A detailed new insight report from the World Economic Forum, Global Cybersecurity Outlook 2025, describes cyberspace as being more complex than ever before. Despite increased awareness about the risks, however, that complexity is exacerbating inequality with some organizations pulling ahead, while others continue to struggle with limited resources.

According to the report, 35 per cent of small organizations believe their cyber resilience is inadequate – a sevenfold increase since 2022. Conversely, large organizations reporting insufficient cyber resilience has dropped by nearly half.

Systemic points of failure 

“Amid increasingly interdependent supply chains, this cyber inequality is resulting in systemic points of failure with significant consequences for the overall resilience of the ecosystem,” the report states. “The transformative potential of artificial intelligence (AI) technologies presents both unprecedented risks and unmatched opportunities for cybersecurity.” 

They say leaders must adopt a security-first mindset, as the rapid adoption of emerging technologies continues to contribute to new vulnerabilities. “Simultaneously, the proliferation of regulatory requirements around the world is adding a significant compliance burden for organizations. All of these challenges are exacerbated by a widening skills gap.” The report notes that only 14 per cent of organizations’ executives say they are confident their companies have the people and skills needed today.

Supply chain vulnerabilities 

Among the report’s findings, they say supply chain vulnerabilities are emerging as the top ecosystem cyber risk, while geopolitical tensions increasingly shape cybersecurity strategy – nearly 60 per cent of organizations surveyed by the World Economic Forum said geopolitical tensions have affected their cyber strategies; 45 per cent said they were concerned about the disruption of operations and business processes.

Paradoxically too, they find that 66 per cent of organizations expect AI to have the most significant impact on cybersecurity in the year to come, but only 37 per cent report having processes in place to assess the security of AI tools before they are deployed. Regulations, meanwhile, do bolster resilience, they agree, but the report notes that their fragmentation introduces significant compliance challenges: 76 per cent of chief information security officers (CISOs) report that fragmentation of regulation across jurisdictions greatly affects their organizations’ ability to maintain compliance.

Other findings: 
  • Cyber attackers are adopting new tools to increase the effectiveness and scope of familiar attack efforts, including business email compromise and ransomware deployment efforts. “GenAI tools are lowering the cost of phishing and social engineering campaigns,” they write.
  • Cybercrime-as-a-service (CaaS) platforms which allow individuals and groups without technical expertise to engage in illicit online activities by purchasing the necessary tools and support, continue to grow. “While progress has been made in dismantling some of the platforms, enforcement efforts remain inconsistent as CaaS platforms continue to thrive.” 
  • The entry of organized crime into the cybercrime arena has changed the criminal market’s character. “When this cultural change is paired with the scale provided by CaaS platforms, the range of organizations that could be targeted by attacks such as ransomware, becomes wider,” they write.
  • Fewer than half of CEOs surveyed by the World Economic Forum say their organizations invest enough in cybersecurity.

The report also provides case studies and discusses attacks on water facilities, biological threat targets and communications infrastructure. It also looks at the coming quantum computing threats and the complexity of supply chain interdependencies.

Cyber insurance 

Regarding cyber insurance, the report looks very briefly at this, saying industry experts expect the size of the global market for cyber insurance to grow from $14-billion in 2023 to $29-billion in 2027 (figures in U.S. dollars). It also notes the affordability of insurance: “Among organizations classed as highly resilient, only seven per cent claimed not to have cyber insurance. However, cyber insurance appears to benefit larger organizations more than small organizations, likely because they are better able to afford it.”

The report goes on to say that 71 per cent of larger organizations expressed confidence in their cyber insurance, while only 35 per cent of small companies were able to say the same. “This again amplifies cyber inequality, with smaller organizations being more exposed to risk.” 

They conclude, saying ultimately overcoming cyber challenges requires a shift in perspective, not just technological innovation. “Cyber resilience must be recognized as a collective responsibility, with organizations of all sizes working together to fortify the interconnected networks that underpin the digital economy.”