CISO reflections on the global cybersecurity outlook 2025

One of the best parts of my job is meeting and talking with other cyber leaders. I had the opportunity to do this virtually during an Accenture Cybersecurity Forum in January and was delighted to be a guest speaker at a Chicago CISO Dinner hosted by the CyberRisk Collaborative in March. In both sessions, we talked about cybersecurity trends highlighted in the World Economic Forum's Global Cybersecurity Outlook 2025, written in collaboration with Accenture.

The report explores major findings and puts a spotlight on the complexity of the cybersecurity landscape, which is intensified by geopolitical tensions, emerging technologies, supply chain interdependencies, skills gaps, and cybercrime sophistication.

It’s valuable to draw on an extensive report like this as it helps bring into focus a broad landscape and gives cyber leaders the opportunity to zero in on the top threats to their organizations. I wanted to share three areas rising in priority from my recent discussions with CISOs as we all strategize as to how to address top threats and strengthen cyber resilience in an unprecedented environment. 

AI and emerging technologies

The increasing complexity of AI and emerging technologies is creating new vulnerabilities that organizations need to address. Most concerning is generative AI’s improvement of offensive weapons, such as phishing, malware, and deepfakes. Concerns around data leaks of personal information are also high as are concerns around model poisoning.

At the same time, organizations are increasing their AI adoption, but the necessary security safeguards are not keeping pace. To close this gap, CISOs are discussing steps they can take, such as integrating AI with existing security frameworks and refining processes. Deepfakes can be addressed with controls and training and with the implementation of detection tools as they become available.

Defensively, AI shows promise for email security by removing phishing emails and automating the finding and reporting of threats. It also shows promise for performing code analysis, vulnerability analysis, and attack simulation for proactive insights. CISOs are also discussing promising new tools for device coverage and pen testing, plus advanced identity and access management solutions and how to keep AI agents secure.

Supply chain security

The growing complexity of supply chains and the limited control organizations have over them has become a primary concern for executives. CISOs recognize the widening gap in cybersecurity maturity between larger organizations and smaller to medium-sized enterprises. This difference can lead to risks in the supply chain where bigger companies rely on smaller, less diverse suppliers who struggle to meet cybersecurity standards.

CISOs see a need for standardized risk profiling to streamline due diligence processes for suppliers, potentially through an ISO standard or a similar framework. There is also a strong call for better collaboration between organizations to improve supply chain security and to reduce systemic risks. Additionally, some CISOs are recommending reducing their supplier base, but this trend could introduce new concentration risks, making the supply chain more vulnerable to disruptions. Others are interested in directly aiding their suppliers to become more cyber resilient. And given increasing reliance on SaaS, there is some discussion about “mega” cyber resilience, as many companies run core parts of their enterprise on SaaS. What happens when a major SaaS provider goes offline unexpectedly?

Geopolitical tensions

Geopolitical tensions contribute to a more uncertain environment. These tensions also affect the perception of risks, with one in three CEOs from the report citing cyber espionage and loss of sensitive information and intellectual property as their top concern. Other leaders are concerned about disruption to operations and business processes.

CISOs see the need for a complete and proactive approach to reduce the challenges caused by the link between geopolitics and cybercrime. The interdependencies between industry sectors mean that an attack on one can have cascading effects on others. A comprehensive approach would help make organizations’ value chains strong and secure. Integrating cybersecurity into broader business strategies and risk management frameworks is crucial. Also important is internal storytelling to raise awareness of geopolitical threats and scenario planning.

Navigating growing cyber complexity

Threat actors continue to target organizations and in more sophisticated ways. It means organizations need to develop adaptable strategies that contribute to uplifting their own organizational resilience but also that of the wider ecosystem that their own resilience depends on. Cyber resilience must also be recognized as a collective responsibility, with organizations of all sizes working together to fortify the interconnected networks that underpin the digital economy.

For a deeper dive into the report’s findings, read the World Economic Forum's Global Cybersecurity Outlook 2025.