strengthen vendor and cloud contracts, implement robust incident response protocols, and provide guidance on breach notification obligations.