Why cybersecurity needs to be at the core of national security

Gone are the days when cybersecurity was the sole remit of the IT department.

In today’s hyperconnected world, cybersecurity has become a central pillar of resilience, economic stability, sovereignty and national security. The rise of increasingly sophisticated attacks—coupled with mounting geopolitical tensions—demands a fundamental shift in strategy: cybersecurity must be treated as a critical component of both national defense and global stability.

The threats posed by cyberattacks are complex and dynamic. Technologies—particularly generative AI (GenAI)—are developing at a dizzying pace, not just enhancing defensive capabilities but also empowering threat actors with increasingly advanced tools to automate and scale attacks. GenAI enables malicious actors to spread disinformation even faster, tailor phishing and deepfake campaigns, and design adaptive malware that evades traditional defenses.

Meanwhile, defenders face compounding pressures: rising regulatory demands, fragile supply chains, and a persistent skills gap. The global cybersecurity workforce shortage is estimated at 2.8 to 4.8 million unfilled positions, with 70% of organizations reporting that this lack of talent increases their exposure to risk.

The geopolitical backdrop only magnifies the challenges. State-sponsored activity has blurred the line between espionage, sabotage, and hybrid warfare. In Ukraine and other regions, cyberattacks have directly targeted critical infrastructure and vulnerable information systems to disrupt essential services and inflict physical harm. This illustrates how cyber operations can now have kinetic consequences, erode trust in national institutions, and destabilize national security.

Beyond active conflict zones, cyberattacks over the past few months alone illustrate just how disruptive they have become, endangering not only the operations of critical infrastructure, but also public safety. Recent incidents have underscored just how disruptive cyberattacks can be for essential services and economies. A wave of ransomware and denial-of-service attacks has disrupted hospitals, airports, and utilities across several continents – forcing temporary shutdowns, grounding flights, and delaying emergency care. Such events reveal the fragility of systems underpinning everything from transport and healthcare to energy and finance.

One of the areas of greatest concern is the healthcare sector. The World Health Organization warned in July that advances in technology, including cyberattacks, had “redefined the biological threat landscape.” Specifically, cyberattacks could compromise biosecurity by accessing sensitive data or research, undermining laboratory security systems, as well as through theft, sabotage, or espionage.

As digital risks ripple through economies and societies, Chief Information Security Officers are increasingly anxious. According to the Global Cybersecurity Outlook 2025, 72% of leaders say cyber risk has risen in the past year, and nearly 60% report that geopolitical tensions directly influence their cybersecurity strategies. Additionally, one in three CEOs cited cyber espionage and the loss of sensitive information or IP theft as their primary concern, with another 45% worried about disruptions to operations and processes.

The good news is that GenAI is a double-edged sword. While malicious actors have successfully turned it to their advantage, it also equips defenders with powerful tools to detect anomalies in real time, automate responses, and model complex attack scenarios to strengthen resilience. Yet these benefits are unevenly distributed. Large corporations and developed countries can invest in AI-driven defences, while smaller organizations and many public-sector institutions remain constrained by legacy systems and limited talent. This imbalance risks widening the gap in global cybersecurity preparedness.

Some countries are taking ambitious steps to bridge this divide. The United Arab Emirates is setting a compelling example, particularly by recognizing that resilience must not only be technical but also societal, requiring awareness and engagement at every level.

In early 2025, the UAE launched the National Cybersecurity Strategy 2025-2031, organized around governance, protection, innovation, capacity building, and partnerships. In addition, the UAE Cybersecurity Council, with the Tawazun Council and Lockheed Martin, is establishing a Cybersecurity Centre of Excellence to advance local expertise and align with global best practices. The country is even pioneering a Public-Private-People model, integrating cybersecurity into school curricula, conducting nationwide cyber drills, and strengthening collaboration between government and industry.

Reframing cybersecurity as national security requires more than a change in language – it calls for a fundamental rethink of governance, policy, and investment. This means embedding cyber risk oversight at the board level across critical sectors, securing ring-fenced budgets that sustain long-term investment in infrastructure, talent, and innovation, and conducting national red-team and stress-testing exercises to evaluate readiness and systemic interdependencies.

It also demands deeper cross-border intelligence sharing and crisis coordination to prevent localized incidents from escalating into global disruptions. Together, these measures signal a necessary evolution in how nations approach security – one that recognizes digital resilience as inseparable from economic strength and geopolitical stability.

Cybersecurity has entered an era of unprecedented complexity, where traditional defenses are no longer enough. While collective defense is no panacea, it can mitigate the impact of attacks and strengthen global stability. Putting cybersecurity at the heart of national security demands innovation, as well as cooperation between sectors and countries.

The World Economic Forum, through the Centre for Cybersecurity, convenes public and private sector leaders to strengthen trust and develop actionable frameworks. Its Partnership against Cybercrime connects more than 40 organizations to share intelligence and disrupt global cybercriminal networks. Meanwhile, the Cybercrime Atlas, a collaborative intelligence platform, has already mapped thousands of cybercrime operations, helping law enforcement and industry partners dismantle criminal infrastructure.

Cyberspace is now the frontline of national defense and a defining arena of geopolitical competition. Recognizing cybersecurity as national security compels a shift in mindset – from reactive defense to strategic resilience.

Countries that integrate cybersecurity into their national security strategies, institutional governance, and international diplomacy will be best positioned to thrive in the digital era. As the global community gathers for the Annual Meeting on Cybersecurity 2025, one message is clear: geopolitical stability and digital resilience are inseparable – and cooperation is our strongest defense.