The World Economic Forum Releases its 2025 Cybersecurity Outlook, and the New Year Looks Complicated

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In its report on the outlook for cybersecurity in 2025, the World Economic Forum observed enterprises are contending with a daunting threat environment while simultaneously trying to cover gaps in their internal security skill sets.

• Based on a survey of 321 security professionals and more in-depth interviews with 43 CISOs, the research highlighted discrepancies in the level of confidence in their cyber resilience by organizational size.

Findings from the World Economic Forum (WEF)’s Global Security Outlook Report 2025, conducted in partnership with Accenture, underscores the challenges enterprises and smaller organizations are facing amid global turmoil, relentless threat actors, and fast-evolving technology innovation. The results of the WEF survey of security professionals in 57 countries also show major differences in organizations based on size. Thirty-five percent (35%) of small organizations are concerned that their cyber resilience is lacking, seven times more than in 2022. Large enterprises report the opposite, with half as many saying their cyber resilience was unsatisfactory.

There is a dichotomy in cyber confidence comparing public and private sector organizations. Thirty-eight percent (38%) of surveyed government participants say they worry that they are unprepared for a breach. Only 10% of mid-sized and large enterprise express concerns. Public sector anxiety incorporates the fear of 49% who worry that their security skill sets are inadequate to accomplish cybersecurity objectives, a jump of 33% over last year.

Geopolitical tensions are holding sway over corporate cybersecurity strategies, with just under 60% of organizations saying these tensions factor into their decision-making and contributes to their understanding of risks. Cyber espionage as well as loss-sensitive and high-value data are their biggest worries.

In recent years, concerns about critical infrastructure security increased with threat actors compromising IT and OT systems. There is a significant difference by region in the level of faith organizations have in their country’s ability to protect critical infrastructure. Respondents in Latin America followed by Africa have the least confidence in their government’s effectiveness in defending critical infrastructure. Organizations in North America and Europe have the highest level of conviction in their country’s critical infrastructure security.

With respect to threats, 54% of the respondents say supply chain issues are the largest obstacle to maintaining cyber resilience. Across industries, the complicated and highly distributed nature of supply chains as well as the lack of control and insight into third-party distribution networks have been issues for years. Cybercriminals recognize these vulnerabilities and are stepping up their tactics to exploit them.

Artificial intelligence (AI) is part of most technology conversations – and for good reason. Advances came rapidly in recent years, and adoption is soaring. But two concerns give organizations pause: the integrity of data output and the security of AI systems. Sixty-six percent (66%) of the WEF survey respondents anticipate AI will have a sweeping impact on cybersecurity in 2025. But just 37% say they have processes in place to make sure their AI tools are secure before they deploy them.

This is a gap that threat actors are sure to exploit.

Leave a Reply