In January the World Economic Forum (WEF) held its annual Davos conference. Leaders from the largest nations and companies on the planet came together. Amongst the themes being discussed, two jumped out – rebuilding trust, and industries in the intelligent age. These are both vital issues to our profession, with improved visibility, communication and trust all critical to reducing risk. Technologies like AI and quantum computing are also gathering momentum at a pace, helping to drive humanity forward, making us faster and more intelligent than ever before. But they also have the potential to turn cybersecurity on its head.
In tandem with the conference, WEF released its Global Cybersecurity Outlook 2025 report. When asked what their greatest security concerns are for the year ahead, global leaders pointed to software supply chain attacks and geopolitical cyber warfare. The two often go hand-in-glove, with many of the most infamous attacks on supply chains – such as Solarwinds, Log4Shell and the Equifax breach – all linked to nation states.
The fact that global business leaders fear software supply chain attacks and cyber warfare should come as no surprise. According to a recent study, instances of software supply chain attacks doubled in 2024. Concurrently, major conflicts in Ukraine and the Middle East – which blend kinetic and cyber warfare – intensified and show no signs of deescalating. There have been multiple instances of Russia targeting Ukraine with cyberattacks over the course of the war. And last year the notorious Russian military unit – Unit 29155 – was accused of targeting Ukraine’s EU and NATO allies with sophisticated attacks.
In response to these heightened threats of supply chain attacks and geopolitical cyber warfare, Governments including the UK’s are taking action. Reclassifying datacentres as critical national infrastructure (CNI) due to the amount of sensitive data they hold was a natural progression: ensuring services that are critical to our economy are protected.
Datacentres can expect to see a boost in cybersecurity protection as a result, but the announcement will also pile more pressure on operators by putting a target on their backs – and requiring much stricter compliance. Protecting datacentres to CNI standard will require a lot more specialist skills, which are in short supply.
So, whilst higher standards of security for datacentres are always welcome, policy for policy’s sake is unlikely to drive progress. The security profession and Government must work together to ensure this well-intentioned strategy actually bears fruit, and the country is able to truly counter advanced threats. As a profession, we need to push the Government for the investment we desperately need. Making cybersecurity an attractive industry for everyone, driving early entry, and education all need a boost in funding.
But increasing the country’s resilience is a two-way street. Our profession also needs to help shape Government policy by coming together and providing knowledge of these threats from on-the-ground experience. Industry-accepted best practices must be instilled, which can only come from deeper collaboration.
For the security profession to unite around a common cause, it’s crucial that people at every level of the supply chain think in a similar way. They have to know each other, trust each other, and develop common frameworks and practices. That will only occur if we see each other as one profession, rather than professionals operating in siloes. By sharing knowledge, skills and experiences, we can effectively protect against supply chain attacks and cyber warfare in the long-term. Professional bodies like CIISec and events such as our annual LIVE conference offer the perfect opportunity for industry peers to gather and collaborate, helping to create a true community.