On Radio Davos: Afrobeats and tabletop exercises - ways to tackle the risks raised in the Global Cybersecurity Outlook 2025

The World Economic Forum’s Global Cybersecurity Outlook 2025 provides an in-depth look at the evolving cyber landscape. With increasing geopolitical instability, emerging technologies such as generative artificial intelligence, and the rising complexity of supply chains, the risks to businesses and individuals are bigger than ever.

Radio Davos spoke to Akshay Joshi, Head of the Centre for Cybersecurity at the World Economic Forum, which published the Outlook, as well as two experts involved in raising awareness of the risks and the strategies to combat them.

"Geopolitical tensions and changing global realities are reshaping the cyber risks posed to organizations. Increasingly, organizations must factor in these geopolitical risks in their cybersecurity strategies," says Akshay Joshi, highlighting that 60% of executives have adjusted their cybersecurity approaches due to global uncertainties.

For example, cyber warfare has become an integral part of conflicts, targeting critical infrastructure and affecting business operations.

Also, supply chains are increasingly interconnected and vulnerable. A single disruption can have cascading effects. For example, a 2024 IT outage caused by a faulty software update affected multiple sectors globally. The 2025 Outlook found that 54% of large organizations identified supply chain risks as their greatest cyber resilience challenge.

"AI technologies present both opportunities and risks," adds Joshi.

While 66% of executives believe AI will positively impact cybersecurity, 37% acknowledge a lack of safeguards against its misuse. Criminals are also harnessing AI to develop sophisticated cyberattacks, making it vital for organizations to adopt secure AI practices.

Cyber inequity is a further major challenge: smaller organizations report a 7x increase in cyber resilience challenges compared to 2022. Geographically, organizations in developing nations in Africa and Latin America expressed a much lower confidence in cyber capabilities.

Confidence Staveley is the Executive Director of the Cybersafe Foundation, whose cybersecurity awareness campaigns have reached over 20 million people in Africa.

She advocates for making cybersecurity education accessible and engaging. Her work simplifies complex concepts for diverse audiences through music and folktale-based education for children.

"I think edutainment is one key thing we need to do more of because sometimes it is necessary that education doesn't just become something you go to; it's something that comes to you. And so for us, it's just really leveraging that in our campaigns," Staveley tells Radio Davos.

"For example, we created Africa's first Afrobeats cybersecurity awareness song. And first and foremost, if it sounds like you're dancing somewhere at a party, but then you're hearing about two-factor authentication, you're hearing about passport length and safety."

Keri Pearlson, Executive Director of Cybersecurity at MIT Sloan School of Management, offers practical advice on preparing organisations for cyber attacks. "It's highly likely that if your organization hasn't experienced a cyber incident, it will at some point in the future. You don't want to wait until that incident occurs to put a plan in action," she says.

Pearlson says organizations that prioritize cyber resilience gain a strategic edge. Proactive measures, such as vetting supply chain partners and implementing multifactor authentication, enhance overall security. Stress tests, such as tabletop exercises, prepare companies to respond effectively when incidents occur.

"The major issue for organisations is not how do we keep the bad guys out, but how do we build resilience so that if or perhaps when the bad guys get in, we have a plan in place for responding and recovering."

Pearlson recommends that organisations do "tabletop exercises" - like mini-war games to prepare for cyber attacks - as a way to discover weak links.

"We often talk about tabletop exercises and fire drills as a way to do your planning. You put your business continuity plan in place, you stress test it for other kinds of crises, and then you stress test it also for cyber crises.

"And one organisation we looked at had a crisis plan, not just a communication plan, and they had it on their computers. Their computer experienced malware, which put ransomware on their system, locked everything up, and encrypted all their files.

"And where do you think the plan was? Well, it was encrypted with everything else in their system. So, they might have noticed if they had done a tabletop exercise or prepared ahead of time. Hopefully, they would have noticed that one non-digital copy could have been the saviour for their crisis communications."

The Cybersecurity Outlook reveals an 8% increase in the global cyber talent gap. Two-thirds of organizations face moderate to critical skills shortages.

"We must remember that people are central to the cybersecurity effort," Staveley says. "Through advocacy and education in communities, we can put preventive measures in place to safeguard people. Likewise, we can attract the right talent through responsive education so that more members of society feel cyber safe."

The Global Cybersecurity Outlook 2025 underscores the urgent need for collaboration, innovation, and resilience in the face of growing cyber risks.

As Joshi notes: “Cybersecurity is not just a technical issue; it’s a strategic priority.”

To learn more, download the full report here and visit World Economic Forum's Centre for Cybersecurity to stay informed about the latest developments in cybersecurity.