Cybersecurity is entering a transformative phase as organizations worldwide are increasingly called upon to not only prevent cyberattacks but also to sustain operations in the face of potential digital system failures, according to insights from the World Economic Forum (WEF). The forum has observed that discussions around cybersecurity have typically focused on technology controls such as firewalls and incident response systems, with significant investments directed toward preventing breaches and enhancing detection capabilities. However, the evolving landscape of cyber threats necessitates a broader organizational response that transcends traditional technical defenses.
In its recent analysis, the WEF emphasizes that modern cyber risks are influenced by persistent threats, growing system complexity, and the rapid adoption of artificial intelligence (AI). These factors have reshaped the assumptions that have historically guided cybersecurity strategies. The forum posits that even organizations with robust protections may face operational disruptions, highlighting the increasing importance of what it terms “cyber resilience.”
Cyber resilience, as defined by the WEF, shifts the focus from merely restoring systems post-attack to how organizations maintain functionality when technology is compromised. This approach prioritizes decision-making, coordination, and operational continuity, encouraging organizations to be prepared for the reality of prolonged disruptions.
This shift is underscored by recent data from Check Point Research, which reported Nigerian organizations suffered the highest number of cyberattacks in Africa as of January 2026, averaging 4,701 weekly attacks per organization. This figure significantly surpasses the global average of 2,090 attacks during the same period. Nigeria’s high attack rate reflects its substantial digital footprint and burgeoning online economy, alongside the escalating vulnerabilities of its public and private sectors. Angola follows with an average of 4,512 attacks per organization per week, despite a 7 percent decline year-on-year. In contrast, Kenya and South Africa recorded 2,172 and 2,145 attacks respectively, with Kenya seeing a 41 percent decrease, while South Africa’s figures represent a 36 percent increase year-on-year.
Globally, the education sector remains the most targeted industry, facing an average of 4,364 weekly attacks per organization, marking a 12 percent increase from the previous year. Government entities and telecommunications sectors follow, with 2,759 and 2,647 attacks per week respectively, both industries experiencing an 8 percent annual uptick as cybercriminals seek to exploit vulnerabilities in connectivity infrastructure and expanding 5G networks.
Regionally, Latin America recorded the highest attack volumes worldwide with an average of 3,110 attacks per organization per week, up 33 percent year-on-year, closely followed by the Asia-Pacific region at 3,087 attacks, which rose by 7 percent. Africa’s average stood at 2,864 attacks, while Europe and North America saw year-on-year increases of 18 percent and 19 percent respectively. Such figures reflect the growing exposure of organizations amid accelerating digital adoption across various sectors, from financial services to cloud-based operations.
The WEF asserts that cybersecurity has traditionally emphasized three primary goals: preventing attacks, mitigating detection timelines, and restoring systems post-compromise. However, the organization warns that severe cyber incidents can extend recovery timelines and complicate operational decisions, necessitating a shift in focus from technical recovery to organizational coordination. Legal, finance, and communication teams must align to interpret regulatory obligations, assess potential liabilities, and manage stakeholder messages, respectively. Misalignment among these functions can escalate incidents into broader business crises, even when technical containment is achieved.
Another pressing issue raised by the WEF is how organizations gauge their cyber preparedness. Many still rely on IT department simulations that concentrate on malware containment and system restoration timelines. While these are necessary, they often overlook the critical question of whether organizations can function during sustained disruptions and if leadership can coordinate effectively under pressure. To bridge this gap, the WEF advocates for structured scenario-based simulations, commonly termed tabletop exercises. Unlike technical drills, these exercises involve executives navigating realistic crisis scenarios where recovery is delayed and operational uncertainty is prevalent.
The report also highlights the additional complexity brought on by rapid AI adoption. While AI enhances defensive capabilities, it simultaneously enables threat actors to automate and scale attacks more effectively. This dual-use nature of AI increases unpredictability, placing greater demands on organizations to prepare for scenarios where preventive measures are thoroughly tested.
As nations like Nigeria undergo rapid digital transformation, the convergence of rising cyber threats and expanding digital infrastructure introduces new operational risks. The reliance on interconnected platforms means disruptions can quickly cascade across services, supply chains, and customer interactions. Industry observers note that this reality is prompting cybersecurity conversations to shift into boardrooms, where cyber incidents are increasingly viewed as business continuity and governance challenges, rather than solely technical issues.
The WEF concludes that while prevention is essential for a robust cybersecurity strategy, cyber resilience ultimately determines whether organizations can maintain stability when their preventive measures are put to the test. Rather than being a one-time initiative, cyber resilience requires continuous evaluation, leadership involvement, and organizational learning. Companies that invest in regular crisis coordination exercises and adapt their response strategies over time are likely to recover more swiftly from disruptions than those relying only on technical defenses. As global cyber threats continue to rise, the report suggests that the defining differentiator for organizations may increasingly hinge on who can operate effectively when attacks succeed.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
