Insider fraud and AI threats: 2025 cybercrime predictions

Enjoy complimentary access to top ideas and insights — selected by our editors.

On Tuesday, credit bureau Experian released a report forecasting trends the company expects will unfold over the coming year based on the trends in data breaches and fraud it observed over the past year, including one prediction that fraud committed by company insiders may increase.

The forecast is the 12th annual report from the company, which has largely had success in past predictions. For example, the company accurately said in late 2021 that increasing legalization of gambling would drive up phishing scams that target gamblers. While fraud was not a significantly greater problem in the gambling industry in 2022, it became much more pronounced the following year, according to data from LexisNexis Risk Solutions and Onfido.

In its latest report, three of Experian’s forecasts were of particular interest to banks and credit unions: Fraud committed by company insiders will rise, governments will move to more dynamic personal identification schemes and cyberattackers will target power systems to undermine cloud infrastructure.

Besides these three forecasts, the Experian report also predicted that the next year would bring more instances of hackers attacking other hackers and more arrests of teens involved in cybercrime.

The report has made some claims that have turned out to be prescient even if exaggerated. For example, last year’s Experian report said about India that “it’s possible the country will join China, Russia, North Korea and Iran as a major nation-state sponsor of cyberattacks in 2024.” So far, U.S. agencies have not designated India as a top threat, but Canada has. The report also correctly predicted that Indian-linked threat actors would expand their scope to targets outside of Pakistan, with threat actors targeting Egypt and Sri Lanka.

Insider threats posed by AI training

To make its case that insider fraud will pose a greater threat over the coming year, Experian pointed to trends in companies training their employees on the responsible use of artificial intelligence, warning that some employees could use that training against the company.

“Next year may see at least one global brand impacted by fraud perpetrated by an insider to whom it provided educational AI training,” reads the report.

Indeed, enterprise use of artificial intelligence has gained ground over the past year as companies like OpenAI, Cohere, and Anthropic offer so-called knowledge management solutions that enable employees to search company documents more effectively. The Experian report warns that employees might be able to exploit the AI education they receive with these products to steal sensitive information.

Dynamic identity systems could help fight fraud

One of the top challenges banks face in fighting fraud is confirming the identity of customers. Many factors have driven this trend, including AI, which has made it easier to create spoof images and live videos of identity documents, faces, and other sources of identity that banks and credit unions use.

Less complex forms of identity have also been compromised en masse. For example, some cybersecurity experts believe that virtually every American’s Social Security number has been leaked online at least once. Large-scale breaches of this and other identifying information has also increased the risk for banks and credit unions of relying on these data points as verification of a person’s identity.

“To combat this evolving reality, nation-states and government agencies could move to dynamic identification that will replace static driver’s licenses and social security cards with dynamic PII that continually changes like an online 3D barcode used for event tickets,” reads the Experian report.

Indeed, some governments have already begun issuing more dynamic forms of identification, to help aid in reducing fraud against both government agencies and companies. For example, the European Union this year updated its regulations around digital identities to mandate member nations make digital identity wallets available to every citizen. Lawmakers have floated bringing a similar system to the U.S.

More warnings about power system vulnerabilities

Generative AI companies have been scrutinized for the energy demands that their systems create. For example, Goldman Sachs said this year that a ChatGPT query uses nearly 10 times as much electricity as a standard Google search. In the same article, and in connection with the increased power demand by generative AI applications, the investment bank estimated that, globally, power demand at data centers would increase twofold from 2023 to 2030.

In its report Tuesday, Experian predicated that this increasing dependency on power would make electrical distribution systems a greater target for threat actors looking to disrupt AI infrastructure in the U.S.

“Within the next year, cyberattackers could successfully jeopardize a nation-state’s cloud infrastructure through an attack on the power needed to run it,” reads the Experian report.

This is not the first time Experian has forecasted large attacks against the power grid. In late 2022, the company’s data breaches forecast included a prediction that threat actors would increasingly target physical infrastructure like electrical grids, dams, and transportation networks. The forecast the company issued in late 2016 also focused on attacks against U.S. critical infrastructure.

In part, these warnings have proven to be warranted. The most notable example in recent years was the ransomware attack that targeted the Colonial Pipeline, which disrupted gasoline and jet fuel distribution to the southeastern U.S., causing flight schedule changes and shortages of gasoline at filling stations.

Widespread technical outages have also occurred as the result of error rather than cyberattacks — for example, when CrowdStrike issued a buggy update earlier this year, disrupting IT systems in various sectors, including airlines and broadcasting systems.