What leaders need to know about emerging cybersecurity threats

By: Janice Mejías Avilés, Edited by: Rebecca Munday

Published: June 2, 2025

Cyberattacks can strike from anywhere — through marketing tools and emails, popular accounting software, or your own business partners.

That's why every organizational leader, not just in the information technology (IT) department, must understand the real risks. Cyber threats can disrupt critical operations, damage your reputation, or destroy your business.

Discover the five cybersecurity threats every leader should have on their radar and strategies to combat them.

Emerging cybersecurity threats for businesses

While tech evolution is a given, shifting political landscapes, economic uncertainty, and fast-moving regulatory changes are reshaping cybersecurity teams' priorities, said Emmanuel Morales, a certified information systems auditor with more than a decade of experience.

Cybercriminals exploit these changing conditions to steal data, extort businesses, and disrupt operations.

Below are five cybersecurity threats Morales suggests every leader should be watching now:

Ransomware-as-a-Service (RaaS)

Inspired by the Software as a Service (SaaS) distribution model, where businesses turn products into services via applications or cloud-based solutions, cybercriminals are now renting their hacking services.

We're seeing that criminal organizations now offer ransomware through subscription services or models. This permits attackers with basic technical skills to launch cyberattacks without developing their own malware, Morales said.

Democratizing cybercrime multiplies the volume and variety of attacks that organizations now face.

Artificial intelligence (AI) powered attacks

Even with strong existing protocols, the use of AI by cybercriminals to create highly convincing phishing attacks beyond email scams is becoming a challenge for cybersecurity teams.

AI lets attackers automate and adapt faster, which makes it difficult to counter. That puts additional pressure on our teams because attackers are constantly tweaking their tactics based on the outcomes, Morales explained.

Supply chain vulnerabilities

According to Morales, not all risks come from inside the house — some start in your supply chain. Dependence on third-party vendors increases the risk of organizational infiltration, as they can have hidden weaknesses.

Leaders need to make sure that external business partners also implement strong, up-to-date security measures. It can reduce the company's exposure to cyber incidents, Morales noted.

Digital misinformation

Although these activities may not directly target companies, misinformation strategies on digital platforms pose a challenge for cybersecurity teams. Inaccurate narratives can impact sectors, the supply chain, and brand trust. Bad actors may also exploit organizations during current social events or tensions.

We're seeing more groups and regimes using social media networks to influence public opinion in their countries or abroad. This complicates our work. Now we must navigate external influences while dealing with limited resources and regulations, Morales observed.

Cybersecurity workforce shortages

External threats may be the priority, but internally, workforce challenges may compound the risks. Despite growing demand for cybersecurity professionals, some organizations are slowing recruitment due to budget constraints tied to economic uncertainty.

Some companies are doing freezing hires, which in turn leave the organization vulnerable due to a lack of qualified personnel. And since cybersecurity professionals are in demand, it makes retention a challenge for our teams, Morales said.

Preventive cybersecurity measures for leaders

Even if you're not an IT expert, as a leader or manager, you can minimize the chances of an organization being the victim of a successful cyberattack. Here are three ways you can champion best practices as a leader:

Step 1: Understand the concrete business risks of a cyberattack for your organization

Learn the cybersecurity essentials for your business, as well as the pitfalls of not investing in experts and tools. For business leaders, these risks may translate into:

• Business interruption that can lead to reputational damage or severed client relations
• Profit loss from ransomware attacks and remediation efforts
• Fines or sanctions from government agencies
• Restriction on business operations
• Loss of licenses or certifications

Step 2: Have a direct line with the IT team

Communication is just as crucial as the technology itself, according to Morales.

Keep your tech teams on the loop on what's going on in your organization, who your vendors are, and any major changes, Morales said. It helps us adapt more quickly and respond to vulnerabilities faster.

Collaborate with your IT and cybersecurity teams to create a security checklist that can be used by both technical teams and the managers of each business unit. You can use these questions and tailor them to your organizational needs:

• Are security tools properly configured for each department?
• Do we have an up-to-date inventory of the company's IT assets?
• Are we regularly auditing user access permissions?
• Are we collaborating with research institutions to adopt best practices and prevention strategies?

Your organization's IT team can also help you stay informed about emerging threats, especially AI-driven cyberattacks.

Step 3: Integrate cybersecurity as a top business priority

Build cybersecurity into your organization's strategy. That means embedding best practices across departments, investing in employee awareness training, and committing to ongoing talent development to keep your defenses strong.

A strong security culture begins with informed leadership. Explore executive education programs in cybersecurity and IT strategy from recognized institutions available online through edX.