Cyber inequity has widened in the past year amid increasing complexities in cyberspace and geopolitical uncertainties, to the World Economic Forum (WEF)’s Global Cybersecurity Outlook 2025 has found.
The WEF found that there is substantial disparity in the capabilities of different businesses, sectors and regions to effectively respond to cyber-attacks.
There is a considerable gap between large and small organizations’ cybersecurity capabilities, the report, which was published on January 13, 2025, found.
Over a third (35%) of small organizations believe their cyber resilience is inadequate, a proportion that has risen seven-fold since 2022. In contrast, the share of large organizations reporting insufficient cyber resilience has nearly halved.
Regarding regional disparities, 36% of respondents to the WEF study in Africa and 42% in Latin America lacked confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure.
In Europe and North America, just 15% said they lacked such confidence.
The WEF report also found that the public sector is significantly less prepared to deal with cyber-incidents compared to private sector counterparts.
The WEF found 38% of public sector respondents reported insufficient resilience, compared to just 10% of medium-to-large private sector organizations.
This inequity extended to the cyber workforce, with 49% of public-sector organizations indicating they lack the necessary talent to meet their cybersecurity goals, a 33% increase from 2024.
Complex Cybersecurity Landscape Drives Inequity
The WEF researchers said cyber inequity has been driven by increasing complexity in the cybersecurity landscape, which has added to costs and skills organizations require to be cyber resilient.
The WEF noted that this complex environment shows no signs of abating.
Primary factors driving cybersecurity complexity are:
Escalating Geopolitical Tensions
Nearly 60% of organizations stated that geopolitical tensions have affected their cybersecurity strategy.
The top cyber risk in relation to geopolitical tensions according to CEOs was cyber espionage and loss of sensitive information or IP (33%). According to CISOs, the top risk was disruption of operations (45%).
Increased Integration of and Dependence on Supply Chains
Over half (54%) of large organizations identified supply chain challenges as the biggest barrier to achieving cyber resilience.
This has been driven by the expanding complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers.
Rapid Adoption of AI
Managing vulnerabilities and risks from the rapid adoption of AI has become a major challenge.
Just 37% reported having a process in place to assess the security of AI tools prior to deployment, increasing the cybersecurity risks and vulnerabilities from using this technology in the workplace.
Additionally, 47% of organizations cited adversarial advances powered by GenAI as their primary concern relating to AI, as this enables more sophisticated and scalable attacks.
Proliferation of Regulatory Requirements
The proliferation and disharmony of surging global cybersecurity regulations has become a significant challenge. More than 76% of CISOs at the WEF’s Annual Meeting on Cybersecurity in November 2024 reported that fragmentation of regulations across jurisdictions greatly affects their organizations’ ability to maintain compliance.
Cyber Talent Shortage
The report found that the cyber skills gap rose by 8% since its 2024 report. Two out of three organizations reported a moderate-to-critical skills gaps, including a lack of essential talent and skills to meet their security requirements.