The World Economic Forum's Global Cybersecurity Outlook 2025 reveals growing concerns over escalating cyber threats, with 72% of businesses reporting increased cyber risks and nearly half citing the malicious use of generative AI as a top concern. Fredrik Heiding of Harvard University emphasizes that AI-driven threats are accelerating, exposing the fragmented global response and lack of a universal cybersecurity strategy.

Recent high-profile incidents—like the Salt Typhoon attacks on U.S. infrastructure and Lazarus Group's $1.5 billion crypto theft—illustrate how cyberattacks have become strategic geopolitical tools. Threat actors now favor stealth tactics, including "living-off-the-land" malware.

WEF data shows:

• 60% of organizations have adjusted cybersecurity strategies due to geopolitical tensions.
• Over 40% suffered social engineering attacks in the past year.
• One in three CEOs now fears cyber espionage and IP theft.
• 45% of cyber leaders worry about operational disruption.

To address this, Harvard’s Cybersecurity Strategy Scorecard evaluated seven leading nations but found no universal model, emphasizing the need for tailored national strategies. Effective cybersecurity typically includes:

1. Infrastructure and workforce protection
2. R&D and education
3. Public-private and international cooperation
4. Clear accountability and enforcement
5. Adaptive, evolving policies

Still, challenges remain:

• Cyber talent shortage is worsening, with only 14% of organizations confident in their capabilities.
• Smaller organizations lag in cyber resilience.
• Most national strategies lack enforceable outcomes and quantified risk models.
• Global compliance complexity adds significant burden to businesses.

Regulatory and incentive efforts are emerging (e.g., EU Cyber Resilience Act, U.S. Cybersecurity Apprenticeship Program), but Heiding warns that the window for reactive policy-making is closing. He stresses the need to treat cybersecurity as a strategic business enabler, not just a compliance burden.

Finally, AI and quantum computing are amplifying threats, enabling automated spear phishing, deepfakes, and encryption-breaking. Heiding and colleague Alex O’Neill caution that human vulnerability to social engineering can’t be patched, urging proactive measures before AI-enhanced attacks become unmanageable.

‍

Source: https://industrialcyber.co/critical-infrastructure/ai-powered-threats-cyber-workforce-gaps-policy-crisis-undermine-global-security/