Target-rich, cyber-poor: How to strengthen cybersecurity and build resilience in vulnerable sectors

In June 2025, cyberattacks on two hospitals in north Delhi severely disrupted access to digital patient records, forcing staff to activate manual systems for patient care to maintain services during the incident.

In September that same year, a ransomware attack on UK-based early childhood education provider Kido International exposed sensitive data of around 8,000 children and staff, including names and photographs.

Both breaches triggered national cybersecurity warnings and led to the arrests of the perpetrators, underscoring the real-world risks cyberattacks pose to vulnerable communities.

The World Economic Forum’s Global Cybersecurity Outlook 2025 highlighted that the growing complexity of cyberspace is exacerbating cyber inequity, widening the gap between sectors.

The latest report – Global Cybersecurity Outlook 2026 – showed that the gap continued to grow, with a lack of cybersecurity expertise ranking as the second-most significant challenge driving cyber inequity and 51% of non-governmental organizations (NGOs) reported lacking resources.

Cyberattacks increasingly target cyber-vulnerable sectors such as healthcare, education and NGOs. Attackers exploit urgency and moral pressure, knowing these sectors cannot afford downtime, enabling ransomware, phishing, and data extortion to thrive due to a lack of financial, technical and institutional capacity to build baseline cybersecurity and resilience.

The impact of those cyberattacks goes beyond information technology (IT) systems. Attacks disrupt critical services, undermine public safety and erode trust. As digitalization deepens, these sectors remain under-resourced and understaffed in cybersecurity, while the gap deepens and the threat grows.

So, how can vulnerable sectors build cybersecurity and resilience amid growing cyber inequity?

In 2024, the FBI reported more overall cyber incidents within healthcare than any other critical infrastructure sector. In 2025, 92% of healthcare organizations experienced at least one cyberattack, according to a Ponemon Healthcare Cybersecurity Report and the average global cost of a healthcare data breach reached $7.42 million in 2025.

The healthcare sector relies on digital systems for key services, including life support, patient records and medical equipment, creating multiple entry points for cyberattacks.

Many devices are insecurely connected to the internet, making them susceptible to remote compromise.

A recent industry analysis quantified over 2.25 million internet of medical things (IoMT) devices across healthcare organizations and 96% of these institutions had devices with known exploited vulnerabilities, including imaging systems, monitoring devices, surgical tools and hospital information systems.

To address the lack of cybersecurity expertise, some initiatives provide free cybersecurity support to healthcare institutions for their defence. Google’s Mandiant offers no-cost incident response retainers to eligible rural hospitals in the United States as part of the Google Initiatives for Rural Health.

Similarly, the CyberPeace Institute’s Cyber4Healthcare programme offers pro bono incident response, recovery support and threat analysis to hospitals worldwide, prioritizing those most at risk and least resourced.

The Berkeley Research Group–affiliated clinics and academic medical centres are advancing cybersecurity through research, clinical partnerships and the adoption of best practices to secure connected medical devices and patient data.

Artificial intelligence (AI) driven anomaly detection can help identify suspicious access, potential data exposures and unsafe system configurations early, helping prevent minor issues from escalating into serious security incidents.

In education, schools and universities often have open digital environments and legacy, decentralized IT structures. Under-resourced cybersecurity teams manage large volumes of sensitive data across a constantly changing user base with uneven cyber awareness, while relying on cloud platforms and Bring Your Own Device, significantly expanding the attack surface.

Disruptions can halt classes, delay exams, and damage institutional reputation, making education a prime target for ransomware and data theft, with attackers exploiting weak defences and the urgency to restore operations.

A method used by threat actors is to embed QR codes as a disguised phishing vector in emails, financial aid forms and other official communications.

To build resilience, security teams at schools and universities are leveraging AI to close resource gaps and continuously monitor digital learning environments, student data systems and connected devices at scale.

After an extensive cybersecurity incident Oregon State University faced in 2021, the university created its own Teaching Security Operations Center. The centre uses AI tools to automate capabilities and rapidly onboard student analysts, extend monitoring coverage and strengthen incident response.

This example demonstrates how AI can amplify limited cybersecurity capacity while building future workforce skills.

Microsoft has also launched role-based cybersecurity training for school leaders, educators, students, parents and IT professionals. This initiative is aligned with recommendations from the US Cybersecurity and Infrastructure Security Agency, helping education communities build awareness and defend against threats across the whole ecosystem

Cyber hygiene also plays a critical role in protecting vulnerable sectors and populations. Older adults face disproportionately high risks of online scams, phishing, identity theft and financial fraud and targeted education initiatives can significantly improve digital confidence and resilience.

The Then & Now: Stay Safe Online workbook, developed by the National Cybersecurity Alliance, is a practical, tailored programme designed to help older adults recognize online threats and protect themselves.

NGOs often operate in high-risk, politically sensitive environments while handling large volumes of sensitive personal, financial and operational data. Limited cybersecurity budgets, reliance on third-party tools and highly distributed networks make them attractive targets for cybercriminals and state-linked actors.

Successful attacks can expose beneficiaries and staff to serious safety, privacy and operational risks, disrupt humanitarian operations and undermine trust in critical services.

A growing ecosystem of initiatives is working to close this cybersecurity gap by pooling expertise, technology and resources. NetHope supports humanitarian and development organizations through shared cybersecurity services, threat intelligence and capacity-building, helping protect sensitive beneficiary data in high-risk contexts.

The CyberPeace Institute’s Humanitarian Cybersecurity Center provides pro bono incident response, forensic analysis and recovery support to NGOs and public institutions, enabling rapid restoration of operations while strengthening long-term cybersecurity and resilience through lessons learned.

Private-sector partnerships are also contributing; for example, Lenovo’s AI for Social Impact Lab, launched with the non-profit Tech To The Rescue, provides selected NGOs with AI tools, training and expert guidance to build digital capabilities, innovation and operational resilience.

Complementing these efforts, the NGO Information Sharing and Analysis Center offers a trusted peer community where nonprofits can share threat information, access tailored resources and collectively improve cyber defences.

Strengthening cybersecurity and resilience in vulnerable sectors requires collective action that goes beyond technology alone. Across healthcare, education and civil society, persistent gaps in funding, skills and capacity demand integrated approaches that align people, processes and technology to protect essential services.

In this context, AI can play an important enabling role in cybersecurity. When responsibly applied to prevention, detection, response and workforce development, it can help overstretched teams scale their capabilities and keep pace with evolving threats.

Yet as cyber inequity widens, many low-resource organizations still lack access to the tools, talent and shared services they need.

Closing this gap will require a shared commitment from governments, technology providers, large institutions and civil society to treat cybersecurity as a foundational public good and ensure that the benefits of AI-enabled defence reach the most vulnerable sectors.

Read more about the World Economic Forum’s AI and Cyber: Empowering Defenders initiative.