Cybercrime is escalating globally, with artificial intelligence playing a dual role—as both a defensive tool and an enabler of sophisticated attacks, according to the World Economic Forum’s Global Cybersecurity Outlook 2025. Organizations are confronting increasingly complex threats, including deepfake scams, social engineering, and a growing shortage of skilled cybersecurity professionals. n nThe frequency of cyberattacks has surged dramatically. On average, organizations faced 1,984 attacks per week in the second quarter of 2025—more than double the 818 recorded in the same period of 2021. Over the past two years alone, the global average number of weekly attacks has climbed by 58%. n nThe threat landscape is further complicated by geopolitical tensions and the expanding use of AI in malicious activities. Small businesses are especially vulnerable, with seven times more reporting inadequate cyber resilience compared to 2022. n nDespite rising threats, cybersecurity budgets are not keeping pace. Industry analyst IANS reports that budget growth has slowed from 17% in 2022 to just 4% in 2025. Coupled with a severe talent shortage, many organizations are turning to AI to strengthen their defenses. n nHowever, cybercriminals are also leveraging AI. Generative AI is being used to craft convincing phishing emails, steal identities, and exploit unknown software vulnerabilities. Anthropic, developer of the Claude AI model, revealed that hackers have “weaponized” its technology to create malicious code affecting at least 17 organizations. The AI also assisted in selecting targets and determining ransom amounts. n nHuman error remains a critical vulnerability. Scattered Spider, a hacking group linked to breaches at Allianz, Qantas, Marks & Spencer, Victoria’s Secret, and Whole Foods, excels in social engineering by impersonating employees to gain system access. Ivan John Uy, former Philippine Secretary of Information and Communications Technology, emphasized that cybersecurity is not solely a technical issue but a societal one: “Cybersecurity is not a technical skill but a life skill.” n nDeepfakes have become a key tool for fraud. In one case, AI-generated replicas of executives tricked a finance employee at British firm Arup into transferring $25 million. At Ferrari, a fake voice of CEO Benedetto Vigna nearly succeeded in a similar scam, foiled only when an employee asked a personalized question. n nIn response, Denmark became the first European country to legally protect individuals’ voices and likenesses under copyright law. n nRetailer Marks & Spencer resumed its online click-and-collect service in August after a 15-week suspension due to a ransomware attack estimated to cost $300 million annually. This highlights the need for comprehensive resilience strategies beyond technical fixes. n nGovernments are responding with stronger regulations. The EU is enforcing new digital resilience laws, including the Digital Operational Resilience Act and the AI Act. The UK plans to ban public sector ransom payments to deter hackers. Ransomware is seen as the top cyber risk by businesses, per the Forum’s report. n nAI is also being integrated into national defense. OpenAI will collaborate with the U.S. Department of Defense under a $200 million contract to enhance cyber capabilities. Microsoft is offering free cybersecurity services to European governments, and French telecom Orange is launching a new security division. n nInternational cooperation is vital. In August, INTERPOL and AFRIPOL dismantled 25 illegal cryptocurrency mining operations across 18 countries, resulting in 1,200 arrests and $97 million recovered. n nThe talent gap remains a major hurdle. Only 14% of organizations have sufficient cybersecurity expertise, with developing nations most affected. The World Economic Forum’s white paper proposes public-private partnerships, modeled on successful initiatives in healthcare and education in countries like Kenya and Saudi Arabia, to build a skilled workforce. n nRecent disruptions at major European airports—including Heathrow, Berlin, Dublin, and Brussels—due to a cyberattack on shared check-in systems underscore the need for coordinated defenses. Akshay Joshi, Head of the Centre for Cybersecurity at the World Economic Forum, stressed that resilience requires collaboration across airlines, regulators, and tech providers to maintain public trust and operational continuity. n— news from The World Economic Forum
— News Original —
Cybersecurity awareness: AI threats and cybercrime in 2025
Cybercrime continues to rise, with cybersecurity and AI increasingly linked as both a threat and a defence tool, according to the World Economic Forum’s Global Cybersecurity Outlook 2025. n nOrganizations face a complex landscape of evolving threats, from sophisticated deepfake scams and social engineering to a widening cybersecurity talent gap. n nBuilding resilience requires global collaboration and public-private partnerships, like those championed by the Forum, to address borderless cybercrime and develop skilled talent. n nCyberattacks are on a steep rise. Over the past four years, their average weekly number has more than doubled: from 818 per organization in the second quarter of 2021 to 1,984 in the same period this year. In the last two years alone, the global average number of weekly attacks encountered by organizations grew by 58%. n nAt the same time, the World Economic Forum’s Global Cybersecurity Outlook 2025 points to an increasingly complex threat landscape. From geopolitical tensions to the impact of cybersecurity and AI, businesses’ vulnerabilities are growing rapidly. Adding to this is a widening skills gap impeding their efforts to step up defences. Small businesses are particularly exposed, with seven times more organizations reporting insufficient cyber resilience than in 2022. n nAs we approach Cybersecurity Awareness Month this October, it ‘s clear that the first 10 months of 2025 have been defined by heightened cyber risks and significant challenges for the world’s largest organizations. n nHere are 10 headline events and statistics that have shaped the year so far. n n1. Cybersecurity budgets are tightening – AI steps in n nDespite the increasing number of attacks, Industry analyst IANS reports stalling budgets for cybersecurity. Growth has slowed from 17% in 2022 to just 4% in 2025, as the graph below shows, rather than increasing in line with threat levels. n nFurther complicating matters is an acute talent scarcity, making it not only hard but also expensive to recruit cybersecurity experts. The solution for many businesses is to ramp up the use of AI to bolster their cyber defences. n n2. AI agents are boosting threat levels n nThe flip side is that AI is not only used by cyber defence experts but also by threat actors. Generative AI is increasingly being employed for advanced phishing, identity theft and zero-day exploits targeting unknown security flaws, finds the Forum ‘s Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards report. n nAnthropic, creator of the Claude chatbot, warns that hackers are “weaponizing” its AI, which has been used to develop malicious code affecting at least 17 organizations. The technology also helped hackers choose targets and suggested ransom amounts. n nStolen credentials are among the most widely used ways for cybercriminals to get a foot in the door, making people the weakest link. n n3. Exploiting human trust n nThat cyber criminals can get hold of such information is not necessarily down to employees’ negligence but down to the increasing ingenuity of the perpetrators themselves. n nScattered Spider, a group of hackers believed to be behind the attacks on companies including Allianz, Quantas, Marks & Spencer (M&S), Victoria’s Secret and Whole Foods, is particularly adept at social engineering techniques. They often impersonate employees or contractors to gain access to corporate IT systems. n nThwarting such attempts is not down to the IT people alone but affects everyone, Ivan John Uy, the Philippines’ former Secretary of the Department of Information and Communications Technology, told the World Economic Forum: “Cybersecurity is not a technical skill but a life skill.” n n4. Deepfakes are now a firm part of cybercriminals’ toolkit n nDeepfakes add another level of sophistication to social engineering, as British engineering firm Arup found to its detriment earlier this year. A group of criminals used AI-generated clones of the company’s senior executives on a video call to successfully trick a finance employee into transferring $25 million. n nIn a foiled fraud attempt at Ferrari, criminals used the AI-generated voice of CEO Benedetto Vigna, convincing all but one employee, who cleverly asked a question only the real CEO could answer. n nIn the summer, Denmark became the first country in Europe to protect an individual’s right to their appearance and voice as part of an amendment to its copyright law. n n5. Marks & Spencer’s online ordering returns after 3 months n nFollowing a major ransomware attack in April, UK retail giant M&S finally resumed its click-and-collect service in August, after a 15-week suspension. The attack is estimated to have cost the retailer around $300 million in annual profits. n nThis and other incidents underline that cyber resilience is about more than just technical solutions. As the World Economic Forum’s white paper The Cyber Resilience Compass: Journeys Towards Resilience highlights, cybercrime needs to be met with comprehensive strategies. n nLoading… n n6. Cybersecurity law ramps up n nAs cybercrime grows, governments are strengthening legal frameworks to ensure cyber resilience. A series of EU digital resilience laws is coming into force this year, including the Digital Operational Resilience Act, the Cyber Resilience Act and the AI Act. The EU Council also adopted a revised cyber crisis management blueprint to support companies and reduce reliance on US cyber infrastructure. n nThe UK has announced plans to ban public sector payments for ransomware, removing hackers ‘ incentives and protecting vital services. Businesses believe ransomware poses the greatest cyber risk to their operations, according to the Forum’s Global Cybersecurity Outlook 2025. n n7. Governments draw on AI for their cyber defences n nMeanwhile, ChatGPT owner OpenAI will work with the US Department of Defense to boost its AI capabilities, including in cyber defence, as part of a $200 million contract. n nAfter a surge in cyberattacks across Europe, Microsoft has offered no-cost cybersecurity services to European governments. Meanwhile, French telco Orange announced it is creating a new defence and homeland security division to support European organizations in these areas. n n8. Cybercrime goes global n nThe series of attacks presumed to have been carried out by Scattered Spider underlines the global nature of cybercrime. To combat it, wider collaboration across geographies will be key. In August, the World Economic Forum reported on the dismantling of 25 cryptocurrency mining centres in Angola, a joint effort by INTERPOL and AFRIPOL across 18 countries, which saw 1,200 arrests and $97 million recovered. n n9. Fighting the cybersecurity talent shortage n nTalent scarcity is one of the main obstacles to organizational resilience against cybercrime. The Global Cybersecurity Outlook 2025 states that only 14% of organizations have the right talent, with developing nations hit hardest. n nIn May, the Forum’s white paper Growing Cyber Talent Through Public–Private Partnerships developed a model for partnerships among governments, firms and international organizations to address talent gaps. The suggested approach is modelled on successful PPP projects across healthcare, education and infrastructure, in markets such as Kenya and Saudi Arabia. n n10. International travel disruptions at Europe’s airports n nIn late September, several European airports, including London Heathrow, Berlin, Dublin and Brussels, were hit by a cyberattack on check-in and baggage systems. The hackers targeted an IT system that enables different airlines to use the same check-in desks, causing long queues, flight delays and cancellations. n nThis latest incident reinforces the fact that international collaboration will remain vital in the battle against cybercrime, as will fast-tracking new approaches to identifying potential vulnerabilities early, before they can be exploited. n n”The recent cyberattack on airport check-in and boarding systems across Europe is a stark reminder that cyber resilience is a shared responsibility across the entire aviation ecosystem—including airlines, service providers, technology partners and regulators,” said Akshay Joshi, Head of the Centre for Cybersecurity at the World Economic Forum. “Strengthening collaboration and preparedness at every level is essential to safeguard public trust and ensure operational continuity.”