In 2023, the Cybersecurity Tech Accord launched the “State of International Cybersecurity Thermometer,” an annual measure to track the progress of escalation (or de-escalation) of conflict online. We asserted in 2023 that the world had reached a metaphorical “boiling point” of cyber warfare and placed our first Thermometer reading at 100 degrees. In 2024, our coalition of technology and cybersecurity companies from across the tech industry assessed that peace and security online has continued to deteriorate, despite some meaningful progress, on balance inching the International Cybersecurity Thermometer one degree higher, to 101 degrees. This determination was largely due to the geopolitical tensions and conflict online that had continued to escalate throughout the year.
In 2025, our assessment is that although the sophistication and impact of nation state cyberattacks has continued to increase, there have been encouraging developments that have helped improve security online and give cause for hope looking forward. For this reason, our assessment is that, on balance the Cybersecurity Thermometer has remained at 101 degrees from last year.
Several recent diplomatic and institutional developments have shown positive signs that governments and international institutions are taking seriously the issue of security in cyberspace, increasingly working together to strengthen deterrence and promote responsible behavior online. We hope that these positive developments will continue and begin to have a meaningful impact on the state of conflict online in the next year.
The State of International Cybersecurity Thermometer aims to provide an objective assessment of the current cyber landscape. It seeks to identify key trends and developments over the past year and outlines measures necessary to enhance stability and security in the digital realm moving forward. As with last year’s evaluation, the major developments considered in making our determination are spread across three categories: i) diplomatic and institutional developments, ii) the scale and nature of conflict online, and iii) technological developments. Each of the major developments included in this year’s evaluation are detailed below, with an indication as to whether they have had a positive, negative, or neutral overall impact on the security landscape.
WHAT THE READING REFLECTS:
100° AND ABOVE: CYBER WARFARE
This “gaseous” state reflects chaotic and dangerous conditions past a boiling point. This suggests the use of cyber operations in the context of an armed conflict that has harmed and/or targeted civilians.
Ex:
- Use of cyber operations in war in violation of international norms and/or law
- Ineffective deterrence
0° – 99°: CYBER CONFLICT
This “liquid” state reflects a degree of cyber conflict short of warfare. It is characterized by a lack of clarity around international expectations online and/or an inability to uphold such expectations.
Ex:
- Reckless cyber activity by nation states
- Regularized abuses by nonstate actors
- limited progress in diplomatic forums
LESS THAN 0°: CYBER STABILITY
This “solid” state reflects stability in international cybersecurity. It requires the existence of a clear rules-based order online with a robust international system to uphold such expectations.
Ex:
- Scarcity of state sponsored cyber operations that violate international norms
- Limited threats posed by other actors
Major indicators and developments in the past year driving this evaluation:
Diplomatic and institutional developments
Counterproductive developments at the United Nations (UN) through adoption of flawed Cybercrime Treaty (negative)
Originally intended to deliver a targeted instrument to counter the growing threat of cybercrime, the UN negotiations on a cybercrime convention produced, after years of negotiations, a broad UN treaty that risks undermining both privacy and security in the digital world. The UN General Assembly adopted the treaty in December 2024, despite concerns from civil society and industry, including the Cybersecurity Tech Accord, that the treaty could be misused by governments to
criminalize a broad range of activities online and lead to grave human rights violations.
Limited progress at United Nations (UN) level on establishing a permanent mechanism for ICT security dialogues (negative)
Discussions at the UN level on the establishment of a future permanent UN mechanism on international security in ITCs (information and communication technologies) have made limited progress. Although the second Open-ended Working Group (OEWG) on ICTs will conclude its proceedings in 2025, and states recognize the need for such a mechanism to be established for dialogues on ICT security to continue, no agreement has been yet reached on the nature, objectives and modalities of this mechanism.
World Governments make progress in curbing the cyber mercenary market (positive)
One year after its launch in February 2024 as a joint initiative by France and the United Kingdom, at the 2nd Pall Mall Conference in April 2025 the two governments announced the formal launch of a new Code of Practice for governments. The Code aims to guide states to mitigate against potential misuse and proliferation of Commercial Cyber Intrusion Capabilities (CCICs). In its proceedings thus far, the Pall Mall Process successfully embraced a multistakeholder approach by acknowledging the importance of public-private partnership, and welcoming industry and civil society input in the development of the Code of Practice for states, which has already been endorsed by 21 states. This is a promising path forward in curbing the cyber mercenary market, although it remains to be seen whether this commitment will translate into action by states, through putting into practice the various important provisions included in the Code.
Tensions in transatlantic relationships threaten progress in cybersecurity cooperation (negative)
The recent tensions in transatlantic relations, marked by, among others, distinct domestic politics and disagreements over security issues, may risk threatening the progress achieved in recent years in enhancing cooperation on cybersecurity, through efforts such as the Cyber Dialogues and the Trade and Technology Council. Any steps back in this cooperation would be detrimental to the stability of the global cyber ecosystem as a whole. Despite current disagreements on other policy areas, transatlantic convergence on cybersecurity should be maintained and proactively fostered, given the transborder nature of cybersecurity, and the international dimension of cybersecurity policies.
Governments and industry take steps to address global cyber skills gap (positive)
Against a backdrop of escalating cyber threats globally, there is growing awareness among governments and businesses that the existing cybersecurity skills gap worldwide is a challenge that must be urgently tackled through a multistakeholder approach. Through collaboration across sectors and between governments, last year has seen progress being made on fostering a skilled cyber workforce capable of addressing evolving threats. At EU level, ENISA, the EU’s cybersecurity agency, published this year the Cybersecurity Education Maturity Assessment report, aiming to develop a maturity assessment model for the evaluation of EU Member States’ cybersecurity education level in primary and secondary schools, and to share recommendations and best practices among countries. It also launched the Cyber Education platform, a tool designed to enhance cyber education across the EU by acting as a central hub for cybersecurity educational resources, tailored for primary and secondary schools in Member States. On the industry side, Cybersecurity Tech Accord signatory Cisco pledged to equip 1.5 million people in the EU with cybersecurity and digital skills by 2030. In the US, the Biden-Harris administration launched the ‘Service for America’ recruitment program to address the 500,000-strong cybersecurity job gap.
International Criminal Court releases draft policy to address cyber-enabled war crimes (positive)
Following the announcement in 2023 by the Prosecutor of the International Criminal Court (ICC) announced that his office would expand its jurisdiction to include investigations of cyber-enabled war crimes, the ICC launched in spring 2025 a draft Policy on cyber-enabled crimes, which is currently open for public consultation. This welcome development shows alignment with the new realities of modern warfare, where cyber operations are intrinsic to conflicts, and can cause serious harm to civilians. The Policy deals with crimes within the jurisdiction of the ICC, which are criminalized directly under international law, and does not address ordinary cybercrime, which is dealt with by domestic law. Once published, the Policy will guide the future work of the ICC on crimes under the Rome Statute committed or facilitated by cyber means.
Scale and nature of conflict online
Evolution of cyber warfare (negative)
The ever-intensifying use of cyber operations has demonstrated the effectiveness and efficiency of hybrid warfare, profoundly reshaping how wars are conducted in today’s interconnected world. As the lines between state and non-state actors continue to blur —fueled by increasing collaboration between hacking or hacktivist groups and government-affiliated entities — cyberattacks on critical infrastructure have become more frequent and disruptive.
Technological developments
Law enforcement makes progress in the fight against cybercrime (positive)
The beginning of 2024 witnessed law enforcement agencies worldwide successfully launch major operations disrupting cybercrime, compromising platforms used by cybercrime groups to carry out phishing attacks and deploy ransomware. During “Operation Cronos”, law enforcement authorities from 10 countries disrupted the criminal operation of the notorious LockBit ransomware group at every level, severely damaging their capability. LockBit uses a ransomware-as-a-service (RaaS) model and consistently conceived new ways to stay ahead of its competitors. Its double extortion methods added more pressure to victims, raising the stakes of their campaigns. One of its notable tactics was the creation and use of the malware StealBit, which automates data exfiltration. According to a detailed analysis by Cybersecurity Tech Accord signatory TrendMicro, thanks to the efforts of law enforcement, LockBit’s operations were seriously hampered, its reputation in the cybercrime world was tarnished, and several affiliates’ identities were disclosed. In an encouraging sign for the global fight against cybercrime, Operation Cronos also involved asset freezes and travel bans issued against the ransomware group’s administrator and developer, who currently has a 26-count indictment against him in the US.
The post International Cybersecurity Thermometer remains superheated in 2025 appeared first on Cybersecurity Tech Accord.