13. Cyber and digital threats

The cyber domain is constantly evolving and so too is its impact on broader geo-politics. It was a pivotal year for cyber and digital governance, with several multi-lateral diplomatic processes culmin-ating in the adoption of new instruments and frameworks. Other governance efforts focused on addressing specific cyber threats or improving regional cooperation.

Cyber trends

Cyber threats evolved across multiple fronts and in diverse ways during 2024. Conflict zones in Israel–Gaza, Sudan and Ukraine, for example, witnessed cyber operations in varying forms, ranging from attacks on critical infrastructure to influence campaigns. Ransomware incidents escalated globally, with health-care systems targeted. Unprecedented 
rates of cybercrime scam operations emerged from ‘scam compounds’ in the Indo-Pacific region. Major espionage campaigns exposed critical vulnerabilities in telecommunications and government networks, while multiple incidents involving damage to undersea cables highlighted the fragility of global connectivity. The year’s numerous elections faced wide-spread interference through distributed denial of service (DDoS) attacks and influence operations. Artificial intelligence technologies transformed the cyber-security landscape, enhancing both offensive and defensive capabilities, and became a focus of policy and governance efforts.

Cyber governance

Cyber governance continued to evolve and exist through a patchwork of initiatives implemented at multiple levels and involving multiple actors. The year witnessed significant developments in United Nations-led efforts with the adoption of the UN Convention Against Cybercrime and the UN Pact for the Future with its annexed Global Digital Compact. The open-ended working group (OEWG) on information and communication technologies produced a third consensus report but fundamental divisions persist between states advocating for new legally binding agreements and those emphasizing implementation of existing law and norms. These differences are likely to affect decisions about the future of UN cyber-security governance in 2025, when the OEWG’s mandate expires.

Beyond formal institutional frameworks, regional or like-minded coalitions have emerged to address specific challenges and contexts. The Pall Mall Process was launched in 2024 with a focus on commercial cyber intrusion tools, while the International Counter Ransomware Initiative expanded its membership during the year.