The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights the increasing complexity in the cyber landscape, which has significant implications for organisations and nations.
This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution of threats, regulatory challenges, vulnerabilities in supply chain interdependencies and the growing cyber skills gap.
Growing complexity further exacerbates cyber inequity, deepening the divide between developed and emerging economies, expanding sectoral disparities, and widening the gap between large and small organisations.
“Cyberspace is more complex and challenging than ever due to rapid technological advancements, growing cybercriminal sophistication and deeply interconnected supply chains. The Global Cybersecurity Outlook equips leaders with essential insights to navigate these challenges and strengthen cyber resilience,” says Jeremy Jurgens, MD of World Economic Forum. “Collaboration between public and private sector stakeholders is paramount to secure the benefits of digitalisation for all.”
The report identifies key factors driving the accelerating complexity and unpredictability in the cyber landscape, along with insights into their cumulative impact on both organizational and national cybersecurity posture. These include:
- Supply chain risk interdependencies: Increasing interdependency introduces vulnerabilities within interconnected supply chains, contributing to the growing complexity in cyberspace; 54% of large organisations consider supply chain challenges as the greatest barrier to achieving cyber resilience.
- Geopolitical tensions: The prevailing turmoil has affected the perception of risks, with one in three CEOs citing cyber espionage and loss of sensitive information/ intellectual property theft as their top concern, while 45% of cyber leaders are concerned about disruption of operations and business processes.
- Security in the Intelligent Age: There is a paradox between the recognition of AI-driven cybersecurity risks and the rapid implementation of AI without the necessary security safeguards to ensure cyber resilience. While 66% of organizations expect AI to have a major impact on cybersecurity in 2025, only 37% report having processes in place to assess the security of AI tools before deployment.
- Evolution of the threat landscape: The unprecedented level of sophistication in cyber threats enabled by emerging technologies enhances malicious actors’ ability to operate scams and social engineering attacks, generate disinformation, and execute ransomware at a pace, scope and scale never seen before. Nearly 47% of organizations cite adversarial advancements powered by GenAI as their primary concern.
- Regulations: While regulations bolster cyber resilience, 76% of CISOs at the 2024 Annual Meeting on Cybersecurity reported that fragmentation of regulations introduces significant compliance challenges.
- Workforce challenges: Since 2024, the cyber skills gap has increased by 8%, with two in three organisations lacking essential talent and skills to meet their security requirements; only 14% of organizations are confident that they have the people and skills they need today.
“Cybersecurity threats are more complex and unpredictable than ever and can directly impact an organization’s financial stability. The disruptive force of AI, coupled with supply chain vulnerabilities and geopolitical tensions, calls for a more proactive and collaborative approach to ensure a strong cyber resilient posture across all industries,” says Paolo Dal Cin, global lead at Accenture Security. “C-suite leaders must adopt a security-first mindset from the outset to confidently navigate these challenges with cybersecurity as an enabler that keeps our businesses and organisations resilient.”
The report calls for a shift in perspective from cybersecurity to enhanced cyber resilience – an organisation’s ability to mitigate the impact of significant cyber incidents on its goals and objectives. Additionally, it underscores the importance of evaluating cyber risks from a socioeconomic perspective, which is essential for organizations and nations to effectively allocate resources and strengthen their resilience against cyber threats.
“The 2022 cyberattacks on Costa Rica served as a wake-up call, underscoring the need for a fundamental shift in recognising cybersecurity as a critical investment for the future, rather than a mere expense,” says Paula Bogantes Zamora, minister of science, innovation, technology and telecommunications of Costa Rica. “Through this journey, we have recognised the need to strengthen our ecosystems by collaborating with our neighbours to enhance resilience not only in Costa Rica but also across the region.”
The Global Cybersecurity Outlook 2025 provides a comprehensive analysis of the escalating complexities in cybersecurity, with actionable insights to help leaders navigate the ever-changing cyberspace.
The report emphasises the need for collaborative efforts across the ecosystem to secure the interconnected networks essential to our digital economy and to effectively address the increasing shortage of cybersecurity skills. It also explores the economic implications of cybersecurity and highlights the critical role of leadership in prioritising cybersecurity as a core business enabler.