In today’s hyperconnected world, cybersecurity has become a central pillar of resilience, economic stability, sovereignty and national security. The rise of increasingly sophisticated attacks — coupled with mounting geopolitical tensions — demands a fundamental shift in strategy: cybersecurity must be treated as a critical component of both national defence and global stability.

Nonetheless, this shift did not occur overnight, but accelerated over the past two decades. While the early 2000s saw the rise of the internet and initial cyber threats, a turning point emerged in the late 2000s and early 2010s, as attacks grew more organised and strategic, coinciding with the deeper digitisation of business and Government systems. By the mid-2010s, large-scale incidents exposed the systemic nature of cyber risk, disrupting critical infrastructure and global supply chains.

In the 2020s, interconnected digital ecosystems, artificial intelligence (AI) and mounting systemic pressures,  including geopolitical tensions, natural disasters, and post-pandemic economic shifts, have profoundly redefined the landscape, making cyber risk pervasive, scalable and central to economic and societal stability.

Evidently, cyberattacks have been around for decades, so why are they now a central economic and national security priority?

Last week, at the World Economic Forum's Annual Meeting on Cybersecurity 2026, a flagship event during the Geneva Cyber Week, global leaders convened to examine this transformation and what it means for the future of economies, societies and global cooperation. Here are some of the main takeaways from that event

From technical to systemic economic threat

Cybersecurity is increasingly visible in economic outcomes. The ability to understand the strategic and economic impact of cyber incidents has validated it as a major systemic economic threat.

In 2025, a major cyber-attack forced a prolonged shutdown of UK’s automotive production, disrupting operations across a wide supplier network. The incident was cited as a contributor to weaker national gross domestic product growth, with an estimated economic impact of around Pounds 1.9 billion, affecting thousands of organisations.

Cyber incidents are driving up insurance and compliance costs and recovery expenditures, while disrupting operations, eroding customer trust and, in some cases, threatening the solvency of businesses, particularly small- and medium-sized enterprises.

At the national level, weak cyber resilience can deter foreign investment, undermine innovation ecosystems and erode competitiveness in critical industries. As economies become more digital and interconnected, cybersecurity is emerging as a foundational pillar of economic security.

Crucially, leaders emphasised that cyber risk only becomes a sustained priority when its financial impact is clearly understood. This is driving demand for more robust risk quantification models and consolidated economic evidence to better inform decision-making and mobilise investment.

From compliance to measurable resilience

In response, organisations are shifting away from compliance-driven approaches towards measurable resilience. The focus is moving to how quickly systems can recover, how much loss can be avoided, and how effectively operations can continue under stress.

This shift is reshaping investment priorities. Rather than expanding toolsets, leaders are concentrating on high-impact capabilities, improving the visibility of critical assets and dependencies, strengthening incident response readiness, and enabling rapid recovery.

Cyber resilience is also being reframed as an enterprise-wide capability. It requires the integration of technology with governance, workforce readiness and trusted partnerships. Correspondingly, chief information security officers are playing a central role in driving this transformation, bridging technical execution with business strategy and board-level priorities.

From siloed to systemic defence

As digital supply chains grow more complex and concentrated, cyber risk is becoming increasingly systemic. A disruption at a single node can cascade across industries and borders, exposing the limits of isolated, organisation-centric defences. At the same time, the rise of cyber-enabled fraud and scams (now among the most pervasive and underreported forms of cybercrime) underscores how threats are no longer confined to enterprises but directly affect individuals, communities and economies at scale. These attacks exploit gaps across platforms, jurisdictions and user awareness, highlighting the need for prevention, public awareness and victim support alongside traditional security measures.

Addressing this shift requires moving from reactive response to a coordinated system-wide approach that reduces risk at its source. Rather than relying on organisations or individuals to respond after attacks occur, leaders emphasised making it harder for criminals to establish and scale fraudulent operations in the first place. This must be complemented by stronger protections embedded into everyday digital services to detect and block threats earlier, alongside greater public awareness and improved digital literacy to reduce vulnerability.

However, scaling such coordination remains challenging in a fragmented regulatory landscape. For this reason, experts highlighted the need for stronger public-private collaboration and cross-sector coordination to operationalise these measures at scale. This includes joint exercises, improved information sharing, interoperable intelligence frameworks that enable rapid, collective response, and clearer mechanisms to define roles and responsibilities during crises.

While global operations such as trade rely on highly interconnected systems, regulation still operates in a multi-local rather than truly global environment. Instead of pursuing full harmonisation, leaders pointed to more pragmatic approaches such as plurilateral agreements and mutual recognition between regulators to enable interoperability across jurisdictions. At the same time, there is growing recognition that regulation must go beyond rule-setting, using incentives, liability frameworks and transparency requirements to advance holistic cybersecurity outcomes at scale.

From reacting to anticipating AI-scale threats

Emerging technologies are accelerating the pace and sophistication of cyber threats. While 77 per cent of organisations are already deploying AI for defence, attackers are using it almost universally, creating a widening asymmetry and enabling more autonomous, scalable attacks. Further intensifying this, advances in quantum computing and agentic AI systems are introducing new attack surfaces and governance challenges that current strategies are not fully equipped to address. Leaders stressed the need for sharper judgement to distinguish real risks from hype and to prioritise “no-regret” actions that strengthen resilience today.

Looking ahead, there was a strong emphasis on embedding security-by-design, integrating safeguards early, ensuring accountability, and maintaining human oversight as technologies move from experimentation to real-world deployment.More broadly, leaders called for multi-horizon strategies that combine near-term risk mitigation with long-term capability building, recognising that reactive approaches are no longer sufficient in an AI-driven threat landscape.

Towards a redefined cybersecurity imperative

Discussions at the Annual Meeting on Cybersecurity 2026 converged on a central message: the longstanding positioning of cybersecurity as a supporting function, which has led to the systematic underpricing of cyber risk, no longer reflects the realities of threats in the intelligence age.

As recognition grows that cybersecurity is a defining condition for economic stability, national security and strategic advantage in the digital age, there is increasing momentum to manage these risks more effectively. While this is an encouraging development, significant gaps remain. At the gathering, cybersecurity was therefore reframed as a domain where collaboration is not only necessary, but powerful.

The next phase of cybersecurity will depend on how effectively leaders can align incentives, quantify risk and build trust across interconnected systems. This will require deeper collaboration between business and government, stronger integration between technology and policy, and a sustained focus on measurable outcomes that keep pace with the speed of change.

The writer is an international security analyst, intelligence data scientist, and anthropologist

----------

The views and opinions expressed in this column are those of the author, and do not necessarily reflect those of this publication