Note: Single-source report; awaiting corroboration.
The global surge in cyberattacks shows the limits of relying solely on technical cybersecurity measures. Notable incidents such as the 2017 NotPetya and WannaCry attacks rapidly spread across countries, causing extensive financial and operational damage. The International Committee of the Red Cross also faced a data breach in 2022 affecting over half a million people worldwide. These events highlight the rising costs of cybercrime, now reaching trillions, along with increased state-linked attacks on civilian and humanitarian targets.
Given the growing scale and sophistication of cyber threats, relying only on technical solutions is no longer sufficient. There is a shift toward cyber resilience—a framework enabling systems and societies to react, adapt, and recover from incidents. However, differing political stances, regulations, and capacities among governments and organizations cause fragmentation in the digital domain, complicating unified responses. This fragmentation increases the risk of cyber infiltration and makes it impossible for any single entity to fully manage international cyber risks alone.
Efforts toward collective cyber resilience are underway at the United Nations. In 2015, the UN General Assembly endorsed voluntary, non-binding norms for responsible state behavior in cyberspace, reaffirming them in 2021. For these norms to be effective, governments need to identify critical infrastructure, designate competent agencies, strengthen cyber capacities, and establish rules for incident reporting and cooperation to better monitor and address cyberattacks.
Governments are also encouraged to join confidence-building initiatives, such as the UN-led Points of Contact directory. This promotes secure, direct communication channels regarding cyber incidents affecting critical infrastructure, helping coordinate effective responses.