Endnotes

1. The category of smallest organizations by annual revenue in the Global cybersecurity outlook 2024 data is <$250 million; the category of medium is between $250 million and $5.5 billion; and the category of large is > $5.5 billion.

2. World Economic Forum. (2024, January). Global cybersecurity outlook 2024. https://www3.weforum.org/docs/ WEF_Global_Cybersecurity_Outlook_2024.pdf.

3. World Economic Forum. (2024, January 10). Global risks report 2024. https://www.weforum.org/publications/ global-risks-report-2024/.

4. World Economic Forum. (2024, October). Chief risk officers outlook: October 2024. https://www.weforum.org/ publications/chief-risk-officers-outlook-october-2024/#:~:text=Chief%20risk%20officers%20are%20 most,anticipating%20volatile%20conditions%20has%20increased.

5. Ibid.

6. Fung, B. (2024). We finally know what caused the global tech outage – and how much it cost. CNN. https://edition.cnn.com/2024/07/24/tech/crowdstrike-outage-cost-cause/index.html.

7. Dor, D. (2024, October 22). We must reduce complexity to ensure strong cybersecurity. Here’s why. World Economic Forum. https://www.weforum.org/stories/2024/10/strong-cybersecurity-reduce-complexity-risk-cyber/.

8. National Cyber Security Centre. (2024, January 24).The near-term impact of AI on the cyber threat assessment. https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat.

9. Europol. (2024, April 18). International investigation disrupts phishing-as-a-service platform LabHost. https://www.europol. europa.eu/media-press/newsroom/news/international-investigation-disrupts-phishing-service-platform-labhost.

10. United Nations Office on Drugs and Crime. (2023, September). Casinos, cyber fraud, and trafficking in persons for forced criminality in Southeast Asia. https://www.unodc.org/roseap/uploads/documents/Publications/2023/TiP_ for_FC_Policy_Report.pdf.

11. BBC. (2024, August 23). China scam run from Isle of Man. https://www.bbc.com/news/articles/cz6x1ql1yelo.

12. Rogers, S. (2024, November 7). International scammers steal over $1 trillion in 12 months in global state of scams report 2024. Global Anti-Scam Alliance. https://www.gasa.org/post/global-state-of-scams-report-2024-1-trillion-stolen-in-12- months-gasa-feedzai.

13. BBC. (2024, June 14). Hospitals cyber attack impacts 800 operations. https://www.bbc.com/news/articles/cd11v377eywo.

14. United Nations Office on Drugs and Crime. (2024). Transnational organized crime and the convergence of cyber-enabled fraud, underground banking and technological innovation in Southeast Asia: A shifting threat landscape. https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_Report_2024.pdf.

15. Accenture. (2024, July 30). Beyond the illusion – unmasking the real threats of deepfakes. https://www.accenture.com/ us-en/blogs/security/beyond-illusion-unmasking-real-threats-deepfakes.

16. Antoniuk, D. (2024, April 23). Russian hackers target 20 energy facilities in Ukraine amid intense missile strikes. The Record by Recorded Future. https://therecord.media/russian-hackers-target-energy-facilities-ukraine.

17. Cybersecurity and Infrastructure Security Agency. (2024, February 23). Top cyber actions for securing water systems. https://www.cisa.gov/resources-tools/resources/top-cyber-actions-securing-water-systems.

18. CNN. (2024, October 8). American Water, the largest water utility in US, is targeted by a cyberattack. https://edition.cnn.com/2024/10/08/business/american-water-cyberattack-hnk-intl/index.html.

19. Sebouai, L. (2024, July 12). AI, cyber-attacks and amateur experiments threaten to upend global biosecurity, WHO warns. The Telegraph. https://www.telegraph.co.uk/global-health/terror-and-security/ai-cyber-attacks-and-amateurexperiments- threaten-to-upend/.

20. World Health Organization. (2024). Laboratory biosecurity guidance. https://iris.who.int/bitstream/hand le/10665/377754/9789240095113-eng.pdf?sequence=1.

21. Stawiska, Z. (2024, July 11). Biosecurity guide warns of risks from AI, cyber-attacks, and amateur experiments. Health Policy Watch. https://healthpolicy-watch.news/biosecurity-guide-warns-of-risks-from-ai-cyber-attacks-and-amateur-experiments/.

22. National Cybersecurity Center of Excellence (NCCoE). (n.d.). Cybersecurity and privacy for genomic data. National Institute of Standards and Technology (NIST). Retrieved December 5, 2024, from https://www.nccoe.nist.gov/ projects/cybersecurity-and-privacy-genomic-data.

23. Sanger, D. E., et al. (2024, November 22). Emerging details of Chinese hack leave US officials increasingly concerned. The New York Times https://www.nytimes.com/2024/11/22/us/politics/chinese-hack-telecom-white-house.html.

24. Poirier, C. (2024, October). Hacking the cosmos: Cybersecurity in space (Cyber Reports 2024, 10). Center for Security Studies, ETH Zurich. https://ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/cyberreports- 2024-10-hacking-the-cosmos.pdf.

25. Astier, H., & Kirby, P. (2024, November 19). Germany suspects sabotage over severed undersea cables in Baltic. BBC News. https://www.bbc.com/news/articles/c9dl4vxw501o. Global Cybersecurity Outlook 2025 47

26. Schwab, K. (2024, September 24). The Intelligent Age: A time for cooperation. World Economic Forum. https://www.weforum.org/stories/2024/09/the-intelligent-age-a-time-of-cooperation/.

27. World Economic Forum. (forthcoming). Artificial intelligence and cybersecurity: Balancing risks and rewards.

28. KPMG. (2024). KPMG 2024 CEO outlook. https://kpmg.com/xx/en/our-insights/value-creation/kpmg-global-ceo-outlooksurvey- 2024.html.

29. Keller, J., & Nowakowski, J. (2024). AI-powered patching: The future of automated vulnerability fixes. Google Security Engineering Technical Report. https://research.google/pubs/ai-powered-patching-the-future-of-automated-vulnerability-fixes/.

30. Sells, J., & Turan, H. (2024, March 4). Cloudflare launches AI assistant for security analytics. Cloudflare. https://blog.cloudflare.com/security-analytics-ai-assistant/.

31. Reybango. (2023, November 10). How AI can improve threat intelligence gathering and usage. Microsoft Tech Community. https://techcommunity.microsoft.com/blog/educatordeveloperblog/how-ai-can-improve-threat-intelligence-gatheringand- usage/3975449.

32. Wang, Z., et al. (2024). HoneyGPT: Breaking the trilemma in terminal honeypots with large language model. arXiv preprint arXiv:2406.01882. https://arxiv.org/pdf/2406.01882.

33. Otal, H., & Canbaz, A.M. (2024, September 15). LLM honeypot: Leveraging large language models as advanced interactive honeypot systems. arXiv. https://arxiv.org/abs/2409.08234.

34. SPHINX Project. (2020, October 7). SPHINX Toolkit components development: Artificial intelligence (AI) honeypot. https://cyberwatching.eu.

35. US Department of the Treasury. (2024). Statement on planning for opportunities and risks associated with quantum computing: G7 Cyber Expert Group. https://home.treasury.gov/system/files/136/G7-CYBER-EXPERT-GROUPSTATEMENT- PLANNING-OPPORTUNITIES-RISKS-QUANTUM-COMPUTING.pdf.

36. World Economic Forum. (2024, January 17). Quantum security for the financial sector: Informing global regulatory approaches. https://www.weforum.org/publications/quantum-security-for-the-financial-sector-informing-global-regulatory-approaches/.

37. National Institute of Standards and Technology. (2024, August 13). NIST releases first 3 finalized post-quantum encryption standards. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards.

38. A software bill of materials (SBOM) is defined by NIST as a “formal record containing the details and supply chain relationships of various components used in building software”. Software developers and vendors often create products by assembling existing open-source and commercial software components. The SBOM enumerates these components in a product.

39. Turner, T. (2024, November 21). SBOM requirements in the EU’s CRA (Cyber Resilience Act). Fossa. Dependency Heaven. https://fossa.com/blog/sbom-requirements-cra-cyber-resilience-act/.

40. Microsoft. (2024). Microsoft digital defense report 2024. https://www.microsoft.com/en-us/security/security-insider/ intelligence-reports/microsoft-digital-defense-report-2024.

41. Beato, F. (2024, November 11). Unpacking cyber resilience. World Economic Forum. https://www.weforum.org/ publications/unpacking-cyber-resilience/.

42. MunichRE. (2024, February 4). Cyber insurance: risks and trends 2024. https://www.munichre.com/en/insights/cyber/ cyber-insurance-risks-and-trends-2024.html.

43. World Economic Forum. (2024, April 29). Building a culture of cyber resilience in manufacturing. https://www.weforum.org/ publications/building-culture-of-cyber-resilience-in-manufacturing/.

44. World Economic Forum. (2024, April). Strategic cybersecurity talent framework. https://www3.weforum.org/docs/WEF_ Strategic_Cybersecurity_Talent_Framework_2024.pdf.

45. Institute for Security and Technology. (2024, October). The implications of artificial intelligence in cybersecurity: Shifting the offense–defense balance. https://securityandtechnology.org/wp-content/uploads/2024/10/The-Implications-of-Artificial- Intelligence-in-Cybersecurity.pdf.

46. Gartner. (2023, February 22). Gartner predicts nearly half of cybersecurity leaders will change jobs by 2025 [Press release]. https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaderswill- change-jobs-by-2025.

47. Proofpoint. (2024, May). 2024 Voice of the CISO. Global insights into CISO challenges, expectations and priorities. https://nationalcioreview.com/wp-content/uploads/2024/06/pfpt-us-wp-voice-of-the-CISO-report.pdf.

48. FBI San Francisco. (2024, April 4). FBI releases internet crime report. FBI. https://www.fbi.gov/contact-us/field-offices/ sanfrancisco/news/fbi-releases-internet-crime-report.