Cybersecurity is entering an era of unprecedented complexity. Geopolitical tensions are intensifying, new technologies are emerging at breakneck speed and threats are evolving into ever more sophisticated attack vectors. At the same time, expanding regulatory demands, vulnerabilities in interwoven supply chains and a widening cyber skills gap are compounding the challenges organizations face in staying secure. The stakes have never been higher. The Global Cybersecurity Outlook 2024 revealed significant cyber inequity, exposing stark disparities in resilience between small and large organizations.2 The World Economic Forum’s Global Risks Report 2024 found that cyber insecurity is a global risk over multiple time horizons, with cyber risks such as malware, deepfakes and misinformation threatening supply chains, financial stability and democratic systems.3 Additionally, the Chief Risk Officers Outlook from October 2024 ranked cyber risk among the top three threats severely affecting organizations.4 A striking 71% of chief risk officers anticipated severe organizational disruptions due to cyber risks and criminal activity.5In 2024 the world witnessed the largest IT outage in history, disrupting airlines, banks, broadcasters, healthcare providers, retail payment systems and ATMs globally and causing an estimated $5 billion in losses.6 This incident underscored the vulnerabilities stemming from dependence on a limited number of critical providers. Cyberthreats continued to escalate, with 72% of respondents to the Global Cybersecurity Outlook (GCO) survey (see Appendix: Methodology) reporting a rise in cyber risks. The survey further revealed that cybercrime grew in both frequency and sophistication, marked by ransomware attacks, AI-enhanced tactics – such as phishing, vishing and deepfakes – and a notable increase in supply chain attacks.1.1 Major disparities and disruptions The 2025 report finds that a series of compounding factors are driving an escalating complexity in the cyber landscape: –Geopolitical tensions are contributing to a more uncertain environment. –Increased integration and dependence on more complex supply chains are leading to a more opaque and unpredictable risk landscape. –The rapid adoption of emerging technologies is contributing to new vulnerabilities and new threats. Meanwhile, the proliferation of international regulatory requirements adds an additional compliance burden for organizations. All of these challenges are compounded by a widening skills gap, further complicating the ability to manage cyber risks effectively. Together, these factors drive increasing complexity and unpredictability in the cyber landscape, which affects organizations in many ways. First, it drives inequity throughout the cyber ecosystem, undermining resilience by creating a divide between those organizations that have the resources to adapt and those that do not and subsequently fall behind. This affects the resilience of the ecosystem, because many larger and more mature organizations typically depend on extensive networks of smaller, often less-mature suppliers, and any incident affecting them could also impact the entire supply chain. Second, it drives greater demand for more specialist skills in cybersecurity, further exacerbating the skills gap. Keeping up with technological advances requires more specific skills that are in greater demand in the cyber skills market. At the same time, complexity puts increasing pressure on often already stretched cybersecurity teams. These challenges demand a comprehensive re- evaluation of cyber strategies at the organizational and ecosystem level to address the complexity that has become inherent in the cyber landscape.7 A broader understanding of cyber risk is necessary that goes beyond mere “IT” and considers cyber from an overall business risk perspective.1.2 The challenge for the year ahead72% of GCO survey respondents reported a rise in cyber risks. Global Cybersecurity Outlook 2025 9