Skip to content

Insights from the World Economic Forum's Global Cybersecurity Outlook 2025 report

The Global Cybersecurity Outlook 20251, published by the World Economic Forum in collaboration with Accenture, highlights a widening gap in cyber resilience between SMEs and larger organizations.

  • Only 14% of organizations are confident they have the necessary people and skills to address cybersecurity challenges effectively.
  • Many SMEs lack the resources for robust cybersecurity, often relying on basic tools that leave them particularly vulnerable, especially within interconnected supply chains.
  • While 78% of private sector leaders believe that cyber and privacy regulations help reduce risk, 69% find these regulations overly complex or struggle with ensuring third-party compliance.

Main Organizational Challenges to Cyber Resilience for SMEs

Small and medium-sized enterprises (SMEs) face three primary challenges in achieving cyber resilience. The evolving threat landscape is growing more complex, requiring a level of adaptability that many SMEs struggle to achieve. Additionally, the ongoing skills shortage leaves organizations without the talent needed to manage these risks effectively. Finally, a lack of incident response preparedness leaves SMEs particularly vulnerable when breaches occur, further widening the gap between small businesses and larger organizations.

Cyber Resilience Gap

The gap in cyber resilience between small and large organizations continues to widen. A staggering 35% of small organizations report insufficient cyber resilience, a sevenfold (7x !) increase since 2022. In contrast, larger organizations have made significant progress, halving their reports of insufficient resilience. This disparity has reached a critical point, with 71% of cyber leaders agreeing that SMEs are increasingly unable to protect themselves from escalating risks. Larger organizations, more likely to implement advanced security measures like AI safeguards, are encouraged to support SMEs to strengthen the resilience of the entire ecosystem.

Adoption of Cybersecurity Measures

SMEs often lack the resources to build robust cybersecurity infrastructure, leaving them reliant on basic tools and practices. This dependence significantly increases their vulnerability, especially in interconnected supply chains, where attacks on smaller entities can propagate across entire ecosystems.

AI Deployment and Risks

While 66% of organizations recognize the transformative potential of AI in cybersecurity, only 37% have implemented processes to assess AI tools' security before deployment. For SMEs, the challenge is even greater: 69% lack the necessary safeguards for secure AI deployment. This gap exposes smaller organizations to heightened risks from insecure AI models, further complicating their cybersecurity posture.

Supply Chain Vulnerabilities

SMEs often form critical links in larger supply chains but typically lack the security maturity to address the risks inherent in such interdependencies. Key vulnerabilities include software flaws introduced by third parties and the potential for cyberattacks to spread across the entire ecosystem. These weaknesses not only threaten SMEs but also pose risks to the broader networks they are part of.

Inequity in Cyber Resources

Since 2024, the cyber skills gap has widened by 8%, leaving two-thirds of organizations facing moderate-to-critical shortages of essential talent. Only 14% of organizations feel confident in their current cybersecurity capabilities. SMEs, in particular, struggle with limited financial resources, infrastructure, and access to skilled professionals, making it challenging to build a strong security foundation. This inequity in resources and workforce disproportionately affects SMEs, hindering their ability to respond to evolving threats effectively.

Regulatory Requirements

While 78% of private sector leaders agree that cyber and privacy regulations effectively reduce risk, 69% report that these regulations are overly complex or difficult to implement. Verifying third-party compliance is another common challenge. The European Union's NIS2 Directive aims to address these issues by raising cybersecurity standards, requiring enhanced incident reporting, stricter supply chain oversight, and increased accountability for boards of directors. However, for SMEs, navigating these regulatory complexities remains a significant hurdle.

  1. World Economic Forum and Accenture, Global Cybersecurity Outlook 2025, January 2025. Available at: reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf