Top digital challenges facing companies in 2025

In the rapidly evolving digital landscape of 2025, every organisation faces a huge range of challenges that extend far beyond traditional cyber threats. We spoke to Shawn Gillooly, one of PGI’s Senior Digital Investigations Analysts who specialises in due diligence and reputation risk management for his perspective on the top challenges facing organisations in 2025.

What do you see as the foremost digital challenge for organisations in 2025?

One of the biggest challenges will be the increasing sophistication of digital threats. We're not just talking about cyberattacks anymore. Threat actors are combining cyberattacks with influence operations, astroturfing, and other reputational tactics. This is particularly concerning for sectors like defence, finance, transport, critical infrastructure, and large multinationals.

It sounds like the bad guys aren’t just looking to steal data or make money directly anymore, there’s more to it?

You’re right, ransomware and operational disruption have been the focus of security teams for a long time and rightly so, but some threat actors or attackers are looking to shift things at the macro level, rather than making a ‘quick buck’. As a very binary example, let’s say an attacker is looking at two key government suppliers - from open-source information gathering (OSINT), the threat actor knows a major government contract is coming in that both Company A and Company B are bidding on, and its likely one of them will get it. In this case, the attacker might set up an influence operation to tarnish the reputation of Company B, specifically targeting key government decision makers and hitting important pressure points that the contract bidding process relies on for scoring. This nudges the result in favour of Company A, and the attackers now have a direct line into a key government supplier.

With that scenario in mind, how should companies prepare for these combined threats?

Companies need to bolster their cyber and digital defences. This means being prepared for both direct cyber threats and more nuanced digital attacks. It's critical to have a comprehensive security strategy that addresses both aspects. Every company is different, so it’s impossible to give one-size-fits-all advice, but my main guidance would be to adopt layered solutions rather than relying on single approaches. This means integrating due diligence, intelligence analysis, and strategic consultation to make well-informed decisions. By focusing on comprehensive, multi-faceted strategies, companies will be better prepared for the complexities of the digital landscape.

Moving on to the regulatory and economic landscape. How will that impact how companies navigate the digital environment?

The regulatory and economic environment is always evolving. In 2025, companies will need to navigate shifting regulations, particularly in the US, and adapt to changes in the global economic landscape. Staying ahead of these changes requires a proactive approach to compliance and a keen understanding of geopolitical events that could affect business continuity.

For companies struggling to keep their head above water in a shifting regulatory environment, Governance, Risk and Compliance support should be considered. And for compliance-driven companies always on top of every regulation, getting validation from an external expert can make a big difference in outcomes. For example, let’s say a company has their own internal due diligence capabilities – but it’s been a while since processes and tools have been updated – bringing in the occasional quality assurance function to ensure they’re capturing the data they’re supposed to provides a level of reassurance that they're functioning at the level they should be and there won’t be any surprises.

Are there any upcoming regulatory trends that companies should be aware of?

Yes, regulations like DORA, and the Online Safety Act will have significant implications for digital compliance. That means companies need to integrate compliance into their strategic planning. For those with strong internal compliance capabilities, external quality checks can provide an additional layer of assurance.

You mentioned geopolitical events, how would events in other regions impact a business in the UK?

Understanding the geopolitical landscape and its impact on operations is crucial for maintaining business continuity. For example, where are your suppliers based? Perhaps a critical supplier is based in a hotspot like China or the Middle East and all of a sudden, a core component used in the manufacture of your product is no longer available. Or the transport sector can no longer reach certain ports due to risk. Companies should be engaging in scenario planning and exercises to prepare for potential disruptions.

Supply chain is a big concern for companies, with plenty of media coverage focused on ‘supply chain attacks’. Are the risks just operational?

Supply chain security is an extension of an organisation's own cyber and digital defences. Incorporating digital components into supplier agreements and conducting thorough digital risk assessments can help mitigate risks. Ensuring that suppliers adhere to the same security standards is essential for maintaining a robust security posture.

Reputational risk is also a key concern. Companies need to take due diligence seriously, not just in terms of basic business statistics but also in understanding behavioural patterns and potential vulnerabilities. This includes extending digital risk assessments to key suppliers and partners to ensure protection against social engineering and other digital and emerging threats.

Turning to emerging technologies, something we’re seeing a lot of discussion on. What should companies watch for in 2025?

It won’t surprise anyone that AI will continue to be a focal point. But we might see a backlash against overhyped AI solutions. Companies should be cautious about over-relying on AI and instead focus on integrating it thoughtfully into their operations. ‘AI-powered’ threats remain a concern, but traditional threats still pose significant risks. It’s important for companies of all sizes and types to balance their approach to AI – to leverage the benefits and not forget about the limitation and risk considerations.

If you could give one strategic piece of advice to organisations of any type in 2025, what would it be?

Just a reminder that layered solutions are better than single solutions. Take due diligence again as an example; a one-page due diligence summary about a supplier will give you some information, but access to a team who know how to both find information and contextualise it and who can talk to you about strategic concerns and you can bounce thoughts off them, can make a big difference. If you bring in the layers, you have more of a chance of making informed decisions or choosing to not make a decision at all as the information guides.

Navigating 2025

The digital challenges of 2025 are multifaceted and require a comprehensive approach to security and risk management. As Shawn highlighted, the increasing sophistication of digital threats, the evolving regulatory landscape, and the critical importance of supply chain security are key areas that all organisations must address. By adopting layered solutions, integrating due diligence, and staying proactive in compliance and geopolitical awareness, companies can better prepare for the complexities of the digital future.

PGI's digital threat experts can help you navigate the digital landscape safely and securely. If you could like to speak with one of them, talk to us.