G20 Summit Cybersecurity Threats: Why the World’s Biggest Event Is a Prime Target

The G20 summit, held this year in Johannesburg on 22–23 November 2025, will attract significant attention from sophisticated cyber threat actors seeking to disrupt operations or steal sensitive information. Their primary goals include accessing confidential diplomatic communications and intercepting data shared among delegates, support staff, and international agencies.

Large international events create wide attack surfaces. The summit’s digital infrastructure offers numerous high-value targets for espionage, disinformation, and coordinated cyberattacks. Communications networks, data centres, accommodation and transport systems are all likely to be targeted.

Why should we care?

Any meeting of the world’s most powerful nations will shape future financial policy. A major cyber-attack can have significant repercussions for financial markets and investors and therefore interest rates, the cost of living, jobs etc. (in an already volatile geopolitical environment). The disruption that accompanies cyber-attacks can often be paired with “fake news” which can exacerbate the situation further, affecting everything from energy policies to global security.

Sensitive information stolen as a result of credential theft can lead to attackers accessing critical infrastructure (a major ongoing target of nation states), which can have a major knock-on effect on both organisations and individuals (for example, a loss of power could lead to manufacturing shutdowns, compromised data integrity, physical safety issues and supply chain disruption).

A Broad Attack Surface

Nearly a decade ago, during the 2016 G20 summit in China, an estimated 133,000 cyber-attacks were recorded in four days, with a further 1.9 million attempts against organisations supporting the event. As cyber threats have grown increasingly sophisticated, the need for coordinated and resilient security measures has also increased.

Given the number and diversity of the countries involved, the G20 presents one of the broadest attack surfaces (the number of potential points which an attacker could use to gain unauthorised access) of any global gathering. Political activists, saboteurs, organised crime groups and terrorists view the summit as an opportunity to push their agendas or target high-profile individuals. Foreign intelligence services also see it as a medium to high-risk environment ideal for espionage, driven by geopolitical competition over economic, political and technological dominance.

Why the Summit Attracts Threat Actors

G20 nations account for around 85% of global GDP and two-thirds of the world’s population, making the summit a prime target for nation states, hacktivists, and financially motivated cybercriminals.

Nation States

For nation state actors, successful attacks help assess other nations’ counterintelligence and crisis response capabilities. The summit provides opportunities to gather intelligence without crossing into overt conflict. This may involve:

a) infiltrating networks before and during the event
b) compromising delegates’ devices
c) observing tools, methods and communication patterns over a prolonged period

Hacktivists

Hacktivists, motivated by themes including global inequality, financial institutions or environmental inaction, seek media attention for social or political causes. Successful attacks on highly visible targets, such as public websites, social media channels or communication platforms, allow them to embarrass governments while avoiding large-scale retaliation.

eCrime Groups

Financially motivated eCrime groups exploit the temporary and often vulnerable digital infrastructure created for large events such as the G20 summit. High-profile attendees are particularly attractive targets, especially when using hastily created registration sites with weaker security controls.

Delegates rely on unfamiliar communication channels and the high volume of emails, schedules and invitations, making them particularly susceptible to social engineering, phishing, credential harvesting and business email compromise. With security teams focused on nation state threats, eCrime groups see opportunities to deploy phishing campaigns, malware and financial fraud.

What can we do?

Organisations with no direct link to the G20 summit have no means of directly affecting the outcome of any cyber-attack against it. However, the measures put in place to prevent such an occurrence can serve as an example to all organisations, no matter the size, these can include:

• Threat Monitoring
• Regular Updates and Patch Management
• Network Segmentation
• Multi Factor Authentication
• Endpoint Security
• physical Security and a culture of Cyber Awareness
• Incident Response

The threats posed to the G20 summit serve as a reminder of the importance of securing your digital estate. Defence against cyber threats relies not only on advanced technology, but also on a strong culture of security and continuous awareness.

At Ekco, we turn these challenges into opportunities for resilience. Our approach combines state-of-the-art tools with expert threat intelligence and practical, employee-focused training, empowering organisations to stay ahead of evolving risks. Partner with us to strengthen your defences and build lasting confidence in your security.