No one can deny the potential of Egypt’s ICT sector. In the fiscal year (FY) 2023/2024, it grew 14.4%, making it the country’s fastest-growing industry for six consecutive years. That year, it accounted for 5.8% of GDP, up from 5% in FY 2022/2023. By 2030, it is expected to reach 8% of GDP, according to the Information Technology Industry Development Authority.
Fast-paced digital transformation requires continually evolving protections from cybercriminals. “Organizations are testing or adopting … technologies to drive efficiencies and gain a competitive advantage, [yet] they do not always design strategies and processes for secure implementation,” said the Global Cybersecurity Outlook 2025 report published by the World Economic Forum (WEF) in January.
Designing and implementing such defense systems can be increasingly difficult. “The fallout [from] geopolitical conflict, … growing prowess of cybercriminals, rapid advances in emerging technologies and widening cyber capabilities have led to a cyberspace that is more complex than ever,” Jeremy Jurgens, WEF’s managing director, said in the report. “The time to act is now [to] safeguard the benefits of digitalization for all.”
Digital crime
According to the WEF report, ransomware that cybercriminals use to block system access until owners pay to regain their data is the biggest risk. The survey accompanying the report found 45% of respondents ranked it as a top concern.
That is more than for the following three cyber risks combined: cyber-enabled fraud, such as phishing and business email (20%), supply chain disruption (17%) and malicious insiders (7%). Disinformation and crashing servers and websites ranked at the bottom (6% for each).
Chief information security officers (CISOs) are significantly more concerned about ransomware attacks than CEOs (57% versus 30%). Conversely, CEOs are considerably more worried than CISOs about “cyber-enabled fraud” (28% versus 7%) and disinformation (11% versus 2%).
Both are comparably worried about malicious insiders (8% for CEOs versus 7% for CISOs) and “supply chain disruptions” (22% for CISOs versus 20% for CEOs).
The report noted that cybercriminal priorities last year were identity theft and compromising personal data. In 2023 and 2024, the percentage of CEOs and CISOs worried about cyber attacks targeting “identity theft” grew from 11% to 35%, while fears about compromised personal data increased from 9% to 20%.
In return, CEOs and CISOs were less concerned about loss of access to utilities (35% to 24% from 2023 to 2024) and cyber extortion (46% to 20%).
Looking ahead, CEOs and CISOs’ worries should increase with the rise of cybercrime-as-a-service (CaaS), where cybercriminals offer their skills to others for a fee. In 2025, it will be a “dominant and rapidly evolving business model in the criminal landscape,” WEF said. “These platforms present a challenge as they remove the barriers for entry into cybercriminal activities.”
Increased CaaS activity facilitates “convergence of cybercrime and organized crime groups” as opportunities for malicious activity increase from the rapid digitization of companies and government operations. The “interaction of organized cybercrime with organized violent crime groups is changing the nature of cybercrime and greatly increasing its social impact.” WEF noted, “Scammers have siphoned away more than $1 trillion globally in [2023], costing certain countries losses of more than 3% of their GDPs.”
Growing complexity
One factor complicating the global cybersecurity landscape is the widening “cyber skills gap” between companies. From 2022 to 2025, the percentage of surveyed small companies that said they were “struggling to ensure cyber resilience” grew from 8% to 35%.
Moreover, “71% of cyber leaders … believe small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks.”
Conversely, the percentage of surveyed large and medium companies saying they were not resilient enough against cybercriminals dropped from 13% in 2022 to 7% in 2025. The report noted the public sector was disproportionately unprepared for cybercrime, with 38% of respondents reporting insufficient resilience compared to just 10% of medium-to-large private sector organizations.
The disparity in cyber skills is evident across regions. The WEF survey found that experts perceive the Middle East as the best-prepared region in the world for cyberattacks. Over 74% of respondents said they are “very confident” or “confident” the countries in which their organizations are based are “well prepared to respond to major cyber incidents targeting critical infrastructure.”
North America follows with 65%. Next are Oceania (which includes Australia and 13 island nations to its north and east) and Europe, each with 50% of respondents indicating they are “confident” or “very confident.” Oceania fares slightly better, with the other 50% of respondents saying they are “neutral,” compared to 15% of surveyed businesses in Europe stating they are “not confident.”
Africa lags significantly, with 38% of surveyed respondents saying they are “not confident” in their respective country’s cyber resilience, compared to 36% who are either “confident” or “very confident.”
External drivers
The WEF report says cross-border supply chains are a significant reason why cyberattacks are increasing in number and severity. “Of large corporations, 54% identified supply chain challenges as the biggest barrier to achieving cyber resilience.”
“The increasing complexity of supply chains, coupled with a lack of visibility and oversight … of suppliers has emerged as the leading cybersecurity risk.” Top concerns involve “software vulnerabilities introduced by third parties and propagation of cyberattacks throughout the ecosystem.”
Another emerging external factor fueling cybercrime is “geopolitical tension,” the report said, with nearly 60% of organizations saying it affected their cybersecurity strategies.
CEOs and CISOs worry political conflict could fuel state-sponsored cyberattacks on “enemy” countries’ utilities and infrastructure (32% and 45%, respectively). Their second biggest concern is cyber espionage and loss of sensitive information” or intellectual property, with 33% and 27%, respectively.
Conversely, less than 10% of CEOs and CISOs are worried geopolitical instability could “increase costs for cybersecurity measures and incident response [and] disinformation campaigns.”
New entrants
Artificial intelligence (AI) and Generative AI (GenAI), commercialized in 2022 with the introduction of the free ChatGPT chatbot, are “reshaping the cybercrime landscape by enabling criminals to refine their methods and automate and personalize their techniques,” the WEF report said.
“Cybercriminals are using GenAI to convincingly replicate the communication styles of an organization’s senior leadership.” The technology is equally effective across languages, “helping threat actors target a greater number of people in more countries at a lower cost.”
GenAI also could create fake videos of company executives (deepfakes) to “defraud organizations or help attackers gain access to … IT systems,” the report said. “Research has noted a 223% rise in the trade of deepfake-related tools on dark web forums between Q1 2023 and Q1 2024.” The WEF noted “deepfakes pose a moderate-to-significant cyber threat to [an] organization.”
The report said 47% of surveyed companies were most worried about cybercriminals using AI in “phishing, malware development [and] deepfakes.” The second biggest concern is “data leaks, [including] exposure of personal data through GenAI.”
The other big concerns are “software supply chain risks, AI system security, [and] legal concerns [over illegal usage of] intellectual property” (17%) and the increased complexity of developing security governance (14%).
The proverbial “elephant in the room” is that GenAI “lowers the barriers to entry into the cybercrime arena in terms of cost and required expertise,” the WEF report warned. “[It] is expected to streamline the process from the exploitation of vulnerabilities to the deployment of malware, scaling up operations that were previously reliant solely on human capabilities.”
The report also warned about what might come after GenAI. “Quantum computing advances … accelerate the emergency of security risks, particularly the potential to break public-key encryption, which is vital for securing digital systems such as online banking and government communications,” the WEF said. “While the timeline for quantum computing’s full potential remains uncertain, the associated quantum security risks are already at play.”
Government protection
The WEF report warned government regulation has pros and cons for cybersecurity. “Regulation serves as an important driver of cyber resilience, with 78% of CISOs and 87% of CEOs surveyed [saying] implementing new cyber-related regulations … improves their organization’s security posture and mitigates cyber risks.”
Surveyed CISOs noted that regulations can be most effective when dealing “with systemic ecosystem risk.” They “impose minimum requirements on the cybersecurity of organizations.” That ultimately reflects positively on ” increased customer trust.”
However, the downside of regulations is they complicate the business environment for corporations. “Two-thirds of respondents … indicated that proliferation of cyber regulations worldwide adds significant complexity.” Meanwhile, “69% of … respondents find regulations too complex or too numerous, or have difficulty verifying whether third-party suppliers are compliant.”
Having “regulated and unregulated sectors further complicates resilience as industries with weaker oversight become conduits for attacks on more fortified entities,” the report noted.
Multinationals face additional “challenges, such as managing overlapping requirements, achieving compliance in multiple jurisdictions and addressing varied enforcement timelines,” the report said. “Businesses have to navigate an increasingly fragmented landscape of regional and global compliance requirements.”
In coming years, divergence and the number of regulations will only increase, raising cyber protection complexity for companies. “As regulatory pressure increases, there are concerns the overwhelming number of updated or newly introduced regulations will lead to regulatory fatigue among companies.”
Ultimately, managing a “regulatory jigsaw puzzle” means companies would be more focused on compliance than “developing customized, risk-based strategies” to improve their defenses, the report explained.
It stressed the way forward is for “public-private cooperation to enable global regulatory harmonization and alignment and ensure the applicability of cybersecurity throughout diverse regions.” That should “promote consistency while allowing for flexibility to adapt to emerging threats and technologies.”
Building protection
The WEF report stressed the inevitability of continually spending more on beefing up cybersecurity.
“Cyber insurance … is one important tool among the portfolio of risk-management strategies … organizations can employ.” The WEF expects it to grow from $14 billion globally in 2023 to $29 billion in 2027. “Cyber insurance appears to benefit larger organizations more than small [firms], likely because they are better able to afford it,” the report stressed.
Companies also must spend more “incentives [for employees] to encourage the reporting of cybersecurity threats and incidents,” the WEF said.
It noted the best ways to cultivate a “cyberthreat aware” corporate culture are through training, dedicated or support teams for reporting breaches, establishment of “anonymous reporting channels” and a “non-punitive policy” for those who report such attacks.
Less effective approaches are “recognition and reward programs” for those who report threats and “including security incident reports as a positive metric in employee performance evaluations.”
Ultimately, top executives’ mindsets are “the critical barrier to adequate investment in cybersecurity.” Changing them could be challenging, as it is still hard to “effectively quantify cyber risk due to the constantly evolving threat landscape as well as the complexity of estimating the potential impact of cyber incidents,” the report said. “Articulating cyber risk in financial terms is essential for organizations to allocate resources effectively and build resilience.”
This story first appeared in March’s print edition of Business Monthly.
