2025年全球网络安全展望

Global CybersecurityOutlook 2025 I N S I G H TR E P O R TJ A N U A R Y2 0 2 5 Contents Foreword3 Executive summary4 1 Understanding complexity in cyberspace8 2 Decoding complexity11 3 Navigating complexity in cyberspace40 3.1 Introducing the economics of cybersecurity40 Conclusion42 Appendix: Methodology43 Contributors44 Endnotes47 Disclaimer This document is published by theWorld Economic Forum as a contributionto a project, insight area or interaction.The findings, interpretations andconclusions expressed herein are a resultof a collaborative process facilitated andendorsed by the World Economic Forumbut whose results do not necessarilyrepresent the views of the World EconomicForum, nor the entirety of its Members,Partners or other stakeholders. ©2025 World Economic Forum. All rightsreserved. No part of this publication maybe reproduced or transmitted in any formor by any means, including photocopyingand recording, or by any informationstorage and retrieval system. Foreword Paolo Dal CinGlobal Security Lead,Accenture Jeremy JurgensManaging Director,World Economic Forum Following decades of relative stability, the worldtoday is marked by increased geopolitical conflicts.The fallout of this turbulence in the digital realm –the growing prowess of cybercriminals, rapidadvances in emerging technologies and wideningcyber capabilities – have led to a cyberspace thatis more complex than ever before. Against thisbackdrop, theGlobal Cybersecurity Outlookservesas an indispensable tool to help leaders navigatesuch complexity and identify essential actions tobuild resilient ecosystems. is resulting in systemic points of failure withsignificant consequences for the overall resilienceof the ecosystem. The transformative potential of AI technologiespresents both unprecedented risks and unmatchedopportunities for cybersecurity. As organizationsrace to adopt AI, cybercriminals are moving atbreakneck speed to exploit vulnerabilities whileenhancing the efficacy of their methods. Cyberdefenders, too, are leaving no stone unturned inharnessing the potential of these technologies toshift the balance in this growing AI arms race. Last year’s report brought to the fore the prevailinginequity between the cyber haves and have-nots. Despite increased executive awareness ofcybersecurity risks, the complexity in cyberspaceis further exacerbating cyber inequity as resilientorganizations pull ahead, while others strugglewith limited resources. Amid increasinglyinterdependent supply chains, this cyber inequity Looking to the future, the level of complexity showsno signs of abating. In a borderless cyberspace,greater collaboration between actors in the publicand private sectors is crucial for safeguardingthe benefits of digitalization for all. This is a call toaction, and the time to act is now. Executive summary In a complex cyberspace characterized bygeopolitical uncertainties, widening cyberinequity and sophisticated cyberthreats,leaders must adopt a security-first mindset. While the 2024 edition of the Global CybersecurityOutlook highlighted the growing inequity incyberspace, this year’s report shines a light onthe increasing complexity of the cyber landscape,which has profound and far-reaching implicationsfor organizations and nations. –The rapid adoption of emerging technologiesis contributing to new vulnerabilities ascybercriminals harness them effectively toachieve greater sophistication and scale. –Simultaneously, the proliferation of regulatoryrequirements around the world is adding asignificant compliance burden for organizations. This complexity is driven by a series ofcompounding factors: All of these challenges are exacerbated by awidening skills gap, making it extremely challengingto manage cyber risks effectively. –Escalating geopolitical tensions are contributingto a more uncertain environment. –Increased integration of and dependence onmore complex supply chains is leading to amore opaque and unpredictable risk landscape. The growing complexity of cyberspace isexacerbating cyber inequity, widening the gapbetween large and small organizations, deepeningthe divide between developed and emergingeconomies, and expanding sectoral disparities.1 Some35%of small organizations believe theircyber resilience is inadequate, a proportion thathas increased sevenfold since 2022. By contrast,the share of large organizations reporting insufficientcyber resilience has nearly halved. Organizations reporting insufficient cyber resilience Smaller organizations are struggling to ensure cyberresilience, while larger organizations show steady progress 71% of cyber leaders atthe Annual Meeting onCybersecurity 2024 believethat small organizations havealready reached a criticaltipping point where they canno longer adequately securethemselves against the growingcomplexity of cyber risks This disparity in cyber resilience is furtherhighlighted by regional differences in preparedness:while only15%of respondents i