The cyberspace is increasingly complex. Here are 6 reasons why

The global economy is operating in an increasingly complex cyberspace, according to the World Economic Forum’s Global Cybersecurity Outlook 2025, with rapidly advancing technologies and evolving regulations creating new challenges and opportunities.

"Cybersecurity is entering an era of unprecedented complexity," the report states, adding that the "stakes have never been higher."

The report—released ahead of the Forum's Annual Meeting in Davos, Switzerland—draws on a survey of industry experts and identifies the various trends complicating the cyberspace.

Here are six of the key issue areas:

The Global Cybersecurity Outlook 2025 found that a third of CEOs are concerned about cyber espionage and loss of sensitive information as a result of ongoing global conflicts.

Moreover, geopolitical tensions have affected the cybersecurity strategy for nearly 60% of organizations. While some have modified their insurance policies, a significant portion have changed vendors, trading policies, or ceased business altogether in certain countries.

"Escalating geopolitical tensions and increasingly sophisticated cyberthreats pose significant risks to critical infrastructure, which depends on networks of interconnected devices and legacy systems," the report notes.

The report finds a mismatch between organizations’ recognition of cybersecurity risks related to AI and how rapidly AI tools are being adopted without the necessary safeguards.

Two-thirds of companies anticipate AI impacting cybersecurity in 2025, but only a third (37%) say they have the requisite tools to assess related security risks. This issue is even more pronounced in smaller organizations, where 69% lack adequate safeguards for the secure deployment of AI technologies.

"The security of AI systems (or lack thereof) can have far-reaching implications given the increasing adoption of AI," said David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore. "We must cooperate and work together to secure AI, even in the face of ongoing geopolitical tensions and strategic competition in critical and emerging technologies."

The sector is currently lacking up to 4.8 million cybersecurity professionals. Only 14% of organizations say they have the skilled people they need in the current cyber landscape, while the report finds the cyber skills gap increased by 8% during 2024, predominantly in the public sector.

Furthermore, nearly half (49%) of public-sector respondents indicated they do not have the necessary workforce to meet their cybersecurity objectives.

"It’s critical we help close the growing cyber skills gap with a focus on training, reskilling, recruiting and retaining cybersecurity talent," said Chuck Robbins, Chair and Chief Executive Officer of Cisco.

Over half (54%) of large organization cited complex supply chains as the biggest barrier to achieving cyber resilience.

Moreover, concerns about software vulnerabilities, supply chain cyberattacks and limited visibility into third-party security are increasing, with 48% of Chief Information Security Officers (CISOs) reporting difficulties in enforcing security standards and managing the risks associated with reliance on critical providers.

"Smart adversaries exploit third-party vulnerabilities, making collaboration essential," said George Kurtz, Founder and CEO of CrowdStrike.

While ransomware remains a top concern for organizations, generative AI tools are reshaping the cybercrime landscape by enabling criminals to refine their methods as well as automate and personalize their techniques. Successful phishing, vishing, deepfake and other social engineering attacks were experienced by 42% of organizations during 2024, the report finds.

"As our digital footprints widen, so does the potential attack surface for nefarious actors," said Ivan John E Uy, Secretary of the Department of Information and Communications Technology in the Philippines.

While everyone agrees guardrails are essential in cyberspace, there is no agreement on which guardrails should be used. The proliferation of regulations – and the disharmony between them – is creating further challenges for companies.

Almost 70% of survey respondents admitted to finding regulations too complex or convoluted, while over three-quarters of CISOs at the Annual Meeting on Cybersecurity stated that regulatory confusion was greatly impacting their organizations’ ability to maintain compliance.

The compounding factors noted above contribute to the growing complexity and unpredictability of the cyber landscape, impacting organizations in several ways.

Firstly, they exacerbate cyber inequity, weakening ecosystem resilience by deepening the divide between organizations with the resources and means to adapt and those that struggle to keep up. This imbalance affects the broader ecosystem's resilience, as larger organizations often rely on smaller, less mature suppliers, meaning any disruptions in their operations can ripple throughout the entire supply chain.

Secondly, the rising complexity heightens the demand for specialized cybersecurity skills, further widening the skills gap. Staying abreast of technological advances necessitates expertise that is increasingly sought after in cybersecurity, while at the same time, the pressure on already overstretched security teams continues to mount.

These challenges demand a reassessment of cybersecurity strategies at both organizational and ecosystem levels. Leaders must view cybersecurity as a strategic investment, ensuring resilience against new threats and recognizing it as a collective responsibility across all organizations.

Strong leadership is essential, focusing not just on technical aspects but also on the economic implications of cyber risks. A unified approach between business and cyber leaders is critical to managing the growing complexity of cybersecurity.