Navigating Cyber Complexity: Key Risks and Resilience Strategies

In 2025 Global Cybersecurity Outlook states that the cyber landscape is ever-increasingly complicated, with significant consequences for both organizations and states. This year, the report indicates that mounting geopolitical tensions, dependence on complex supply chains, and fast-tracked adoption of emergent technologies have all piled up in one direction a more uncertain and dangerous cyber-global environment. As technological advancements are being used by cybercriminals to attain more complex objectives, organizations are facing increasing challenges to comply with ever-increasing regulations. The combination of all these aspects, together with an ever-widening skills gap, not only aggravates the risks associated with cybercrime but also magnifies inequities to create glaring disparities amongst large and small enterprises, between developed and emerging economies, and across sectors.

The Growing Threat of Cybercrime: Ransomware, Fraud, and AI Risks

Ransomware continues to be the top organizational cyber risk, 45 percent of respondents citing it as their main concern. Experts predict significant innovations in ransomware attacks further compounded by the growth of Ransomware-as-a-Service commodifying cybercrime. Cyber-enabled fraud emerged as the second-highest organizational risk by 2025 besides ransomware and supply chain disruption. Identity theft is also rising rapidly, becoming the leading personal cyber risk for both the CISOs and CEOs.

Cybercriminals further enhance their attacks through the use of advanced tools such as AI, GenAI included, thus rendering phishing and social engineering campaigns very cheap to launch. Organizations notwithstanding, Euler ransomware and business email compromise attacks are getting defenses in place to thwart increasingly sophisticated fraud campaigns. CaaS-enabled cyber crime platforms have seen a rapid rise with the convergence of malefactors and those that are blatantly working without any understanding of technology to buy tools and software from these forums.

Enforcement of these platforms alongside organized crime groups is now reshaping the world of cybercrime. For one, in Southeast Asia, over 220,000 individuals are trafficked every year to work in online scam farms that amount to over $1 trillion in losses worldwide. The propensity toward extremely violent, organized cybercrime greatly expands opportunities for attacks and threatens an extremely wide array of sectors including critical services.

“As global leaders, we see cyber challenges as more than just a threat – they’re a chance to make a real difference in how we protect people and businesses. Malicious cyber activity takes a significant toll on the most vulnerable populations, so we must urgently drive ecosystem-level solutions that bring everyone together, from small local companies to big global corporations. By collaborating like never before, we can turn the tables in 2025, make systemic change and create digital defences that work for everyone.”
-Philip Reiner, Chief Executive Officer and Founder, Institute for Security and Technology

Securing Emerging Technologies: AI, Quantum, and Cyber Risks in 2025

Emerging technologies such as Artificial Intelligence (AI) and quantum computing present significant opportunities for organizations, but they also introduce considerable cybersecurity risks. AI is being quickly adopted to improve efficiencies, especially in face of widespread GenAI use. The irony, however, is that most organizations do not have secure strategies for adoption and hence fall prey to these cyber threats. A survey shows that 66% of organizations agree that AI could have a significant impact on cybersecurity, whereas 37% have an assessed process for AI tool security. Small-sized companies are at higher risk since 69% of them do not have adequate safeguards in place for the use of AI.

On the flip side, AI creates alternative paths for improving cybersecurity through threat detection mechanism enhancements, fast patching, and vulnerability management. AI may detect zero-day threats and possible breaches at the time giving these mechanisms extra punch for enhanced defense. However, quantum computing continues to exert pressure as a raging menace-most particularly through its potential to break the encryption securing every digital critical infrastructure. Though the potential of quantum computers still remains vague, companies are taking pre-emptive measures to gauge quantum risks, and some are getting ready for quantum-enabled cyberattacks, "Harvest Now, Decrypt Later." Other industry initiatives to confront these threats include the post-quantum cryptography standards. For these risks to be contained, the organization must adopt an all-encompassing cybersecurity strategy that includes quantum readiness and secure integration of AI.

“The LLMs currently in use are constitutively insecure, and the adversarial attacks and supply chain sabotage that are possible are not being addressed in a sufficiently meaningful way. Integrating these models into critical infrastructure before such attack vectors are remedied is dangerous and needs to be reevaluated.”
-Meredith Whittaker, President, Signal

Supply Chain Complexity: A Growing Cyber Risk for Organizations

The increasing complexity of global supply chains has emerged as a major cyber risk that organizations are facing, particularly large enterprises. As organizations depend more on third-party vendors, the management of supply chain vulnerabilities becomes ever more complex. In a recent survey, 54 percent of large organizations said that supply chain risks are a major impediment to achieving cyber resilience. The risks are largely linked to vulnerabilities in software and cyberattacks, such as malware distribution, that exploit weaknesses in the supply chain. In addition, ranking very high on the agenda is strengthening visibility of third-party dependencies, marked by 41 percent of cybersecurity leaders claiming that it needs to have better oversight for the sake of supply chain resilience. The risk associated with dependencies on cloud services and software-as-a-service platforms grows further, since organizations have little, if any, control over configurations. A cyberattack perpetrated on such a vendor (like ransomware) could send waves of cascading impact down to thousands of businesses relying on it. Organizations are trying to mitigate these risks by secure software development, risk assessments, and certification schemes. Increasingly, geopolitical tensions with the rising threat of nation-state-level cyberattacks highlight the need to understand the dynamics and implement effective cyber-resilience strategies. Increases in risk notwithstanding, some regulatory frameworks such as the EU Cyber Resilience Act are emerging to address such risks and improve cybersecurity as a whole.

"Building resilience is critical in today’s interconnected landscape, where supply chain complexity can create innumerable cybersecurity challenges. Smart adversaries exploit third-party vulnerabilities, making collaboration essential. By enforcing standards, leveraging threat intelligence and equipping organizations of all sizes with more effective cybersecurity solutions, we can close gaps and fortify the ecosystem to stop breaches while safeguarding business continuity and digital trust."
-George Kurtz, Founder and Chief Executive Officer, CrowdStrike

Building Cyber Resilience: Strategies, Challenges, and the Skills Gap

Cyber resilience is increasingly critical for organizations, as the complexity of cyber threats and digital dependencies grows. Between 2020 and 2024, KPMG played a catalyst role in the UK's largest overseas cyber capacity-building project to improve digital security in developing markets. The initiative helped Brazil and Nigeria, among others, by building resilience through training of government officials in cybersecurity curricula and providing assistance to companies in strengthening their defenses. These gains notwithstanding, organizations continue to face problems, especially in the management of growing complexities surrounding the cyber risks. In the most recent survey, 72 percent of the organizations reported an increase in cyber risks, where the changing landscape of threat and lack of skills in cyber were deterrent factors.

On the other hand, public-private collaboration had its place as half of the organizations identified sharing information and threat intelligence as the means of global cyber defense. The fact that organizations appear to continue to struggle in fractured pursuits and siloed responses shows the need for this unified approach across ecosystems. Another tool that has gained prominence in resilience is cyber insurance, but access to its incentives remains skewed, less available for small- to medium-sized organizations and thereby further increase in the cyber inequity. Amid all of this, there is the critical skills gap within the cyber workforce, which faces an approximate 4.8 million shortfall globally, thus making it difficult to tackle emerging threats and build resilience. Solutions exist, but these will require organizations to invest in AI skills if they are to close this existing gap and enhance the overall cyber defense.

"Technology is pervasive in all of our lives, and in the era of AI, the threat surface is expanding rapidly and creating even more need for advanced cybersecurity. It’s critical we help close the growing cyber skills gap with a focus on training, reskilling, recruiting and retaining cybersecurity talent. The technology sector has an important role to play, and Cisco is proud of our longstanding skill-to- jobs programme, Cisco Networking Academy, which works to close this gap"
 -Chuck Robbins, Chair and Chief Executive Officer, Cisco

Looking Ahead of 2025:

The 2025 report highlights that a combination of factors is contributing to the growing complexity in the cyber landscape.

• Geopolitical tensions are escalating uncertainty in the environment.
• The growing integration and reliance on intricate supply chains are creating a more unclear and unpredictable risk landscape.
• The fast-paced adoption of emerging technologies is giving rise to new vulnerabilities and threats.

The rise in international regulatory requirements adds compliance burdens, while a widening skills gap complicates effective cyber risk management. These challenges increase complexity and unpredictability in the cyber landscape, driving inequities between organizations. Larger companies, reliant on smaller suppliers, are vulnerable to cascading impacts from cyber incidents. The growing demand for specialized cybersecurity skills further exacerbates the gap, stressing already overloaded teams. A comprehensive re-evaluation of cyber strategies from a broader business risk perspective is essential.

Conclusion:

The 2025 report underscores the escalating complexity of the cyber landscape driven by geopolitical tensions, supply chain risks, emerging technologies, and regulatory burdens. Coupled with a growing skills gap, these challenges intensify vulnerabilities, particularly for smaller organizations. Addressing these issues requires a comprehensive, business-wide cybersecurity strategy to enhance resilience and close the skills gap, ensuring effective risk management.