Earlier this year, Immersive Labs, a leader in cyber workforce resilience, released its Make or Break Cyber Resilience Guide 2025. The guide is packed with insights, predictions, and practical steps to help organisations strengthen their defences in the face of rising cyber threats. And it couldn't have come at a more urgent time.
The last 12 months have seen a surge in GenAI-related risks, high-profile breaches, complex supply chain attacks, and a worrying increase in ransomware activity. According to IBM, the average cost of a breach in 2024 hit $4.9 million, but perhaps more revealing is that the vast majority (68%) of breaches involved the human element (Verizon DBIR 2024).
The reality is today's threat landscape isn't just about systems and software. It's about people, their awareness, adaptability, and ability to respond under pressure. As cyber threats evolve, so too must the human layer of your defences.
In this blog, we'll highlight some of the key challenges outlined in Immersive's report, from overlooked vulnerabilities to the growing cyber skills gap, and share practical, measurable actions you can take to build lasting cyber resilience.
GenAI is the first and arguably most urgent prediction in Immersive's cyber resilience guide. Built on large language models and other deep learning architectures, GenAI tools can produce human-like text, code, images, audio, and more, based on the patterns they've learned from massive training datasets. What sets GenAI apart is its ability to create outputs that feel contextually relevant and tailored and can be produced at scale. That makes it particularly valuable for business leaders looking to accelerate workflows. From drafting emails and automating customer interactions, GenAI tools are becoming increasingly embedded across all industries.
You only have to look at Australia's National AI Centre, which is actively investing in GenAI capabilities across sectors like healthcare, defence, and government. Meanwhile, Australian businesses like Telstra and Westpac are exploring GenAI-powered chatbots and internal coding assistants to speed up customer service and development workflows. The shift is already well underway.
But GenAI is a double-edged sword. On the one hand, it can help SecDevOps teams automate vulnerability detection and reduce human error in secure coding, supporting efforts to prevent exploitable flaws before they reach production. On the other hand, GenAI can be used to generate malicious code, craft convincing phishing messages, or power customer-facing chatbots that may unknowingly introduce risk.
As Immersive puts it, the very same tools helping your business move faster can also make you more vulnerable, particularly when used without clear guardrails or human oversight.
In the past, compliance used to be all about policies on paper. Now, however, regulators and customers want tangible proof that your organisation is genuinely cyber-ready. That means going beyond tick-box training or annual exercises. You need to demonstrate that your people can respond effectively under pressure, make the right decisions, and recover quickly when it counts.
Immersive's report makes it clear: new regulations are shifting the focus from written plans to proven performance. And in many sectors, this shift has already begun with laws such as the EU's Cyber Resilience Act and the Digital Operational Resilience Act (DORA) raising the bar. Boards are under pressure to show they've taken reasonable steps to protect their organisations and security leaders are expected to provide data that proves not just what tools they have, but how their teams are using them, and how prepared those teams really are.
But here's the catch: technology alone won't close the gap. As threats become more complex and the regulatory bar rises, the need to upskill is no longer optional; it's fundamental. And it's not just about technical teams. Everyone in your organisation has a role to play in resilience, from frontline staff to leadership.
The most resilient organisations aren't waiting for breaches to expose their weaknesses. They're taking a much more proactive approach, investing in realistic, hands-on training, tracking performance and embedding cyber readiness into everyday culture.
If there's one message that cuts through Immersive's 2025 guide, it's this: cyber resilience isn't just a technology problem, it's a people problem. However, it's also a people opportunity.
Ransomware, supply chain attacks, and nation-state threats aren't going away. But what makes these threats so dangerous is how easily they exploit human vulnerabilities such as overconfidence, poor preparation, or slow response. That's why securing your infrastructure isn't just about systems and software; it's also about the people behind them.
Here are five people-centric steps from Immersive's guide that can help you build stronger defences:
Ultimately, the most resilient organisations aren't just reacting, they're building the mindset, skills, and confidence to respond to whatever comes next.
To learn more about the latest cyber security predictions, explore Immersive's full guide here.