Global Cybersecurity Outlook 2025

While the 2024 edition of the Global Cybersecurity Outlook highlighted the growing inequity in cyberspace, this year’s report shines a light on the increasing complexity of the cyber landscape, which has profound and far-reaching implications for organizations and nations.

This complexity is driven by a series of compounding factors:

All of these challenges are exacerbated by a widening skills gap, making it extremely challenging to manage cyber risks effectively.

The growing complexity of cyberspace is exacerbating cyber inequity, widening the gap between large and small organizations, deepening the divide between developed and emerging economies, and expanding sectoral disparities.¹ Some 35% of small organizations believe their cyber resilience is inadequate, a proportion that has increased sevenfold since 2022. By contrast, the share of large organizations reporting insufficient cyber resilience has nearly halved.

This disparity in cyber resilience is further highlighted by regional differences in preparedness: while only 15% of respondents in Europe and North America lack confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure, this proportion rises to 36% in Africa and 42% in Latin America.

The public sector is disproportionately affected, with 38% of respondents reporting insufficient resilience, compared to just 10% of medium-to-large private-sector organizations. This inequity extends to the cyber workforce, with 49% of public-sector organizations indicating they lack the necessary talent to meet their cybersecurity goals – an increase of 33% from 2024.

The Global Cybersecurity Outlook 2025 report includes a deeper analysis of the most important drivers of complexity and provides valuable insights into the most pressing cyber challenges in the year ahead and their potential implications for executives.

These are the key findings from this year’s report and the main trends that executives will need to navigate in 2025:

Of large organizations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience. The increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers, has emerged as the leading cybersecurity risk for organizations. Key concerns include software vulnerabilities introduced by third parties and propagation of cyberattacks throughout the ecosystem.

Nearly 60% of organizations state that geopolitical tensions have affected their cybersecurity strategy. Geopolitical turmoil has also affected the perception of risks, with one in three CEOs citing cyber espionage and loss of sensitive information/intellectual property (IP) theft as their top concern, while 45% of cyber leaders are concerned about disruption of operations and business processes.

While 66% of organizations expect AI to have the most significant impact on cybersecurity in the year to come, only 37% report having processes in place to assess the security of AI tools before deployment. This reveals the paradox of the gap between the recognition of AI-driven cybersecurity risks and the rapid implementation of AI without the necessary security safeguards to ensure cyber resilience.

Some 72% of respondents report an increase in organizational cyber risks, with ransomware remaining a top concern. Nearly 47% of organizations cite adversarial advances powered by generative AI (GenAI) as their primary concern, enabling more sophisticated and scalable attacks. In 2024 there was a sharp increase in phishing and social engineering attacks, with 42% of organizations reporting such incidents.

Regulations are increasingly seen as an important factor for improving baseline cybersecurity posture and building trust. However, their proliferation and disharmony are creating significant challenges for organizations, with more than 76% of chief information security officers (CISOs) at the World Economic Forum’s Annual Meeting on Cybersecurity in 2024 reporting that fragmentation of regulations across jurisdictions greatly affects their organizations’ ability to maintain compliance.

Since 2024, the cyber skills gap has increased by 8%, with two out of three organizations reporting moderate-to-critical skills gaps, including a lack of essential talent and skills to meet their security requirements. Furthermore, only 14% of organizations are confident that they have the people and skills they need today.