Cyberattacks in recent years have demonstrated how breaches in seemingly small systems can escalate into global crises. The 2017 hack of Ukrainian software company M.E.Doc led to the NotPetya attack, which caused over $10 billion in damages worldwide. That same year, the WannaCry ransomware crippled the UK’s National Health Service before spreading to more than 150 countries. In 2022, the International Committee of the Red Cross was targeted, exposing sensitive data of over half a million people. These incidents highlight the trillions of dollars in costs and the growing threat of state-linked attacks on civilian and humanitarian infrastructure.
The scale and sophistication of these challenges show that narrow technical fixes are insufficient. A collective response is needed, shifting focus from cybersecurity to cyber resilience — the ability of systems and societies to react, adapt, and recover from attacks. Yet fragmentation in the digital domain, driven by rapid technological change and differing political and regulatory approaches, makes infiltration more likely and complicates global cooperation. No single government, company, or body can manage these risks alone.
Foundations for collective action are already in place at the UN. In 2015, the General Assembly endorsed 11 voluntary norms of responsible state behavior in cyberspace, reaffirmed in 2021. To make these norms effective, governments must define critical infrastructure, assign responsibility to competent agencies, build cyber capacity, and establish rules for incident reporting and cooperation. Confidence-building measures, such as the UN Points of Contact directory, provide secure communication channels to de-escalate tensions and coordinate responses.
Effective cooperation also requires treating industry, civil society, and academia as operational partners. Initiatives like the Cybersecurity Tech Accord, the Paris Call, the Internet Governance Forum, and the World Economic Forum’s Centre for Cybersecurity demonstrate inclusive approaches. Platforms such as the UN’s Cyber Stability Conference and the upcoming Global Mechanism on Information and Communications Technology aim to strengthen confidence-building and capacity-building efforts.
Ultimately, only concrete, cooperative, and collective action can build true cyber resilience. Protecting digital infrastructure is not just about safeguarding systems but about securing the foundations of modern life and the future of humanity.
