Digital innovation opportunities are advancing simultaneously as sophisticated risks and threats. As organisations face this dual reality, robust cyber resilience is critical. However, tools, knowledge, and access to cyber security are far from equitable globally.

The World Economic Forum's Global Cybersecurity Outlook 2025 maps this issue in detail and explores the challenges organisations face, amid geopolitical tensions, technological advances, and regulatory demands.

The report, based on the Global Cybersecurity Outlook (GCO) survey from 57 countries, offers insight into how these forces are shaping cybersecurity strategies worldwide.

One of the key findings is that cyber risks, from state-sponsored attacks to supply chain vulnerabilities, are no longer limited to isolated incidents, but have ripple effects that can disrupt entire ecosystems.

Cross-border risks

Nearly 60 percent of the surveyed organisations designed their security frameworks in response to escalating geopolitical risks. The potential for cyber espionage, operational disruptions, and intellectual property theft has put companies on high alert. Today's cyber risks are cross-border.

According to the research, emerging technologies, particularly artificial intelligence (AI), are also reshaping the cybersecurity landscape. Of the 66 percent of organisations that recognised AI's transformative potential, only 37 percent have implemented security measures to mitigate the associated risks. That's even though the rapid adoption of AI tools introduces vulnerabilities that can be exploited by cybercriminals to orchestrate large-scale attacks.

The research highlights that the complexity of the supply chain exacerbates these risks. With limited visibility into the cyber security practices of third-party suppliers, 54 percent of large organisations cite supply chain vulnerabilities as a significant barrier to security. The interconnected nature of supply chains means that breaches at any one point can propagate across entire ecosystems, magnifying their impact.

The creation of new international cyber security regulations poses an additional challenge for organisations. At the same time, a shortage of skilled workers makes it difficult to build strong defenses. In the report, two-thirds of organisations report a moderate to critical shortage of cybersecurity talent, and only 14 percent are confident in their ability to meet today's security demands.

Smaller organisations face disproportionate challenges in achieving cyber resilience. Since 2022, the percentage of small businesses reporting insufficient cybersecurity measures has increased sevenfold to 35 percent. In contrast, larger organisations have made significant progress in improving their defenses, creating a widening resilience gap that threatens the broader cyber ecosystem.

Regional disparities are also notable. In Europe and North America, only 15 percent of respondents are concerned about their countries' preparedness for serious cyber incidents. However, this confidence drops to 36 percent in Africa and 42 percent in Latin America. The public sector is particularly vulnerable, with 38 percent reporting insufficient resilience, compared to only 10 percent of medium and large private sector organisations.

Top threats

Ransomware remains a top concern, with 45 percent of organisations identifying it as a critical threat. Innovations such as Ransomware-as-a-Service (RaaS) have made these attacks more accessible to a greater number of cyber criminals. Cyber fraud, which ranks second among organisational risks, threatens business continuity and financial stability.

According to the report, the rise of gen AI presents a double-edged sword. While it offers organisations tools for efficiency and innovation, it also allows adversaries to launch more sophisticated phishing and social engineering campaigns. Alarmingly, 47 percent of organisations reported concerns about AI-driven attacks in 2024.

A call to action

The report underlines that cybersecurity is a shared responsibility. To address the complexities of an interconnected digital economy, organisations of all sizes must collaborate to strengthen the networks that drive global progress. Beyond technological advances, achieving resilience requires a shift in perspective: seeing cybersecurity as an integral component of overall organisational health.

The recommendation to executive teams is to align business and cyber strategies, foster a culture of vigilance, and prioritise resilience as a core organisational objective. Another cybersecurity strategy is that executive teams should align business and cyber strategies, foster a culture of vigilance, and prioritise resilience as a core organisational objective. partnerships across sectors and geographies. Sharing knowledge, resources, and best practices can fill resilience gaps and strengthen collective defenses.

The report emphasises the need to close the cybersecurity skills gap. Organisations should prioritise training programs and reskilliing initiatives, and partnerships with educational institutions to cultivate a strong talent pipeline. Adopting a forward-looking approach to risk management is seen as an essential challenge. This includes conducting thorough assessments of AI applications, improving supply chain transparency, and integrating cybersecurity considerations into broader business strategies.

HR and talent leaders need to address skills gaps by introducing training programs in partnership with coaches or educational institutions to improve the skills of the existing workforce and attract future talent. They also need to foster a culture of cyber vigilance, ensuring all employees play their roles effectively, including establishing managerial accountability to prioritise cyber awareness. Additionally, they should leverage collaborative networks by participating in industry initiatives and forums to share knowledge and strengthen defenses, protecting emerging technologies to stay ahead of potential vulnerabilities.