I. Introduction
II. Cyber trends in 2025
III. Global developments in cyber governance
IV. Conclusions
The cyber domain and its impact on geopolitics is constantly evolving. The divide between the cyber activities of national governments and criminal actors continues to blur. Cyber operations are present in multiple conflicts alongside kinetic military action. Ransomware activities are affecting public and private data, critical infrastructure and politics on an unprecedented scale. AI has become the defining variable in cybersecurity, empowering adversaries to discover vulnerabilities, launch attacks and evade detection, while simultaneously providing defenders with new capacity to monitor networks, identify anomalies and respond.
Against this backdrop, multiple ongoing diplomatic processes aim to create new governance instruments and frameworks, enhance regional cooperation or address specific cyber threats.
In a time of accelerating technological change and geopolitical volatility, developments in cyber capabilities in 2025 were both a catalyst for progress and a source of vulnerability. Cyber operations continued to evolve as an integral component of modern conflict over the year. Notable examples included Russia and Ukraine engaging in widespread and persistent cyber operations; India and Pakistan overtly integrating cyber operations into armed conflict for the first time when an unusually severe military crisis erupted in May 2025; and Iran and Israel employing coordinated digital retaliation during their confrontation.
Beyond active conflict zones, sophisticated espionage campaigns in 2025 demonstrated how adversaries may be pre-positioning for potential future conflicts while harvesting sensitive intelligence. Cybercrime also continued to evolve in both scale and sophistication, with ransomware and other attacks exploiting supply chains and causing growing economic damage, alongside the rapid emergence of professional scam operations.
It was also a pivotal year for global cyber governance. A United Nations open-ended working group concluded its mandate and established a new permanent Global Mechanism for responsible state behaviour in cyberspace, although persistent divisions over the pertinence of international law in this field remained unresolved. There was also continued momentum in initiatives addressing cyber intrusion capabilities and ransomware. In addition, the UN Convention against Cybercrime opened for signature in October 2025 amid ongoing debates about balancing security with human rights.
Another notable trend in 2025 was that more states began making public attribution statements naming the alleged perpetrators of cyberattacks. States and regional organizations are also increasingly publishing interpretations of how international law applies to their conduct in cyberspace—to foster a more stable, secure and predictable cyber environment. Colombia, South Korea and Thailand published national positions in 2025, bringing the number to have done so to 35 states, along with the African Union and the European Union, which have published their own positions.