How geopolitics, new tech will shape cyber threats

Cybersecurity threats remain top concern for organisations.

Photo credit: Fotosearch

Supply chain vulnerabilities powered by rising geopolitical turmoil as well as new-age tech concepts such as Artificial Intelligence (AI), are among factors set to present fresh complexities in policing global cyber space and waylaying threats this year, a new report shows.

The Global Cybersecurity Outlook 2025 published by the World Economic Forum (WEF) says escalating geopolitical tensions are contributing to a more uncertain environment and affecting perception of risks, with increased integration of and dependence on more complex supply chains leading to a more opaque and unpredictable risk landscape.

Further, the report notes, rapid adoption of emerging technologies are contributing to new vulnerabilities as cybercriminals harness them effectively to achieve greater sophistication and scale, with WEF noting that proliferation of regulatory requirements around the world is adding an extracompliance onus on organisations.

“Cybersecurity is entering an era of unprecedented complexity. Geopolitical tensions are intensifying, new technologies are emerging at a breakneck speed and threats are evolving into ever more sophisticated attack vectors,” reads the report.

“At the same time, expanding regulatory demands, vulnerabilities in interwoven supply chains and a widening cyber skills gap are compounding the challenges organisations face in staying secure. The stakes have never been higher.”

In a survey that sampled chief information security officers (CISOs) and chief executive officers (CEOs) of top global firms, nearly 60 percent of organisations said geopolitical tensions have affected their cybersecurity strategies, while 54 percent identified supply chain challenges as the biggest barrier to achieving cyber resilience.

“One in three CEOs cited cyber espionage and loss of sensitive information/intellectual property (IP) theft as their top concern, while 45 percent of cyber leaders are concerned about disruption of operations and business processes,” wrote WEF.

“Other key concerns include software vulnerabilities introduced by third parties and propagation of cyberattacks throughout the ecosystem.”

Ransomware remains the top organisational cyber risk with 45 percent of respondents ranking it as a top concern, followed by cyber-enabled fraud which is in turn trailed by identity theft.

The report says while 66 percent of organisations expect AI to have the most significant impact on cybersecurity during the year, only 37 percent report having processes in place to assess safety of AI tools before use.

“This reveals the paradox of the gap between the recognition of AI-driven cybersecurity risks and the rapid implementation of AI without the necessary security safeguards to ensure cyber resilience,” notes the report.

Some 72 percent of respondents reported an increase in organisational cyber risks, with ransomware remaining a top concern as 47 percent others cited adversarial advances powered by generative AI (GenAI) as their primary concern.

According to the report, regulations are increasingly seen as an important factor for improving baseline cybersecurity posture and building trust, but their proliferation and disharmony is creating major challenges for organisations, with over 76 percent of CISOs reporting that fragmentation of regulations across jurisdictions greatly affects their organisations’ ability to maintain compliance.

The analysts at WEF note that the combination of the cited factors is driving an increasing complexity in the cyber landscape, giving rise to inequity throughout the cyber ecosystem and ultimately undermining resilience by creating a divide between those organisations that have the resources to adapt and those without.

This, the report notes, impacts resilience of the ecosystem in the sense that many larger and more mature organisations typically depend on extensive networks of smaller, often less-mature suppliers, and any incident affecting them could also impact the entire supply chain.

In October last year, the Communications Authority of Kenya (CA) issued a report warning of what it termed proliferation of AI-enabled cyberattacks, even as the overall threats targeting Kenyan organisations and institutions dipped 41.9 percent during the three months ended September 2024.

“Cybercriminals are increasingly using AI-enabled attacks to enhance the efficiency and magnitude of their operations. They leverage AI and machine learning to automate the creation of phishing emails and other types of social engineering,” noted CA Director General David Mugonyi in a report.

“Further, they are increasingly targeting system misconfigurations to exploit security weaknesses. These include open ports, insufficient access controls, amongst others, enabling cybercriminals to gain unauthorised access to systems, steal sensitive data or even deploy malware,” he added.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.